Best Practices
Follow industry best practices that are built into every Bend project.
Code Quality
TypeScript First
Bend encourages TypeScript for type safety and better developer experience. Catch errors at compile time, not runtime.
Async/Await Pattern
Use modern async/await syntax instead of callbacks or raw promises for cleaner, more readable asynchronous code.
Error Handling
Centralized error handling with custom error classes. All errors are caught, logged, and returned with appropriate status codes.
Security Practices
Environment Variables
Never commit secrets. Use .env files for sensitive data and keep them out of version control with .gitignore.
Input Validation
Always validate and sanitize user input. Bend includes validation middleware to protect against injection attacks.
Rate Limiting
Protect your API from abuse with built-in rate limiting. Configurable per-route or globally.
Security Headers
Helmet middleware sets secure HTTP headers automatically, protecting against common vulnerabilities like XSS and clickjacking.
Performance Optimization
Response Compression
Automatic gzip compression reduces response size and improves load times for your API consumers.
Database Indexing
Properly index your database queries. Bend's ORM configurations include common indexes out of the box.
Graceful Shutdown
Handle SIGTERM and SIGINT signals properly to close database connections and finish pending requests before shutdown.
Development Workflow
- Use
npm run devfor hot reloading during development - Write tests for critical business logic and API endpoints
- Use environment-specific configs for dev, staging, and production
- Monitor logs and set up alerts for production errors
- Keep dependencies updated and audit for security vulnerabilities