The Complete Developer’s Guide to Clean, Production-Ready Code
A comprehensive, opinionated guide for writing maintainable, secure, and scalable software across all domains
Download PDF
Table of Contents
- Project Architecture & Folder Structure
- Code Style & Naming Conventions
- Technology-Specific Patterns & Best Practices
- Testing Standards
- Security Guidelines
- Documentation & Developer Experience
- Version Control & Git Workflow
- Tooling & Automation
- Dependency & Package Management
- Monitoring, Observability & Logs
- Production Readiness Checklist
- Collaboration, Review, and Mentorship
- Career-Agnostic Add-Ons
📦 1. Project Architecture & Folder Structure
Universal Principles
- Consistency: Follow the same patterns across your entire codebase
- Clarity: Structure should be self-documenting
- Scalability: Organization should work for both small and large projects
- Separation of Concerns: Group related functionality together
Language & Framework-Specific Structures
Web Frontend (React/Next.js)
src/
├── components/ # Reusable UI components
│ ├── ui/ # Basic UI primitives (Button, Input, etc.)
│ ├── forms/ # Form-specific components
│ └── layout/ # Layout components (Header, Sidebar)
├── pages/ # Route components (Next.js) or views
├── hooks/ # Custom React hooks
├── contexts/ # React context providers
├── services/ # API calls and business logic
├── utils/ # Pure utility functions
├── types/ # TypeScript type definitions
├── constants/ # App-wide constants
├── assets/ # Static assets (images, fonts)
└── styles/ # CSS/SCSS files
Backend (Node.js/Express)
src/
├── controllers/ # Route handlers
├── services/ # Business logic layer
├── repositories/ # Data access layer
├── models/ # Data models/schemas
├── middleware/ # Express middleware
├── routes/ # Route definitions
├── config/ # Configuration files
├── utils/ # Utility functions
├── types/ # TypeScript types
├── validations/ # Input validation schemas
└── __tests__/ # Test files
Python Backend (Django/Flask)
project/
├── apps/ # Django apps or Flask blueprints
│ ├── users/
│ ├── products/
│ └── orders/
├── core/ # Shared functionality
├── config/ # Settings and configuration
├── utils/ # Utility functions
├── tests/ # Test files
├── requirements/ # Dependency files
└── docs/ # Documentation
Mobile (Flutter)
lib/
├── features/ # Feature-based organization
│ ├── auth/
│ ├── home/
│ └── profile/
├── shared/ # Shared across features
│ ├── widgets/ # Reusable widgets
│ ├── services/ # API services
│ ├── models/ # Data models
│ └── utils/ # Utility functions
├── core/ # App core (themes, constants)
└── main.dart # App entry point
Data Science/ML
project/
├── data/ # Raw and processed data
│ ├── raw/
│ ├── processed/
│ └── external/
├── notebooks/ # Jupyter notebooks
├── src/ # Source code
│ ├── data/ # Data processing
│ ├── features/ # Feature engineering
│ ├── models/ # ML models
│ └── visualization/ # Plotting functions
├── models/ # Trained model artifacts
├── reports/ # Generated reports
└── requirements.txt # Dependencies
Monorepo vs Polyrepo Decision Matrix
Choose Monorepo when:
- Shared code between projects
- Coordinated releases
- Small to medium team
- Consistent tooling needed
Choose Polyrepo when:
- Independent release cycles
- Different tech stacks
- Large, distributed teams
- Clear service boundaries
Naming Best Practices
Files & Folders
- Use kebab-case for files:
user-profile.component.ts - Use camelCase for folders containing code:
userProfile/ - Use lowercase for config folders:
config/,docs/ - Be descriptive but concise:
AuthenticationServicenotAS
✨ 2. Code Style & Naming Conventions
Universal Rules
- Consistency over personal preference
- Clarity over cleverness
- Use English throughout
- Avoid abbreviations unless universally understood
Variable & Function Naming
JavaScript/TypeScript
// Variables & functions: camelCase
const userCount = 42;
const isAuthenticated = true;
function calculateTotalPrice(items: Item[]): number { }
// Constants: SCREAMING_SNAKE_CASE
const MAX_RETRY_ATTEMPTS = 3;
const API_BASE_URL = 'https://api.example.com';
// Classes & Interfaces: PascalCase
class UserService { }
interface ApiResponse { }
// Private members: prefix with underscore
class MyClass {
private _internalState = 0;
}
Python
# Variables & functions: snake_case
user_count = 42
is_authenticated = True
def calculate_total_price(items: List[Item]) -> float:
pass
# Constants: SCREAMING_SNAKE_CASE
MAX_RETRY_ATTEMPTS = 3
API_BASE_URL = "https://api.example.com"
# Classes: PascalCase
class UserService:
pass
# Private/protected: prefix with underscore
class MyClass:
def __init__(self):
self._internal_state = 0
self.__private_var = "secret"
API Naming Conventions
REST APIs
GET /api/v1/users # List users
GET /api/v1/users/{id} # Get specific user
POST /api/v1/users # Create user
PUT /api/v1/users/{id} # Update user (full)
PATCH /api/v1/users/{id} # Update user (partial)
DELETE /api/v1/users/{id} # Delete user
# Nested resources
GET /api/v1/users/{id}/posts # Get user's posts
POST /api/v1/users/{id}/posts # Create post for user
GraphQL
type Query {
user(id: ID!): User
users(first: Int, after: String): UserConnection
}
type Mutation {
createUser(input: CreateUserInput!): CreateUserPayload
updateUser(id: ID!, input: UpdateUserInput!): UpdateUserPayload
}
Event & Handler Naming
// Event handlers: on + PascalCase + Action
onButtonClick()
onUserLogin()
onDataFetch()
// Events: past tense
userLoggedIn
dataFetched
orderCreated
// Boolean variables: is/has/can/should + descriptive
isLoading
hasPermission
canEdit
shouldRetry
🛠️ 3. Technology-Specific Patterns & Best Practices
React Patterns
Component Organization
// Smart/Container Component
const UserListContainer: React.FC = () => {
const [users, setUsers] = useState<User[]>([]);
const [loading, setLoading] = useState(false);
useEffect(() => {
fetchUsers().then(setUsers);
}, []);
return <UserList users={users} loading={loading} />;
};
// Dumb/Presentational Component
interface UserListProps {
users: User[];
loading: boolean;
}
const UserList: React.FC<UserListProps> = ({ users, loading }) => {
if (loading) return <LoadingSpinner />;
return (
<ul>
{users.map(user => (
<UserListItem key={user.id} user={user} />
))}
</ul>
);
};
Custom Hooks Pattern
// Custom hook for data fetching
function useUsers() {
const [data, setData] = useState<User[]>([]);
const [loading, setLoading] = useState(false);
const [error, setError] = useState<string | null>(null);
const fetchUsers = useCallback(async () => {
setLoading(true);
setError(null);
try {
const users = await api.getUsers();
setData(users);
} catch (err) {
setError(err instanceof Error ? err.message : 'Unknown error');
} finally {
setLoading(false);
}
}, []);
useEffect(() => {
fetchUsers();
}, [fetchUsers]);
return { data, loading, error, refetch: fetchUsers };
}
Backend Architecture Patterns
Controller-Service-Repository Pattern
// Controller Layer (HTTP handling)
@Controller('/users')
export class UserController {
constructor(private userService: UserService) {}
@Get()
async getUsers(@Query() query: GetUsersQuery): Promise<User[]> {
return this.userService.findUsers(query);
}
@Post()
async createUser(@Body() userData: CreateUserDto): Promise<User> {
return this.userService.createUser(userData);
}
}
// Service Layer (Business Logic)
@Injectable()
export class UserService {
constructor(private userRepository: UserRepository) {}
async findUsers(query: GetUsersQuery): Promise<User[]> {
// Business logic here
return this.userRepository.findMany(query);
}
async createUser(userData: CreateUserDto): Promise<User> {
// Validation, business rules
const hashedPassword = await bcrypt.hash(userData.password, 10);
return this.userRepository.create({
...userData,
password: hashedPassword
});
}
}
// Repository Layer (Data Access)
@Injectable()
export class UserRepository {
constructor(private db: Database) {}
async findMany(query: GetUsersQuery): Promise<User[]> {
return this.db.user.findMany({
where: query.filters,
skip: query.offset,
take: query.limit
});
}
async create(userData: CreateUserData): Promise<User> {
return this.db.user.create({ data: userData });
}
}
Clean Architecture Principles
Dependency Inversion
// Bad: High-level module depends on low-level module
class OrderService {
private emailService = new EmailService(); // Direct dependency
async processOrder(order: Order) {
// Process order...
