The worst your code maintenance is, the most you will cry!

Write code is easy for most engineers, write quality code is another story.

Some of us used to think that once the code has been finished our job has done.

But most issues are not related to the business logic but the quality and the security. As a result, perform a code change sometimes becomes a painful task.

These tools used in my day to day, make the life of my future self easier.

I will assume that your project already implements:

Clean Architecture

Basically, we need to create decoupled components that will generate resilient code, where each entity could be modified, integrated, refactored, replaced, or tested independently without side-effects.

Clean architecture approach

Testing

The code you write, the code you test.

Unit testing

Verify that your components work as you expect with modular test cases. For JS, Jest is the most popular testing framework.

Integration testing

Do your components as a whole work as you expect?
This testing type helps us to verify the integration of multiple components at a high-level.

If you are developing a REST application, you can test the HTTP requests with the supertest module.

Let’s get our hands dirty!

Static Analysis Code

Or how to check your code quality without running it.

Linter

Linter is a tool that identifies common patterns in the JS code. This will help to write consistent styled-code preventing bad practices or bugs.

Prettier

Prettier is another option to write styled and formatted code, save the file, and Prettier will make the magic.

SonarQube

SonarQube analyzes code and identifies issues related to reliability, security, and maintainability. Reduce existing tech debt, identify issues easily, get code coverage, find duplicate statements, and improve code quality.

SonarCloud

A SaaS Sonar, you can find a related article written by myself here.

SonarLint

SonarLint s a free IDE extension to detect code quality and code security issues on the fly.

Dependencies

Dependencies are always being updated, these updates could implement new features or patches, track this manually could be a time-consuming task but you could make it easy with these tools.

Sonatype

Sonatype is an IDE extension that scans dependencies to identify vulnerabilities, providing the context help to clarify the risk to be mitigated.

If you want to use the OSS index from CLI, you can use the AuditJS module.

// Install globally
npm install -g auditjs
// Check the dependencies (using the ossi catalog) in yor project's path
auditjs ossi

Dependabot

Dependabot is an automated dependency update tool that could be integrated into your repository to perform periodical checks, this will create PRs to update those dependencies (if possible) when a vulnerability is present.

npm audit

Perform a security audit of your dependencies.

npm audit
// The param --audit-level always prints the same output
// If you want to get only the High vulnerabilites can execute:
npm audit | grep -B 1 -A 10 High

npm outdated

Provides a list of the installed versions compared with the latest ones installed in your project.

npm outdated

npm update

Update all dependencies in your project to the latest version. Be careful with this or your application could break.

npm-check

Is an open-source tool that traces dependencies, useful to check new versions, unused, and incorrect dependencies.

// Install globally
npm install -g npm-check
// Check the dependencies in yor project's path
npm-check

npm-check-updates

It’s another open-source tool to handle dependencies version, the dependencies will be shown based on the following rules:

• Red: Major upgrade and major versions
• Cyan: Minor upgrade
• Green: Patch upgrade

// Install globally
npm install -g npm-check-updates
// Check the dependencies in yor project's path
ncu

depcheck

It’s another tool for analyzing dependencies in your package.json, the output will be the useless or the missing dependencies.

// Install globally
pm install -g depcheck
// Check the dependencies in yor project's path
depcheck

npm list

Dependabot sometimes identifies issues related to some modules’ dependencies, for this case you need to analyze the original module that could be related to that vulnerability, for this, the npm list command is very useful.
The output will be the dependency tree related to the one being analyzed.

npm list <dependecy-name>

NPM Scripts

Automate commands never was so easy!

Customs scripts to automate repetitive tasks, you can add a lot as you need in your package.json

Husky

Or how to use Git hooks to avoid non-desired code.

Husky will help us to set actions for the pre-commit and pre-push hooks.

We can prevent unsuccessful jobs (that could be also set in the pipeline) by executing them locally.

I usually set some actions through npm scripts before pushing code to my repository with something like this:

"husky": {
  "hooks": {
    "pre-push": "npm run lint && npm run test:unit" && npm run    test:integration"
  }
}

Pre-push hook

Pipelines

The continuous delivery magic!

Pipelines are a set of queued processes executed linearly or parallelly defined in a CI/CD workflow.

If we want to integrate all of them, it would be something like this:

A basic example for the integration of the tools in a pipeline

There are a lot of open-source and paid tools that make your code better and your life easier! 😃