Skip to content

Tips

Handy tips always at your fingertips

A collection of 123 tips that come in real handy when you need them. Originally posted as tweets on my Twitter account, and now gathered here so you can browse them easily.

Protect Against Parameter Pollution in Express

💡 HTTP Parameter Pollution (HPP) is an attack in which multiple params are sent with the same name, causing your Node.js app to parse them differently.

👉🏼 Use hpp with Express to always resolve with the last value as a String.

https://www.npmjs.com/package/hpp

Without HPP Protection, parameter type changes from string to array on multiple values. The hpp package for Express protects always resolves to the last value and thus type will always be the same. Read tip

Nginx Configuration for Websocket Applications

💡 Using Nginx as a reverse proxy for your Node.js websocket app?

👉🏼 Add the following config lines to Nginx to make it all work smoothly.

To have Nginx work smoothly with Websocket apps, use proxy_http_version 1.1 and set the following headers with proxy_set_header: Upgrade $http_upgrade, Connection $http_connection, Host $host. Read tip

Automatic Restart on System Reboot With PM2

💡 Using PM2 with Node.js?

👉🏼 Your app won't start automatically when the system reboots unless you configure PM2 to run as a daemon service:

1. ➡️ pm2 startup
2. Run the command printed out
3. Start your Node.js app(s)
4. ➡️ pm2 save

https://pm2.keymetrics.io/docs/usage/startup/

Read tip

Quickly Navigate to Folder in Shell

💡 Are you often navigating to the same folders in the terminal?

👉🏼 Add the folders as variables in your source file and type:

➡️ cd $myproject

instead of:

➡️ cd /Users/maxim/Code/myproject

Enable using variables with cd in Z Shell with: setopt cdablevars and in Bash with: shopt -s cdable_vars. Then run export yourapp="path/to/yourapp" after which you can use cd $yourapp. Read tip

Check If Port Is Open to Public

💡 Want to check if a port is open for the public and not blocked by the firewall?

Which command was it again — ss, netstat, lsof or nmap? 🤔

👉🏼 Stop Googling and go to https://www.canyouseeme.org/ . An open port check tool right on the web.

Read tip

Use Native Promises With Node.js fs Module

💡 Have you been promisifying the fs module in Node.js all this time like I did?

👉🏼 Not anymore! Node.js >= 10 ships with a native promise implementation of the fs module. #latetotheparty 😅

➡️ require('fs/promises')

Use the built-in promisified version of fs module in Node.js by importing fs/promises. Read tip

Relinquish Process Privileges in Node.js

💡 Running Node.js as root so you can bind to ports 80/443?

👉🏼 You can relinquish privileges with "process.setuid()" & "process.setguid()" to reduce the damage potential in case of a breach. Do this right after the app starts.

Inside the callback function for server.listen, change process user with process.setuid('nodejs') and process.setguid('nodejs') to relinquish privileges and reduce damage potential in case of a breach. Read tip

Measure Execution Time With console.time

💡 Need to find out how long a section of code or external request takes to complete?

👉🏼 A way to quickly measure this is to use console.time & console.timeEnd.

To start the timer, use console.time('fetch'). console.timeEnd('fetch') ends the timer and outputs the time in milliseconds. Read tip