await this.emailService.sendConfirmation(order.email);
}
}
// Good: Depend on abstractions
interface INotificationService {
sendOrderConfirmation(email: string, order: Order): Promise<void>;
}
class OrderService {
constructor(private notificationService: INotificationService) {}
async processOrder(order: Order) {
// Process order...
await this.notificationService.sendOrderConfirmation(order.email, order);
}
}
State Management Patterns
Redux Toolkit (Recommended)
// Slice definition
const userSlice = createSlice({
name: 'users',
initialState: {
entities: {} as Record<string, User>,
ids: [] as string[],
loading: false,
error: null as string | null
},
reducers: {
setLoading: (state, action) => {
state.loading = action.payload;
}
},
extraReducers: (builder) => {
builder
.addCase(fetchUsers.pending, (state) => {
state.loading = true;
state.error = null;
})
.addCase(fetchUsers.fulfilled, (state, action) => {
state.loading = false;
userAdapter.setAll(state, action.payload);
})
.addCase(fetchUsers.rejected, (state, action) => {
state.loading = false;
state.error = action.error.message || 'Failed to fetch users';
});
}
});
Async Patterns
Promise Best Practices
// Bad: Mixing async/await with .then()
async function badAsyncFunction() {
const data = await fetchData().then(result => result.data);
return data;
}
// Good: Consistent async/await
async function goodAsyncFunction() {
try {
const result = await fetchData();
return result.data;
} catch (error) {
console.error('Failed to fetch data:', error);
throw error;
}
}
// Good: Error handling with custom errors
class ApiError extends Error {
constructor(message: string, public statusCode: number) {
super(message);
this.name = 'ApiError';
}
}
async function fetchUserData(id: string): Promise<User> {
try {
const response = await fetch(`/api/users/${id}`);
if (!response.ok) {
throw new ApiError(
`Failed to fetch user: ${response.statusText}`,
response.status
);
}
return await response.json();
} catch (error) {
if (error instanceof ApiError) {
throw error;
}
throw new ApiError('Network error occurred', 0);
}
}
🧪 4. Testing Standards
Testing Pyramid
- Unit Tests (70%): Test individual functions/components
- Integration Tests (20%): Test component interactions
- E2E Tests (10%): Test complete user workflows
Unit Testing Best Practices
Test Structure (AAA Pattern)
describe('UserService', () => {
describe('createUser', () => {
it('should create user with hashed password', async () => {
// Arrange
const userData = { email: 'test@example.com', password: 'password123' };
const mockRepository = {
create: jest.fn().mockResolvedValue({ id: '1', ...userData })
};
const userService = new UserService(mockRepository);
// Act
const result = await userService.createUser(userData);
// Assert
expect(result).toBeDefined();
expect(result.email).toBe(userData.email);
expect(mockRepository.create).toHaveBeenCalledWith(
expect.objectContaining({
email: userData.email,
password: expect.not.stringMatching('password123') // Should be hashed
})
);
});
it('should throw error when email already exists', async () => {
// Arrange
const userData = { email: 'existing@example.com', password: 'password' };
const mockRepository = {
create: jest.fn().mockRejectedValue(new Error('Email already exists'))
};
const userService = new UserService(mockRepository);
// Act & Assert
await expect(userService.createUser(userData))
.rejects
.toThrow('Email already exists');
});
});
});
React Component Testing
import { render, screen, fireEvent, waitFor } from '@testing-library/react';
import userEvent from '@testing-library/user-event';
describe('LoginForm', () => {
it('should submit form with valid credentials', async () => {
// Arrange
const mockOnSubmit = jest.fn();
const user = userEvent.setup();
render(<LoginForm onSubmit={mockOnSubmit} />);
// Act
await user.type(screen.getByLabelText(/email/i), 'test@example.com');
await user.type(screen.getByLabelText(/password/i), 'password123');
await user.click(screen.getByRole('button', { name: /login/i }));
// Assert
await waitFor(() => {
expect(mockOnSubmit).toHaveBeenCalledWith({
email: 'test@example.com',
password: 'password123'
});
});
});
it('should show validation errors for empty fields', async () => {
// Arrange
const user = userEvent.setup();
render(<LoginForm onSubmit={jest.fn()} />);
// Act
await user.click(screen.getByRole('button', { name: /login/i }));
// Assert
expect(screen.getByText(/email is required/i)).toBeInTheDocument();
expect(screen.getByText(/password is required/i)).toBeInTheDocument();
});
});
Integration Testing
describe('User API Integration', () => {
let app: Application;
let db: Database;
beforeAll(async () => {
app = await createTestApp();
db = await setupTestDatabase();
});
afterAll(async () => {
await db.close();
});
beforeEach(async () => {
await db.clean();
});
it('should create and retrieve user', async () => {
// Create user
const createResponse = await request(app)
.post('/api/users')
.send({ email: 'test@example.com', password: 'password123' })
.expect(201);
const userId = createResponse.body.id;
// Retrieve user
const getResponse = await request(app)
.get(`/api/users/${userId}`)
.expect(200);
expect(getResponse.body).toMatchObject({
id: userId,
email: 'test@example.com'
});
expect(getResponse.body.password).toBeUndefined(); // Should not return password
});
});
E2E Testing with Playwright
import { test, expect } from '@playwright/test';
test.describe('User Authentication Flow', () => {
test('should allow user to login and access dashboard', async ({ page }) => {
// Navigate to login page
await page.goto('/login');
// Fill login form
await page.fill('[data-testid="email-input"]', 'test@example.com');
await page.fill('[data-testid="password-input"]', 'password123');
// Submit form
await page.click('[data-testid="login-button"]');
// Wait for navigation and verify dashboard
await expect(page).toHaveURL('/dashboard');
await expect(page.locator('[data-testid="welcome-message"]'))
.toContainText('Welcome, test@example.com');
});
test('should show error for invalid credentials', async ({ page }) => {
await page.goto('/login');
await page.fill('[data-testid="email-input"]', 'invalid@example.com');
await page.fill('[data-testid="password-input"]', 'wrongpassword');
await page.click('[data-testid="login-button"]');
await expect(page.locator('[data-testid="error-message"]'))
.toContainText('Invalid email or password');
});
});
Test Naming Conventions
// Good test names that describe behavior
it('should return user data when valid ID is provided')
it('should throw NotFoundError when user does not exist')
it('should hash password before saving to database')
it('should send welcome email after successful registration')
// Bad test names
it('test user creation')
it('should work')
it('valid input')
🔐 5. Security Guidelines
OWASP Top 10 Prevention
1. Injection Prevention
// Bad: SQL Injection vulnerable
const query = `SELECT * FROM users WHERE email = '${email}'`;
// Good: Parameterized queries
const query = 'SELECT * FROM users WHERE email = ?';
const result = await db.query(query, [email]);
// Good: ORM with built-in protection
const user = await User.findOne({ where: { email } });
2. Authentication & Session Management
