|
| 1 | +# Web Framework |
| 2 | + |
| 3 | +## Recommended Components |
| 4 | + |
| 5 | +* Express - https://expressjs.com/ |
| 6 | + With 10 million downloads a month, Express is the most popular backend Node.js web framework. |
| 7 | + By comparison all of the competitors together have 500k-1m downloads and many of those use Express under the covers. |
| 8 | + It provides a fast, opinionated, minimalist web framework on top of Node.js |
| 9 | + |
| 10 | +## Guidance |
| 11 | + |
| 12 | +Express - https://expressjs.com/ is the recommended general web framework for Node.js based on it's broad use, shallow dependency tree and the available resources for getting started. |
| 13 | + |
| 14 | +When deploying Express we have the following additional recommendations: |
| 15 | + |
| 16 | +* Use the latest version of the 4.x release line. This version is currently the most suitable for production use. |
| 17 | + We recommend using ~4.x.y (where x.y reflects the version you start at) in your package.json so that you get patch |
| 18 | + version updates as you update your application in development. We recommend planned periodic reviews |
| 19 | + to decide when to update to new minor versions. |
| 20 | + |
| 21 | +* Use different ports for different concerns when possible. |
| 22 | + An application can provide additional endpoints for metrics collection or other concerns. It is recommended that |
| 23 | + the main port (for example 3000 or 8080) be reserved for business logic and an admin |
| 24 | + port be used for supporting endpoints. This helps to separate out requests to business logic and makes it easier to collect |
| 25 | + data specific to requests to the business logic. |
| 26 | + |
| 27 | +* Use an environment variable to define the port for the business logic and for the admin port. |
| 28 | + We recommend you use `PORT` and `ADMIN_PORT` as the names. We also recommend that the default ports be `8080` (business) and `9080` (admin). |
| 29 | + |
| 30 | +* Include a liveness and readiness endpoint even if not deploying initially to kubernetes. These endpoints are useful in environments |
| 31 | + other than kubernetes for problem determination and monitoring. See the section on "Health Checks" for more information. |
| 32 | + |
| 33 | +* Define global middleware before routes. Not doing so is a common mistake that can result in middleware not running when expected. |
| 34 | + |
| 35 | +* Use Helmet (https://www.npmjs.com/package/helmet) to set HTTP headers for a basic level of protection from some common attacks. |
| 36 | + |
| 37 | +* Make testable for application testable by: |
| 38 | + * Breaking out logic into smaller components and routes |
| 39 | + * Define a "test" entry in the "scripts" section of the package.json for your applications which runs the units tests. |
| 40 | + |
| 41 | +* See the sections on Logging and Authentication for further recommendations |
| 42 | + |
0 commit comments