Node.js & Express.js: 5 Common Bad Practices and Their Optimized Solutions

Sandeep Singh (Full Stack Dev.)
6 min readJul 26, 2023

--

Discover the 5 most common bad practices in Node.js and Express.js, and master their optimized solutions for top-notch web development performance

When it comes to developing applications in Express and Node.js, following best practices is crucial to ensure robustness, maintainability, and security.

In this article, we’ll explore five common bad practices that developers often encounter and delve into optimized best practices with code examples to rectify them.

By the end of this article, you’ll have a clear understanding of how to avoid these pitfalls and adopt the best optimal practices.

Bad Practice 1: Nested Callbacks

In the early days of Node.js, developers used nested callbacks to handle asynchronous operations with MongoDB and Mongoose. While this approach works, it can quickly lead to callback hell, making code difficult to read and maintain.

app.get('/users', (req, res) => {
User.find({}, (err, users) => {
if (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
UserDetails.find({ userId: users[0]._id }, (err, userDetails) => {
if (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
return res.status(200).json({ users, userDetails });
});
});
});

This code snippet demonstrates nested callbacks for querying users and their details from a MongoDB database using Mongoose. As you can see, managing multiple nested callbacks can become cumbersome.

Instead of using nested callbacks, we can utilize Promises and async/await with Mongoose to enhance code readability and manage asynchronous operations gracefully.

Best Practice 1: Using Promises and Async/Await with Mongoose

Promises provide a cleaner way to handle asynchronous operations with Mongoose and make code more readable. Here’s the same example using Promises and async/await:

app.get('/users', async (req, res) => {
try {
const users = await User.find({});
const userDetails = await UserDetails.find({ userId: users[0]._id });
return res.status(200).json({ users, userDetails });
} catch (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
});

Using async/await with Promises in conjunction with Mongoose significantly improves code readability by eliminating the nested structure. It enhances code maintainability and makes error handling more straightforward.

Bad Practice 2: Lack of Error Handling

Failing to handle errors properly can lead to unexpected crashes and potential security vulnerabilities. Many developers overlook error handling, which can cause their applications to behave unpredictably when using MongoDB and Mongoose.

app.get('/user/:id', (req, res) => {
User.findById(req.params.id, (err, user) => {
if (err) {
console.log(err);
// What if an error occurs here? It will be unhandled!
}
return res.status(200).json(user);
});
});

In the above example, if an error occurs during the database query with Mongoose, it will not be handled, potentially leading to unintended behavior or crashes. To address this issue, it’s essential to implement proper error handling.

Best Practice 2: Implementing Error Handling

A recommended approach for handling errors with Mongoose is using try-catch blocks:

app.get('/user/:id', async (req, res) => {
try {
const user = await User.findById(req.params.id);
if (!user) {
return res.status(404).json({ message: 'User not found' });
}
return res.status(200).json(user);
} catch (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
});

By using try-catch blocks, we can capture any errors that occur during the execution of Mongoose queries. Additionally, you can customize the error response based on specific error types to provide informative feedback to the client.

Bad Practice 3: Not Using Middleware

Middleware plays a vital role in Express applications with MongoDB and Mongoose by allowing developers to intercept and modify incoming requests. Neglecting to use middleware can lead to bloated routes and repetitive code.

app.get('/users', (req, res) => {
// Some logic here...
// Lack of middleware makes it challenging to modularize the code and handle common functionality.
// More code would be repeated in different routes, leading to maintenance issues.
});

In the above example, without using middleware, the code becomes less organized and harder to maintain. Adopting middleware can address these concerns.

Best Practice 3: Leveraging Middleware

Middleware allows developers to handle repetitive tasks in a centralized way, improving code modularity and maintainability. Here’s an example of using middleware for authentication with MongoDB and Mongoose:

// Custom middleware for authentication
const authenticateUser = async (req, res, next) => {
try {
const user = await User.findById(req.userId);
if (!user) {
return res.status(401).send('Unauthorized');
}
req.user = user;
return next();
} catch (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
};

app.get('/users', authenticateUser, (req, res) => {
// Now, this route handler can assume the user is authenticated.
// The authentication logic has been abstracted into the middleware.
// Other routes can also reuse the 'authenticateUser' middleware.
return res.status(200).json({ user: req.user });
});

By leveraging middleware, we keep our routes clean and focused on their specific tasks. Middleware enhances code reusability, simplifies debugging, and makes applications more manageable, especially when working with MongoDB and Mongoose.