// Good: Secure session configuration
app.use(session({
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
secure: process.env.NODE_ENV === 'production', // HTTPS only in production
httpOnly: true, // Prevent XSS
maxAge: 24 * 60 * 60 * 1000, // 24 hours
sameSite: 'strict' // CSRF protection
},
store: new RedisStore({ client: redisClient }) // Use external store
}));
// Good: JWT with proper expiration
const token = jwt.sign(
{ userId: user.id, email: user.email },
process.env.JWT_SECRET,
{
expiresIn: '1h',
issuer: 'your-app-name',
audience: 'your-app-users'
}
);
3. Input Validation
import Joi from 'joi';
// Define validation schemas
const createUserSchema = Joi.object({
email: Joi.string().email().required(),
password: Joi.string().min(8).pattern(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/).required(),
firstName: Joi.string().min(1).max(50).required(),
lastName: Joi.string().min(1).max(50).required()
});
// Validate input
function validateCreateUser(data: unknown) {
const { error, value } = createUserSchema.validate(data);
if (error) {
throw new ValidationError(error.details[0].message);
}
return value;
}
// Sanitize HTML input
import DOMPurify from 'dompurify';
function sanitizeHtml(input: string): string {
return DOMPurify.sanitize(input);
}
4. XSS Prevention
// Bad: Dangerous innerHTML
<div dangerouslySetInnerHTML= />
// Good: Escape content by default
<div>{userContent}</div>
// Good: Sanitize when HTML is necessary
import DOMPurify from 'dompurify';
function SafeHtml({ content }: { content: string }) {
const sanitized = DOMPurify.sanitize(content);
return <div dangerouslySetInnerHTML= />;
}
5. CSRF Protection
import csrf from 'csurf';
// Enable CSRF protection
app.use(csrf({ cookie: true }));
// Include CSRF token in forms
app.use((req, res, next) => {
res.locals.csrfToken = req.csrfToken();
next();
});
6. Security Headers
import helmet from 'helmet';
app.use(helmet({
contentSecurityPolicy: {
directives: {
defaultSrc: ["'self'"],
styleSrc: ["'self'", "'unsafe-inline'"],
scriptSrc: ["'self'"],
imgSrc: ["'self'", "data:", "https:"],
},
},
hsts: {
maxAge: 31536000,
includeSubDomains: true,
preload: true
}
}));
Secrets Management
// Bad: Hardcoded secrets
const apiKey = 'sk-1234567890abcdef';
// Good: Environment variables
const apiKey = process.env.API_KEY;
if (!apiKey) {
throw new Error('API_KEY environment variable is required');
}
// Good: Use dedicated secret management
import { SecretsManager } from 'aws-sdk';
class SecretService {
private secretsManager = new SecretsManager();
async getSecret(secretName: string): Promise<string> {
try {
const result = await this.secretsManager
.getSecretValue({ SecretId: secretName })
.promise();
return result.SecretString || '';
} catch (error) {
console.error(`Failed to retrieve secret ${secretName}:`, error);
throw error;
}
}
}
Role-Based Access Control
enum Role {
ADMIN = 'admin',
USER = 'user',
MODERATOR = 'moderator'
}
enum Permission {
READ_USERS = 'read:users',
WRITE_USERS = 'write:users',
DELETE_USERS = 'delete:users'
}
const rolePermissions: Record<Role, Permission[]> = {
[Role.ADMIN]: [Permission.READ_USERS, Permission.WRITE_USERS, Permission.DELETE_USERS],
[Role.MODERATOR]: [Permission.READ_USERS, Permission.WRITE_USERS],
[Role.USER]: [Permission.READ_USERS]
};
function hasPermission(userRole: Role, requiredPermission: Permission): boolean {
return rolePermissions[userRole].includes(requiredPermission);
}
// Middleware for permission checking
function requirePermission(permission: Permission) {
return (req: Request, res: Response, next: NextFunction) => {
const user = req.user;
if (!user || !hasPermission(user.role, permission)) {
return res.status(403).json({ error: 'Insufficient permissions' });
}
next();
};
}
// Usage
app.delete('/api/users/:id', requirePermission(Permission.DELETE_USERS), deleteUser);
📑 6. Documentation & Developer Experience
README Structure
# Project Name
Brief description of what your project does and why it exists.
## 🚀 Quick Start
### Prerequisites
- Node.js 18+
- PostgreSQL 14+
- Redis 6+
### Installation
```bash
# Clone the repository
git clone https://github.com/username/project-name.git
cd project-name
# Install dependencies
npm install
# Set up environment variables
cp .env.example .env
# Edit .env with your configuration
# Set up database
npm run db:migrate
npm run db:seed
# Start development server
npm run dev
📖 Documentation
🧪 Testing
npm run test # Run unit tests
npm run test:e2e # Run E2E tests
npm run test:coverage # Generate coverage report
🤝 Contributing
Please read CONTRIBUTING.md for guidelines.
📄 License
This project is licensed under the MIT License - see LICENSE file.
### API Documentation with OpenAPI
```yaml
openapi: 3.0.0
info:
title: User Management API
version: 1.0.0
description: API for managing users in the application
servers:
- url: https://api.example.com/v1
description: Production server
- url: http://localhost:3000/v1
description: Development server
paths:
/users:
get:
summary: List users
parameters:
- name: page
in: query
schema:
type: integer
minimum: 1
default: 1
- name: limit
in: query
schema:
type: integer
minimum: 1
maximum: 100
default: 20
responses:
'200':
description: Successful response
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/User'
pagination:
$ref: '#/components/schemas/Pagination'
post:
summary: Create a new user
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateUserRequest'
responses:
'201':
description: User created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/User'
'400':
description: Invalid input
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
components:
schemas:
User:
type: object
properties:
id:
type: string
format: uuid
email:
type: string
format: email
firstName:
type: string
lastName:
type: string
createdAt:
type: string
format: date-time
required:
- id
- email
- firstName
- lastName
- createdAt
In-Code Documentation
/**
* Service for managing user operations
*
* @example
* ```typescript
* const userService = new UserService(userRepository);
* const user = await userService.createUser({
* email: 'john@example.com',
* firstName: 'John',
* lastName: 'Doe'
* });
* ```
*/
export class UserService {
constructor(private userRepository: UserRepository) {}
/**
* Creates a new user with the provided data
*
* @param userData - The user data to create
* @returns Promise that resolves to the created user
* @throws {ValidationError} When user data is invalid
* @throws {ConflictError} When email already exists
*
* @example
* ```typescript
* const user = await userService.createUser({
* email: 'jane@example.com',
* firstName: 'Jane',
* lastName: 'Smith',
* password: 'securePassword123'
* });
* ```
*/
async createUser(userData: CreateUserData): Promise<User> {
// Implementation...
}
/**
* Retrieves users with optional filtering and pagination
*
* @param options - Query options for filtering and pagination
* @param options.page - Page number (1-based)
* @param options.limit - Number of items per page
* @param options.email - Filter by email (partial match)
* @returns Promise that resolves to paginated user results
*/
async getUsers(options: GetUsersOptions = {}): Promise<PaginatedUsers> {
// Implementation...
