- processes shall be small, and start instantly
- always communicate via message bus (Redis, RabbitMQ)
- this is intended to avoid blocking IO like a slow HTTP request
- each process shall log to stdout
- it's not the responsibility of the app to route logs
- a process shall not maintain state
- avoid in-memory session ids, socket connections, etc
- unrecoverable errors shall exit process immediately
- this is acceptable because of #1
- configuration controls behavior
- reduce frivolous code changes
- deployment artifacts are archived into a binary copy
- intended for easy rollback
- Release Versioning:
npm version patch|minor|major
node uses semver and so should we. - Use Node Version Mgmt:
.nvmrc
file. - ENV vars:
.env
file (see: dotenv) - Dependency locking:
npm shrinkwrap
or a package-lock.json (so we don't have to commit ./NODE_MODULES) - Logging - use stdout (via winston/bunyan)
- Code style: ESLint, using "semistandard" or "airbnb" configs.
- Security scan dependencies: like Snyk
- Clustering via Throng or PM2
- Standard.js (http://standardjs.com/)
- LTS schedule: (https://github.com/nodejs/LTS)
- Node support (http://node.green)
- 10 things to avoid in production (https://hashnode.com/post/10-things-you-shouldnt-do-while-running-nodejs-in-production-cisab2fyu0s9oth5341faywcw)
- Node.js Production Checklist (https://blog.risingstack.com/node-js-production-checklist/)
- Node Hero - Node.js Security Tutorial (https://blog.risingstack.com/node-hero-node-js-security-tutorial/)
- Enterprising Node.js (http://hanselminutes.com/489/enterprising-nodejs-with-nodesources-vp-of-engineering-kevin-stewart)
.npmrc
files for npm configuration (e.g., version prefix)- How to get logging right: https://blog.risingstack.com/node-js-logging-tutorial/