Bad Practice 4: Not Managing Environment Variables

In Node.js applications with MongoDB and Mongoose, sensitive information, such as database credentials and API keys, should not be hardcoded in the codebase. Unfortunately, some developers overlook the importance of managing environment variables securely.

const databasePassword = 'mysecretpassword';
const apiKey = 'myapikey';
// Other sensitive information...
// Using sensitive information directly in the code is not secure.
// This information may end up in version control systems, posing security risks.

Storing sensitive information directly in the code exposes it to potential security breaches and makes it challenging to manage configurations across different environments.

Best Practice 4: Securing Environment Variables

To manage environment-specific configurations and sensitive data securely with MongoDB and Mongoose, developers should use the dotenv package, as mentioned before.

Bad Practice 5: Inefficient Database Queries

Inefficient database queries with MongoDB and Mongoose can lead to slow response times and negatively impact application performance. Often, developers might not optimize their queries, leading to suboptimal performance.

app.get('/products', (req, res) => {
Product.find({}, (err, products) => {
if (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
return res.status(200).json(products);
});
});

In this example, the query retrieves all products from the MongoDB database using Mongoose, which may be fine for small datasets. However, as the dataset grows, this query could become slow and resource-intensive.

Best Practice 5: Optimizing Database Queries

To improve the performance of database queries with MongoDB and Mongoose, developers should focus on query optimization. One common approach is to use the select method to retrieve only the required fields:

app.get('/products', async (req, res) => {
try {
const products = await Product.find({}).select('name price');
return res.status(200).json(products);
} catch (err) {
console.log(err);
return res.status(500).send('Error occurred');
}
});

By selecting only the necessary fields from the products collection, we reduce the amount of data transferred between the database and the application, resulting in better performance.

Conclusion

In this article, we explored five common bad practices in Express and Node.js development with MongoDB and Mongoose. We also learned about their potential drawbacks and delved into optimized best practices with code examples to rectify these issues.

By following these best practices, developers can ensure their applications with MongoDB and Mongoose are more efficient, maintainable, and secure. Prioritize code readability, handle errors gracefully, and adopt middleware for better modularity. Additionally, use dotenv to manage sensitive data securely and optimize database queries to enhance application performance.

Following these best practices will not only make your codebase more professional but also contribute to the overall success of your Express and Node.js projects with MongoDB and Mongoose.

FAQs

Q: Is it essential to use dotenv for managing environment variables in MongoDB and Mongoose applications?

A: Yes, using dotenv is crucial for securely managing environment variables and avoiding the exposure of sensitive data, especially when working with MongoDB and Mongoose.

Q: How can I avoid nested callbacks when working with MongoDB and Mongoose?

A: You can use Promises and async/await with Mongoose to avoid nested callbacks and make your code more readable and maintainable.

Q: Why is middleware important in Express applications with MongoDB and Mongoose?

A: Middleware helps centralize common functionality, enhances code reusability, and simplifies the debugging process, especially when interacting with MongoDB and Mongoose.

Q: Can you explain how to optimize database queries further with MongoDB and Mongoose?

A: Apart from using the select method to retrieve only required fields, you can also use indexing and aggregation pipelines to optimize complex queries further.

Q: Should I handle errors in every route when working with MongoDB and Mongoose?

A: Yes, it’s a best practice to handle errors in every route to ensure that your application remains stable and provides a smooth user experience, especially when interacting with MongoDB and Mongoose.

--

--

Sandeep Singh (Full Stack Dev.)
Sandeep Singh (Full Stack Dev.)

Written by Sandeep Singh (Full Stack Dev.)

Fullstack Developer | MERN & Flutter | Passionate about Open Source | Engaged in Contributing & Collaborating for a Better Tech Community. 🚀