}
}
Comment Guidelines
// Good: Comments explain WHY, not WHAT
// We use exponential backoff to avoid overwhelming the API during failures
const delay = Math.min(1000 * Math.pow(2, attempt), 30000);
// Bad: Comments explain obvious code
// Increment counter by 1
counter++;
// Good: Comments for complex business logic
// Calculate tax based on user's state and product category
// Special handling for digital products in certain states
if (isDigitalProduct && TAX_EXEMPT_STATES.includes(user.state)) {
taxRate = 0;
} else {
taxRate = getTaxRate(user.state, product.category);
}
// Good: TODO comments with context
// TODO: Replace with proper event sourcing once we implement CQRS
// This temporary solution handles the audit trail requirement
logUserAction(user.id, 'USER_UPDATED', { previousData, newData });
🔄 7. Version Control & Git Workflow
Branching Strategy
Git Flow (Recommended for Release-Based Projects)
main ──●─────●─────●──── (Production releases)
╱ ╱ ╱
develop ───●───●───●───●───●──── (Integration branch)
╱ ╱ ╱ ╱
feature-* ●───╱ ╱ ╱ ╱
hotfix-* ╱ ●───╱
Branch Types:
main: Production-ready codedevelop: Integration branch for featuresfeature/*: New features (feature/user-authentication)release/*: Release preparation (release/v1.2.0)hotfix/*: Critical production fixes (hotfix/security-patch)
GitHub Flow (Recommended for Continuous Deployment)
main ──●─────●─────●─────●──── (Always deployable)
╱ ╱ ╱ ╱
feature ●─────╱ ╱ ╱
bugfix ●─────╱ ╱
hotfix ●───╱
Simple and effective:
main: Always deployablefeature/*: All changes (features, bugs, etc.)- Direct PR to main with CI/CD checks
Commit Message Conventions (Conventional Commits)
Format
<type>[optional scope]: <description>
[optional body]
[optional footer(s)]
Types
feat: add user authentication system
fix: resolve memory leak in image processor
docs: update API documentation for v2 endpoints
style: format code according to prettier rules
refactor: extract common validation logic
test: add integration tests for payment flow
chore: update dependencies to latest versions
perf: optimize database queries for user lookup
ci: add automated deployment pipeline
build: configure webpack for production builds
Examples
# Simple feature
feat: add password reset functionality
# Bug fix with scope
fix(auth): handle expired tokens gracefully
# Breaking change
feat!: remove deprecated v1 API endpoints
BREAKING CHANGE: v1 endpoints are no longer supported.
Use v2 endpoints instead.
# Detailed commit with body
feat(payment): integrate Stripe payment processing
- Add Stripe SDK integration
- Implement webhook handling for payment events
- Add comprehensive error handling
- Include tests for payment flows
Closes #123
Pull Request Best Practices
PR Template
## Description
Brief description of changes made and why.
## Type of Change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Documentation update
## Testing
- [ ] Unit tests pass
- [ ] Integration tests pass
- [ ] Manual testing completed
- [ ] New tests added for new functionality
## Checklist
- [ ] Code follows project style guidelines
- [ ] Self-review completed
- [ ] Code is commented where necessary
- [ ] Documentation updated
- [ ] No new warnings or errors introduced
## Screenshots (if applicable)
Add screenshots for UI changes.
## Related Issues
Closes #123
Review Checklist
For Authors:
- Keep PRs small (< 400 lines when possible)
- Write descriptive titles and descriptions
- Test your changes thoroughly
- Update documentation
- Respond to feedback promptly
For Reviewers:
- Check for security vulnerabilities
- Verify tests cover new functionality
- Ensure code follows project standards
- Look for performance implications
- Suggest improvements, not just find problems
Git Hooks & Automation
Pre-commit Hook (using Husky)
{
"husky": {
"hooks": {
"pre-commit": "lint-staged",
"commit-msg": "commitlint -E HUSKY_GIT_PARAMS",
"pre-push": "npm run test:unit"
}
},
"lint-staged": {
"*.{js,ts,tsx}": [
"eslint --fix",
"prettier --write",
"git add"
],
"*.{css,scss,md}": [
"prettier --write",
"git add"
]
}
}
⚙️ 8. Tooling & Automation
Code Formatting & Linting
Prettier Configuration
{
"semi": true,
"trailingComma": "es5",
"singleQuote": true,
"printWidth": 80,
"tabWidth": 2,
"useTabs": false,
"bracketSpacing": true,
"bracketSameLine": false,
"arrowParens": "avoid",
"endOfLine": "lf"
}
ESLint Configuration
{
"extends": [
"@typescript-eslint/recommended",
"prettier",
"plugin:react-hooks/recommended"
],
"parser": "@typescript-eslint/parser",
"plugins": ["@typescript-eslint", "import"],
"rules": {
"@typescript-eslint/no-unused-vars": "error",
"@typescript-eslint/explicit-function-return-type": "warn",
"import/order": [
"error",
{
"groups": [
"builtin",
"external",
"internal",
"parent",
"sibling",
"index"
],
"newlines-between": "always"
}
],
"prefer-const": "error",
"no-var": "error"
}
}
Python: Black + Flake8
# pyproject.toml
[tool.black]
line-length = 88
target-version = ['py38']
include = '\.pyi?
extend-exclude = '''
/(
# directories
\.eggs
| \.git
| \.hg
| \.mypy_cache
| \.tox
| \.venv
| build
| dist
)/
'''
# setup.cfg
[flake8]
max-line-length = 88
extend-ignore = E203, W503
exclude = .git,__pycache__,docs/source/conf.py,old,build,dist
Build Scripts & Task Runners
package.json Scripts
{
"scripts": {
"dev": "next dev",
"build": "next build",
"start": "next start",
"lint": "eslint . --ext .ts,.tsx --fix",
"lint:check": "eslint . --ext .ts,.tsx",
"format": "prettier --write .",
"format:check": "prettier --check .",
"test": "jest",
"test:watch": "jest --watch",
"test:coverage": "jest --coverage",
"test:e2e": "playwright test",
"type-check": "tsc --noEmit",
"pre-commit": "npm run lint && npm run format && npm run type-check",
"clean": "rm -rf .next out dist",
"db:migrate": "npx prisma migrate dev",
"db:seed": "npx prisma db seed",
"docker:build": "docker build -t myapp .",
"docker:run": "docker run -p 3000:3000 myapp"
}
}
Makefile for Multi-Language Projects
.PHONY: help install test lint format clean docker-build
help: ## Show this help message
@echo 'Usage: make [target]'
@echo ''
@echo 'Targets:'
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " %-15s %s\n", $1, $2}' $(MAKEFILE_LIST)
install: ## Install dependencies
npm install
pip install -r requirements.txt
test: ## Run all tests
npm run test
python -m pytest tests/
lint: ## Run linters
npm run lint:check
flake8 src/
mypy src/
format: ## Format code
npm run format
black src/
isort src/
clean: ## Clean build artifacts
rm -rf node_modules/.cache
rm -rf .next
rm -rf __pycache__
rm -rf .pytest_cache
docker-build: ## Build Docker image
docker build -t myapp .
