Skip to main content

Node.js Best Practices - Production Ready Code

Guides developers in writing production-ready Node.js code by following industry best practices for project structure, error handling, and performance.

Install this skill

or
47/100

Security score

The Node.js Best Practices - Production Ready Code skill was audited on Feb 16, 2026 and we found 25 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 93

Template literal with variable interpolation in command context

SourceSKILL.md
93console.error(`Missing required environment variables: ${missingEnvVars.join(', ')}`);
medium line 148

Template literal with variable interpolation in command context

SourceSKILL.md
148return `${timestamp} [${level}]: ${message} ${
medium line 224

Template literal with variable interpolation in command context

SourceSKILL.md
224this.status = `${statusCode}`.startsWith('4') ? 'fail' : 'error';
medium line 289

Template literal with variable interpolation in command context

SourceSKILL.md
289error = new AppError(`Duplicate field value: ${field}`, 400);
medium line 295

Template literal with variable interpolation in command context

SourceSKILL.md
295error = new AppError(`Invalid input data: ${errors.join('. ')}`, 400);
medium line 527

Template literal with variable interpolation in command context

SourceSKILL.md
527logger.info(`Server running on port ${PORT}`);
low line 45

Access to .env file

SourceSKILL.md
45├── .env # Variables de entorno (gitignored)
low line 46

Access to .env file

SourceSKILL.md
46├── .env.example # Template de .env
low line 63

Access to .env file

SourceSKILL.md
63env: process.env.NODE_ENV || 'development',
low line 64

Access to .env file

SourceSKILL.md
64port: parseInt(process.env.PORT, 10) || 3000,
low line 67

Access to .env file

SourceSKILL.md
67uri: process.env.MONGO_URI,
low line 75

Access to .env file

SourceSKILL.md
75secret: process.env.JWT_SECRET,
low line 76

Access to .env file

SourceSKILL.md
76expiresIn: process.env.JWT_EXPIRE || '7d',
low line 80

Access to .env file

SourceSKILL.md
80origin: process.env.CORS_ORIGIN || 'http://localhost:3000',
low line 84

Access to .env file

SourceSKILL.md
84level: process.env.LOG_LEVEL || 'info',
low line 90

Access to .env file

SourceSKILL.md
90const missingEnvVars = requiredEnvVars.filter(envVar => !process.env[envVar]);
medium line 100

Access to .env file

SourceSKILL.md
100**.env.example:**
low line 156

Access to .env file

SourceSKILL.md
156level: process.env.LOG_LEVEL || 'info',
low line 177

Access to .env file

SourceSKILL.md
177if (process.env.NODE_ENV !== 'production') {
low line 275

Access to .env file

SourceSKILL.md
275if (process.env.NODE_ENV === 'development') {
low line 428

Access to .env file

SourceSKILL.md
428await mongoose.connect(process.env.MONGO_URI, options);
low line 444

Access to .env file

SourceSKILL.md
444host: process.env.REDIS_HOST,
low line 445

Access to .env file

SourceSKILL.md
445port: process.env.REDIS_PORT,
low line 80

External URL reference

SourceSKILL.md
80origin: process.env.CORS_ORIGIN || 'http://localhost:3000',
low line 114

External URL reference

SourceSKILL.md
114CORS_ORIGIN=http://localhost:3000
Scanned on Feb 16, 2026
View Security Dashboard

Install this skill with one command

/learn @rodrigobermejo/nodejs-best-practices
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawbackendbackend-developerdevops-sreproduct-managerdevelopmentproduct
rodrigoBermejo/skills-system