Essential packages to use with NodeJs

In this article, I’m going to quickly give you some packages or dependencies that I use with all the projects that I work with. As you know in a node project, there are dev dependencies and project dependencies.

First of all, what is a dev dependency?

DevDependencies are dependencies that are used only in the development of the app. Which means they are tools which helps the development of the app but in the deployment state these devDependencies will not be needed. To install a devDependancy -dev flag should be included to the regular npm install schematic. Which means,

npm install "Package-name" --save-dev

This will tell npm to download and add the dependency in the devDependency section in the package.json. And when we are going to deploy the app we can just remove these dependencies.

Enough about devDependencies, let's get back to the topic. The dependencies that I recommend are,

1. cors
2. jsonwebtoken
3. bcryptjs
4. hapi/joi
5. husky
6. mocha

There are many others but I think these are quite useful for every nodeJs project.

Project Dependencies

1. CORS

First of all, what is CORS?

CORS stands for Cross-Origin Resource Sharing. As you can understand by the definition it allows requests from a different server other than the server which is used to host the node app. Let me give you an example, let’s say I have an app with the backend created with node and hosted on server-1 and a react front end running on server-2. The react app connects with the backend with rest API. So when the requests reach to node app it is a request from a different origin “server-2”, and by default request from a different origin is blocked or by default, cors is blocked. Therefore by using the package cors this can be solved. You can solve this without this package too but using it is seamless and effective. Checkout the cors documentations.

to install cors,

npm install cors --save

2. jsonwebtoken

This is a great tool which can be used in the authentication and autherization process of your app. To elaborate the let's consider an example. Let’s say in our app there is a login and when a user gets logged in to the system we can send JWT (jsonwebtoken) with his username and the email to the front end. And in the frontend, this token can be stored in the local storage for future use.

The downside of using JWT, if you get the token from the local storage of the browser and enter it in the JWT debugger the data inside the token will be visible. Therefore remember to never to include sensitive data inside JWT token.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVkZGY3MTYwODkxYTRjMzViOGRmOGYzNSIsInVzZXJuYW1lIjoiYWRtaW5AZ21haWwuY29tIiwicm9sZSI6IkFkbWluIiwiZXhwIjoxNTg4MjQ1MTQzLCJpYXQiOjE1ODMwNjQ3NDN9.zV1i8rDXL1zQruDxVZwCoZ-k6ybYfvXFagaS2OHDXkM

The above is an example of a jsonwebtoken you can use the JWT debugger to see the data that is encoded inside it. To install jsonwebtoken,

npm install jsonwebtoken --save

3. bcryptjs

Anybody knows that storing password as texts is an extremely bad and dangerous practice. Therefore when storing a password always they have to be encrypted in some way. That’s where the bcryptjs comes in. Bcrypt can encrypt the passwords before storing them inside the system. The cool thing with bcryptjs is the passwords that are encrypted with bcryptjs can never be decrypted to the actual texts due to this any data breach will not have that much effect on the system.

To get started with bcryptjs check out this post. If you want to learn more about bcryptjs checkout npm documentation.

4. hapi/joi

According to npm page description, hapi/joi is “The most powerful schema description language and data validator for JavaScript”.

With this package, you can create blueprints of any object. This is particularly useful in the backend because when we create a request to the node app we can create blueprints of the object structure which should be the backend to be functional and if the required data structure is not present it will throw an error.

npm install @hapi/joi --save

5. husky

This is the first devDependancy that I include in this list. Husky is not particularly a necessary package for node but it is a useful package nonetheless. Husky will allow git pre-commit and pre-push hooks much easier. To use husky, we just have to add it as a script in package.json. One of my older posts explains adding tslint pre-commit hooks for angular, and you can check it out here. Add -dev flag to add husky as a devDependancy.

npm install husky --save-dev

6. Mocha

Mocha is another devDependancy and I must admit Mocha is also not required for a node js app. But anybody who does CI/CD knows mocha well. This is a unit testing package which lets you isolate each code unit and test it. Checkout Mocha documentation here.

npm install mocha --save-dev