ci: lint test ## Run CI pipeline locally
@echo "✅ CI pipeline completed successfully"
Static Analysis Tools
TypeScript Configuration
{
"compilerOptions": {
"target": "ES2020",
"lib": ["dom", "dom.iterable", "es6"],
"allowJs": true,
"skipLibCheck": true,
"strict": true,
"forceConsistentCasingInFileNames": true,
"noEmit": true,
"esModuleInterop": true,
"module": "esnext",
"moduleResolution": "node",
"resolveJsonModule": true,
"isolatedModules": true,
"jsx": "preserve",
"incremental": true,
"noUncheckedIndexedAccess": true,
"noImplicitReturns": true,
"noFallthroughCasesInSwitch": true,
"baseUrl": ".",
"paths": {
"@/*": ["./src/*"],
"@/components/*": ["./src/components/*"],
"@/utils/*": ["./src/utils/*"]
}
},
"include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"],
"exclude": ["node_modules"]
}
Code Generation Tools
OpenAPI Client Generation
# Generate TypeScript client from OpenAPI spec
npx @openapitools/openapi-generator-cli generate \
-i https://api.example.com/openapi.json \
-g typescript-axios \
-o src/generated/api \
--additional-properties=supportsES6=true,npmName=my-api-client
Prisma Schema to Types
// schema.prisma
generator client {
provider = "prisma-client-js"
}
generator typegen {
provider = "prisma-typegen"
output = "../types/generated"
}
model User {
id String @id @default(cuid())
email String @unique
firstName String
lastName String
posts Post[]
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
📦 9. Dependency & Package Management
Lock File Best Practices
npm/yarn/pnpm
{
"engines": {
"node": ">=18.0.0",
"npm": ">=8.0.0"
},
"packageManager": "pnpm@8.6.0"
}
Rules:
- Always commit lock files (
package-lock.json,yarn.lock,pnpm-lock.yaml) - Use exact versions for critical dependencies
- Regular dependency audits and updates
- Use
npm ciin CI/CD pipelines
Python Poetry
[tool.poetry]
name = "myapp"
version = "0.1.0"
description = ""
authors = ["Your Name <you@example.com>"]
[tool.poetry.dependencies]
python = "^3.8"
fastapi = "^0.68.0"
uvicorn = {extras = ["standard"], version = "^0.15.0"}
[tool.poetry.group.dev.dependencies]
pytest = "^6.0"
black = "^21.0"
flake8 = "^3.9"
mypy = "^0.910"
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"
Dependency Security
Regular Security Audits
# npm
npm audit
npm audit fix
# yarn
yarn audit
yarn audit --fix
# Python
pip-audit
safety check
# GitHub Dependabot configuration
# .github/dependabot.yml
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
Dependency Pinning Strategy
{
"dependencies": {
"react": "18.2.0", // Exact version for stable deps
"lodash": "^4.17.21", // Allow patch updates
"typescript": "~5.0.0" // Allow patch updates only
},
"devDependencies": {
"jest": "^29.0.0", // More flexible for dev tools
"@types/node": "*" // Latest types are usually safe
}
}
🔍 10. Monitoring, Observability & Logs
Structured Logging
Application Logs
import winston from 'winston';
// Configure structured logging
const logger = winston.createLogger({
level: process.env.LOG_LEVEL || 'info',
format: winston.format.combine(
winston.format.timestamp(),
winston.format.errors({ stack: true }),
winston.format.json()
),
defaultMeta: {
service: 'user-service',
version: process.env.APP_VERSION
},
transports: [
new winston.transports.File({ filename: 'logs/error.log', level: 'error' }),
new winston.transports.File({ filename: 'logs/combined.log' }),
new winston.transports.Console({
format: winston.format.combine(
winston.format.colorize(),
winston.format.simple()
)
})
]
});
// Usage with context
logger.info('User created successfully', {
userId: user.id,
email: user.email,
requestId: req.id,
userAgent: req.get('User-Agent'),
ip: req.ip
});
logger.error('Database connection failed', {
error: error.message,
stack: error.stack,
database: 'users',
connectionString: process.env.DB_HOST // Don't log sensitive data
});
Python Logging
import logging
import json
from datetime import datetime
class JSONFormatter(logging.Formatter):
def format(self, record):
log_entry = {
'timestamp': datetime.utcnow().isoformat(),
'level': record.levelname,
'message': record.getMessage(),
'module': record.module,
'function': record.funcName,
'line': record.lineno
}
if hasattr(record, 'user_id'):
log_entry['user_id'] = record.user_id
if hasattr(record, 'request_id'):
log_entry['request_id'] = record.request_id
if record.exc_info:
log_entry['exception'] = self.formatException(record.exc_info)
return json.dumps(log_entry)
# Configure logger
logging.basicConfig(
level=logging.INFO,
handlers=[
logging.StreamHandler(),
logging.FileHandler('app.log')
]
)
logger = logging.getLogger(__name__)
for handler in logger.handlers:
handler.setFormatter(JSONFormatter())
# Usage
logger.info("User logged in", extra={
'user_id': user.id,
'request_id': request.id,
'ip_address': request.remote_addr
})
Error Tracking & Monitoring
Sentry Integration
import * as Sentry from '@sentry/node';
Sentry.init({
dsn: process.env.SENTRY_DSN,
environment: process.env.NODE_ENV,
tracesSampleRate: process.env.NODE_ENV === 'production' ? 0.1 : 1.0,
beforeSend(event) {
// Filter out sensitive data
if (event.exception) {
const error = event.exception.values?.[0];
if (error?.value?.includes('password')) {
return null; // Don't send events containing passwords
}
}
return event;
}
});
// Usage in Express middleware
app.use(Sentry.Handlers.requestHandler());
app.use(Sentry.Handlers.tracingHandler());
// Custom error handling
function handleError(error: Error, context: Record<string, any> = {}) {
logger.error('Application error', { error: error.message, stack: error.stack, ...context });
Sentry.withScope(scope => {
Object.keys(context).forEach(key => {
scope.setTag(key, context[key]);
});
Sentry.captureException(error);
});
}
Performance Monitoring
Application Performance Monitoring
import { performance } from 'perf_hooks';
// Performance middleware
function performanceMiddleware(req: Request, res: Response, next: NextFunction) {
const start = performance.now();
res.on('finish', () => {
const duration = performance.now() - start;
logger.info('Request completed', {
method: req.method,
url: req.url,
statusCode: res.statusCode,
duration: `${duration.toFixed(2)}ms`,
requestId: req.id
});
// Send metrics to monitoring service
metrics.histogram('request_duration', duration, {
method: req.method,
route: req.route?.path || 'unknown',
status: res.statusCode.toString()
});
});
next();
}
// Database query monitoring
class MonitoredRepository {
async findUser(id: string): Promise<User | null> {
const start = performance.now();
try {
const user = await this.db.user.findUnique({ where: { id } });
const duration = performance.now() - start;
metrics.histogram('db_query_duration', duration, {
operation: 'findUser',
table: 'users'
});
return user;
} catch (error) {
const duration = performance.now() - start;
metrics.histogram('db_query_duration', duration, {
operation: 'findUser',
table: 'users',
error: 'true'
});
throw error;
}
}
}
Health Checks & Readiness Probes
// Health check endpoint
app.get('/health', async (req, res) => {
const checks = {
status: 'ok',
timestamp: new Date().toISOString(),
uptime: process.uptime(),
checks: {
database: await checkDatabase(),
redis: await checkRedis(),
external_api: await checkExternalAPI()
}
};
const isHealthy = Object.values(checks.checks).every(check => check.status === 'ok');
res.status(isHealthy ? 200 : 503).json(checks);
});
async function checkDatabase(): Promise<HealthCheck> {
try {
await db.$queryRaw`SELECT 1`;
return { status: 'ok', responseTime: '< 50ms' };
} catch (error) {
return { status: 'error', error: error.message };
}
}
// Graceful shutdown
process.on('SIGTERM', async () => {
logger.info('SIGTERM received, shutting down gracefully');
// Stop accepting new requests
server.close(() => {
logger.info('HTTP server closed');
});
// Close database connections
await db.$disconnect();
// Close other connections
await redis.disconnect();
process.exit(0);
});
🧰 11. Production Readiness Checklist
Configuration Management (12 Factor App)
Environment Configuration
// config/index.ts
import { z } from 'zod';
const configSchema = z.object({
NODE_ENV: z.enum(['development', 'test', 'production']),
PORT: z.coerce.number().default(3000),
DATABASE_URL: z.string().url(),
REDIS_URL: z.string().url(),
JWT_SECRET: z.string().min(32),
API_RATE_LIMIT: z.coerce.number().default(100),
LOG_LEVEL: z.enum(['error', 'warn', 'info', 'debug']).default('info')
});
export const config = configSchema.parse(process.env);
// Validate required environment variables at startup
if (!config.JWT_SECRET) {
throw new Error('JWT_SECRET environment variable is required');
}
Feature Flags
interface FeatureFlags {
enableNewDashboard: boolean;
enableAdvancedSearch: boolean;
maxUploadSize: number;
}
class FeatureFlagService {
private flags: FeatureFlags;
constructor() {
this.flags = {
enableNewDashboard: process.env.FEATURE_NEW_DASHBOARD === 'true',
enableAdvancedSearch: process.env.FEATURE_ADVANCED_SEARCH === 'true',
maxUploadSize: parseInt(process.env.MAX_UPLOAD_SIZE || '10485760') // 10MB default
};
}
isEnabled(flag: keyof FeatureFlags): boolean {
return Boolean(this.flags[flag]);
}
getValue<T extends keyof FeatureFlags>(flag: T): FeatureFlags[T] {
return this.flags[flag];
}
}
// Usage
const featureFlags = new FeatureFlagService();
if (featureFlags.isEnabled('enableNewDashboard')) {
// Render new dashboard
} else {
// Render legacy dashboard
}
Deployment Strategies
Blue-Green Deployment
# docker-compose.blue-green.yml
version: '3.8'
services:
app-blue:
image: myapp:${BLUE_VERSION}
environment:
- NODE_ENV=production
- DATABASE_URL=${DATABASE_URL}
labels:
- "traefik.enable=false" # Initially disabled
app-green:
image: myapp:${GREEN_VERSION}
environment:
- NODE_ENV=production
- DATABASE_URL=${DATABASE_URL}
labels:
- "traefik.enable=true" # Currently active
- "traefik.http.routers.app.rule=Host(`myapp.com`)"
Rolling Deployment with Health Checks
# kubernetes/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
spec:
containers:
- name: myapp
image: myapp:latest
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
Security Hardening
Production Security Checklist
// Security middleware for production
import rateLimit from 'express-rate-limit';
import mongoSanitize from 'express-mongo-sanitize';
import xss from 'xss-clean';
// Rate limiting
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
message: 'Too many requests from this IP, please try again later.',
standardHeaders: true,
legacyHeaders: false,
});
// Apply security middleware
app.use(limiter);
app.use(mongoSanitize()); // Prevent NoSQL injection
app.use(xss()); // Clean user input from malicious HTML
app.use(express.json({ limit: '10mb' })); // Limit request size
// Security headers
app.use((req, res, next) => {
res.setHeader('X-Content-Type-Options', 'nosniff');
res.setHeader('X-Frame-Options', 'DENY');
res.setHeader('X-XSS-Protection', '1; mode=block');
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
next();
});
Monitoring & Alerting
Production Monitoring Setup
// metrics.ts
import client from 'prom-client';
const collectDefaultMetrics = client.collectDefaultMetrics;
collectDefaultMetrics({ timeout: 5000 });
// Custom metrics
export const httpRequestDuration = new client.Histogram({
name: 'http_request_duration_seconds',
help: 'Duration of HTTP requests in seconds',
labelNames: ['method', 'route', 'status_code'],
buckets: [0.1, 0.5, 1, 2, 5]
});
export const activeConnections = new client.Gauge({
name: 'active_connections',
help: 'Number of active connections'
});
export const errorRate = new client.Counter({
name: 'application_errors_total',
help: 'Total number of application errors',
labelNames: ['type', 'severity']
});
// Metrics endpoint
app.get('/metrics', async (req, res) => {
try {
res.set('Content-Type', client.register.contentType);
const metrics = await client.register.metrics();
res.end(metrics);
} catch (error) {
res.status(500).end(error);
}
});
👥 12. Collaboration, Review, and Mentorship
Code Review Guidelines
Review Checklist for Authors
Before Submitting:
- Code is self-tested and working
- Tests are added/updated
- Documentation is updated
- Code follows team standards
- No sensitive data in code
- Performance implications considered
- Error handling implemented
- Logging added where appropriate
Review Checklist for Reviewers
Technical Review:
- Logic is correct and efficient
- Error handling is comprehensive
- Security vulnerabilities addressed
- Performance impact acceptable
- Code is maintainable and readable
- Tests adequately cover changes
- Dependencies are appropriate
Code Quality:
- Naming is clear and consistent
- Functions are single-purpose
- Code duplication minimized
- Comments explain complex logic
- No magic numbers or strings
Effective Review Comments
// ❌ Bad review comment
"This is wrong"
// ✅ Good review comment
"Consider using a Map instead of an object here for better performance
when dealing with dynamic keys. Objects have prototype pollution risks
and Maps provide better iteration performance."
// ❌ Bad review comment
"Fix this"
// ✅ Good review comment
"This function could throw an error if `user` is undefined. Consider
adding a null check or using optional chaining: `user?.email`"
// ✅ Constructive suggestion
"Nice solution! One small optimization: we could memoize this calculation
since the inputs don't change often. What do you think about adding
useMemo here?"
// ✅ Learning opportunity
"This works well! For future reference, you might want to look into
the Repository pattern for data access - it would make this more testable."
Pair Programming Best Practices
Driver-Navigator Pattern
Driver (Person typing):
- Focus on implementation details
- Think out loud about what you’re doing
- Ask questions when stuck
- Take breaks every 25-30 minutes
Navigator (Person reviewing):
- Think about overall design and approach
- Spot syntax errors and typos
- Suggest alternatives and improvements
- Keep track of bigger picture
- Take notes of issues to address later
Remote Pair Programming Tools
- VS Code Live Share: Real-time collaborative editing
- Tuple: High-quality screen sharing for pairing
- GitHub Codespaces: Cloud-based development environment
- Replit: Browser-based collaborative coding
Mentorship Guidelines
For Mentors
Teaching Approach:
- Ask guiding questions instead of giving answers
- Explain the “why” behind decisions
- Share real-world examples and war stories
- Be patient with learning curves
- Provide regular, constructive feedback
// Instead of: "Use async/await here"
// Try: "What do you think would happen if this API call takes 5 seconds?
// How might we handle that to keep the UI responsive?"
// Instead of: "This code is inefficient"
// Try: "I notice this loop runs for every item. What do you think the
// performance impact might be with 10,000 items? Can we optimize this?"
For Mentees
Learning Approach:
- Ask questions freely - no question is too basic
- Request code reviews even for small changes
- Practice explaining your code to others
- Take ownership of your learning path
- Document what you learn for future reference
Knowledge Sharing Sessions
# Weekly Tech Talk Template
## Topic: [Technology/Pattern/Tool]
## Presenter: [Name]
## Duration: 30 minutes
### Agenda
1. Problem/Challenge (5 min)
2. Solution Overview (10 min)
3. Code Examples (10 min)
4. Q&A and Discussion (5 min)
### Resources
- [Documentation links]
- [Code repository]
- [Additional reading]
### Action Items
- [ ] Try implementing in current project
- [ ] Share learnings with team
- [ ] Update team documentation
💡 13. Career-Agnostic Add-Ons
IDE Setup & Configuration
VS Code Recommended Settings
{
"editor.formatOnSave": true,
"editor.formatOnPaste": true,
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true,
"source.fixAll.tslint": true,
"source.organizeImports": true,
"source.removeUnusedImports": true
},
"editor.rulers": [80, 120],
"editor.tabSize": 2,
"editor.insertSpaces": true,
"editor.detectIndentation": false,
"editor.bracketPairColorization.enabled": true,
"editor.guides.bracketPairs": true,
"editor.guides.indentation": true,
"editor.minimap.enabled": true,
"editor.wordWrap": "on",
"editor.semanticHighlighting.enabled": true,
"editor.inlineSuggest.enabled": true,
"editor.suggestSelection": "first",
"editor.quickSuggestions": {
"other": true,
"comments": false,
"strings": false
},
"typescript.preferences.importModuleSpecifier": "relative",
"typescript.updateImportsOnFileMove.enabled": "always",
"typescript.suggest.autoImports": true,
"javascript.suggest.autoImports": true,
"eslint.validate": [
"javascript",
"typescript",
"javascriptreact",
"typescriptreact",
"vue",
"svelte"
],
"files.exclude": {
"**/node_modules": true,
"**/.git": true,
"**/.DS_Store": true,
"**/dist": true,
"**/build": true,
"**/.vscode": false,
"**/coverage": true,
"**/.nyc_output": true
},
"files.watcherExclude": {
"**/node_modules/**": true,
"**/dist/**": true,
"**/build/**": true
},
"search.exclude": {
"**/node_modules": true,
"**/dist": true,
"**/build": true,
"**/.git": true
},
"emmet.includeLanguages": {
"javascript": "javascriptreact",
"typescript": "typescriptreact"
},
"git.autofetch": true,
"git.confirmSync": false,
"git.enableSmartCommit": true,
"terminal.integrated.fontSize": 14,
"workbench.colorTheme": "One Dark Pro",
"workbench.iconTheme": "material-icon-theme",
"workbench.startupEditor": "newUntitledFile",
"explorer.confirmDelete": false,
"explorer.confirmDragAndDrop": false
}
Essential VS Code Extensions
{
"recommendations": [
// Core Development
"esbenp.prettier-vscode",
"dbaeumer.vscode-eslint",
"ms-vscode.vscode-typescript-next",
"ms-typescript.typescript-importer",
"christian-kohler.path-intellisense",
"bradlc.vscode-tailwindcss",
// Git & Version Control
"eamodio.gitlens",
"github.vscode-pull-request-github",
"github.copilot",
"github.copilot-chat",
// Code Quality & Analysis
"sonarsource.sonarlint-vscode",
"streetsidesoftware.code-spell-checker",
"usernamehw.errorlens",
"oderwat.indent-rainbow",
"pkief.material-icon-theme",
// Language Support
"bradlc.vscode-tailwindcss",
"ms-python.python",
"ms-python.pylint",
"golang.go",
"rust-lang.rust-analyzer",
"ms-dotnettools.csharp",
"oracle.oracle-java",
"redhat.java",
// Frontend Development
"formulahendry.auto-rename-tag",
"bradlc.vscode-tailwindcss",
"zignd.html-css-class-completion",
"pranaygp.vscode-css-peek",
// Backend & Database
"ms-mssql.mssql",
"mongodb.mongodb-vscode",
"cweijan.vscode-mysql-client2",
// DevOps & Cloud
"ms-azuretools.vscode-docker",
"ms-kubernetes-tools.vscode-kubernetes-tools",
"hashicorp.terraform",
"amazonwebservices.aws-toolkit-vscode",
// Productivity
"alefragnani.bookmarks",
"gruntfuggly.todo-tree",
"ms-vscode.live-server",
"ritwickdey.liveserver",
"formulahendry.code-runner",
"ms-vscode.remote-containers",
"ms-vscode-remote.remote-ssh"
]
}
JetBrains IDEs Configuration (IntelliJ/WebStorm/PyCharm)
<!-- Code Style Settings -->
<code_scheme name="Professional">
<option name="FORMATTER_TAGS_ENABLED" value="true" />
<option name="SOFT_MARGINS" value="80,120" />
<option name="WRAP_WHEN_TYPING_REACHES_RIGHT_MARGIN" value="true" />
<JavaCodeStyleSettings>
<option name="IMPORT_LAYOUT_TABLE">
<value>
<package name="" withSubpackages="true" static="false" />
<emptyLine />
<package name="java" withSubpackages="true" static="false" />
<package name="javax" withSubpackages="true" static="false" />
<emptyLine />
<package name="" withSubpackages="true" static="true" />
</value>
</option>
</JavaCodeStyleSettings>
</code_scheme>
Development Environment Setup
Terminal Configuration
Zsh with Oh My Zsh
# Install Oh My Zsh
sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
# Essential plugins in ~/.zshrc
plugins=(
git
docker
kubectl
npm
yarn
nvm
python
pip
terraform
aws
gcloud
zsh-autosuggestions
zsh-syntax-highlighting
)
# Useful aliases
alias ll="ls -la"
alias la="ls -A"
alias l="ls -CF"
alias ..="cd .."
alias ...="cd ../.."
alias grep="grep --color=auto"
alias fgrep="fgrep --color=auto"
alias egrep="egrep --color=auto"
# Git aliases
alias gs="git status"
alias ga="git add"
alias gc="git commit"
alias gp="git push"
alias gl="git pull"
alias gd="git diff"
alias gb="git branch"
alias gco="git checkout"
# Docker aliases
alias d="docker"
alias dc="docker-compose"
alias dps="docker ps"
alias di="docker images"
PowerShell Profile (Windows)
# Microsoft.PowerShell_profile.ps1
Set-PSReadLineOption -PredictionSource History
Set-PSReadLineOption -PredictionViewStyle ListView
Set-PSReadLineOption -EditMode Windows
# Aliases
Set-Alias -Name ll -Value Get-ChildItem
Set-Alias -Name la -Value Get-ChildItem
Set-Alias -Name grep -Value Select-String
# Git functions
function gs { git status }
function ga { git add $args }
function gc { git commit $args }
function gp { git push $args }
function gl { git pull $args }
# Load modules
Import-Module posh-git
Import-Module oh-my-posh
oh-my-posh init pwsh | Invoke-Expression
Package Managers & Runtime Management
Node.js Version Management
# Using NVM
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
nvm install --lts
nvm use --lts
nvm alias default node
# Global packages
npm install -g @angular/cli
npm install -g create-react-app
npm install -g vue-cli
npm install -g typescript
npm install -g ts-node
npm install -g nodemon
npm install -g pm2
npm install -g serve
npm install -g http-server
Python Environment Management
# Using pyenv
curl https://pyenv.run | bash
# Install Python versions
pyenv install 3.11.0
pyenv install 3.10.0
pyenv global 3.11.0
# Virtual environments
python -m venv venv
source venv/bin/activate # Linux/Mac
# or
venv\Scripts\activate # Windows
# Essential packages
pip install black
pip install flake8
pip install mypy
pip install pytest
pip install requests
pip install fastapi
pip install django
Java Version Management
# Using SDKMAN
curl -s "https://get.sdkman.io" | bash
sdk install java 17.0.2-open
sdk install java 11.0.15-open
sdk install gradle
sdk install maven
Code Quality Tools
Universal Linters & Formatters
Prettier Configuration
{
"semi": true,
"trailingComma": "es5",
"singleQuote": true,
"printWidth": 80,
"tabWidth": 2,
"useTabs": false,
"bracketSpacing": true,
"bracketSameLine": false,
"arrowParens": "avoid",
"endOfLine": "lf",
"overrides": [
{
"files": "*.md",
"options": {
"printWidth": 100,
"proseWrap": "always"
}
},
{
"files": "*.json",
"options": {
"tabWidth": 2
}
}
]
}
EditorConfig
# .editorconfig
root = true
[*]
charset = utf-8
end_of_line = lf
indent_style = space
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true
max_line_length = 80
[*.{js,jsx,ts,tsx,vue,svelte}]
indent_size = 2
[*.{py,rb}]
indent_size = 4
[*.{md,markdown}]
trim_trailing_whitespace = false
max_line_length = 100
[*.{yml,yaml}]
indent_size = 2
[Makefile]
indent_style = tab
Language-Specific Quality Tools
ESLint Configuration (JavaScript/TypeScript)
{
"extends": [
"eslint:recommended",
"@typescript-eslint/recommended",
"prettier"
],
"plugins": ["@typescript-eslint", "import", "security"],
"rules": {
"no-console": "warn",
"no-debugger": "error",
"no-unused-vars": "error",
"prefer-const": "error",
"no-var": "error",
"eqeqeq": ["error", "always"],
"curly": ["error", "all"],
"no-eval": "error",
"no-implied-eval": "error",
"no-new-func": "error",
"security/detect-object-injection": "warn",
"import/order": [
"error",
{
"groups": [
"builtin",
"external",
"internal",
"parent",
"sibling",
"index"
],
"newlines-between": "always"
}
]
}
}
Python Configuration (pyproject.toml)
[tool.black]
line-length = 88
target-version = ['py311']
include = '\.pyi?$'
[tool.isort]
profile = "black"
multi_line_output = 3
line_length = 88
[tool.flake8]
max-line-length = 88
extend-ignore = ["E203", "W503"]
[tool.mypy]
python_version = "3.11"
warn_return_any = true
warn_unused_configs = true
disallow_untyped_defs = true
Git Configuration & Workflows
Git Configuration
# Global Git configuration
git config --global user.name "Your Name"
git config --global user.email "your.email@example.com"
git config --global init.defaultBranch main
git config --global pull.rebase true
git config --global push.default simple
git config --global core.autocrlf input # Linux/Mac
git config --global core.autocrlf true # Windows
git config --global core.editor "code --wait"
# Aliases
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status
git config --global alias.unstash 'stash pop'
git config --global alias.logg 'log --graph --oneline --decorate --all'
git config --global alias.last 'log -1 HEAD'
Git Hooks Setup
#!/bin/sh
# .git/hooks/pre-commit
# Format and lint code before commit
# Run linters
npm run lint
npm run type-check
# Run tests
npm test
# Format code
npm run format
exit 0
GitHub Workflow Templates
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [16.x, 18.x]
steps:
- uses: actions/checkout@v3
- name: Use Node.js $
uses: actions/setup-node@v3
with:
node-version: $
cache: 'npm'
- run: npm ci
- run: npm run build --if-present
- run: npm run lint
- run: npm run type-check
- run: npm test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
Database Tools & GUI Clients
Universal Database Tools
- DBeaver: Multi-platform database tool
- TablePlus: Modern database client (Mac/Windows)
- DataGrip: JetBrains database IDE
- Sequel Pro: MySQL client (Mac)
- pgAdmin: PostgreSQL administration
Database CLI Tools
# PostgreSQL
brew install postgresql
psql -h localhost -U username -d database
# MySQL
brew install mysql
mysql -h localhost -u username -p
# MongoDB
brew install mongodb-community
mongosh
# Redis
brew install redis
redis-cli
API Development & Testing
HTTP Clients
- Postman: Full-featured API testing
- Insomnia: Lightweight REST client
- Thunder Client: VS Code extension
- HTTPie: Command-line HTTP client
API Documentation Tools
- Swagger/OpenAPI: API specification
- Redoc: API documentation generator
- Insomnia Designer: API design tool
Container & Cloud Tools
Docker Configuration
# Multi-stage Dockerfile example
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:18-alpine AS runtime
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
EXPOSE 3000
CMD ["npm", "start"]
Docker Compose
version: '3.8'
services:
app:
build: .
ports:
- "3000:3000"
environment:
- NODE_ENV=development
volumes:
- .:/app
- /app/node_modules
depends_on:
- db
db:
image: postgres:14
environment:
POSTGRES_DB: myapp
POSTGRES_USER: user
POSTGRES_PASSWORD: password
volumes:
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
volumes:
postgres_data:
Kubernetes Tools
# Essential tools
brew install kubectl
brew install helm
brew install k9s
brew install kustomize
# Useful aliases
alias k=kubectl
alias kgp='kubectl get pods'
alias kgs='kubectl get services'
alias kgd='kubectl get deployments'
Security Tools
Static Analysis
- SonarQube: Code quality and security
- Snyk: Vulnerability scanning
- CodeQL: Semantic code analysis
- Semgrep: Static analysis rules
Dependency Management
# Node.js security audit
npm audit
npm audit fix
# Python security
pip install safety
safety check
# General dependency checking
brew install osv-scanner
osv-scanner --lockfile package-lock.json
Monitoring & Performance
Application Monitoring
- New Relic: Full-stack monitoring
- DataDog: Infrastructure monitoring
- Sentry: Error tracking
- LogRocket: Frontend monitoring
Performance Testing
# Load testing
npm install -g artillery
artillery quick --count 10 --num 5 https://example.com
# Lighthouse CI
npm install -g @lhci/cli
lhci autorun
Professional Development
Learning Resources
- Pluralsight: Technology courses
- Udemy: Practical tutorials
- Coursera: University-level courses
- FreeCodeCamp: Free programming education
- The Odin Project: Full-stack curriculum
Technical Documentation
- Notion: Knowledge management
- Obsidian: Note-taking with linking
- GitBook: Technical documentation
- Confluence: Team documentation
Communication Tools
- Slack: Team communication
- Discord: Developer communities
- Microsoft Teams: Enterprise communication
- Linear: Issue tracking
- Jira: Project management
Backup & Sync Solutions
Code Backup
# Automated backup script
#!/bin/bash
DATE=$(date +%Y%m%d_%H%M%S)
tar -czf ~/backups/projects_$DATE.tar.gz ~/projects
aws s3 cp ~/backups/projects_$DATE.tar.gz s3://my-backup-bucket/
Configuration Management
- Dotfiles: Version control for configurations
- Ansible: Configuration management
- Puppet: Infrastructure automation
- Chef: Configuration management
Productivity Enhancements
Window Management
- Rectangle (Mac): Window tiling
- PowerToys (Windows): System utilities
- i3 (Linux): Tiling window manager
System Monitoring
# System resource monitoring
htop # Process viewer
iotop # I/O monitoring
nethogs # Network usage per process
df -h # Disk usage
free -h # Memory usage
File Management
- fzf: Fuzzy file finder
- ripgrep: Fast text search
- bat: Better cat with syntax highlighting
- exa: Modern ls replacement
Cross-Platform Considerations
Path Handling
// Use path module for cross-platform compatibility
const path = require('path');
const filePath = path.join(__dirname, 'data', 'file.txt');
Environment Variables
# Cross-platform environment setup
# .env file
NODE_ENV=development
DATABASE_URL=postgresql://localhost:5432/myapp
API_KEY=your-secret-key
# Use dotenv in applications
require('dotenv').config();
Shell Scripts
#!/usr/bin/env bash
# Cross-platform shell script header
# Check operating system
if [[ "$OSTYPE" == "darwin"* ]]; then
# macOS
echo "Running on macOS"
elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
# Linux
echo "Running on Linux"
elif [[ "$OSTYPE" == "msys" ]] || [[ "$OSTYPE" == "cygwin" ]]; then
# Windows
echo "Running on Windows"
fi
This comprehensive setup provides a solid foundation for professional software development across any technology stack, ensuring consistency, quality, and productivity in your development workflow.