summary.md

Summary

🤖 Development environment

• Do not rely on OS system calls or core utilities without using an abstraction layer.
• Test each OS with virtual machines and continuous integration.
• Instead of nvm, use nvm-windows and npm-windows-upgrade on Windows.
• nve and nvexeca can be used to run a single command with one or several different Node.js versions.
• Run npm install -g windows-build-tools on Windows when installing C/C++ addons.

📝 File encoding

• Keep the default encoding as UTF-8. File/terminal input should either be validated or converted to it (node-chardet).
• Use editorconfig.
• Use any characters from cross-platform-terminal-characters
• Avoid printing Unicode characters (including emoji) except through projects like figures and log-symbols.
• Use os.EOL when reading from or writing to a file, \n otherwise.
• End files with a newline.
• Avoid the substitute character (CTRL-Z) in non-binary files.

📂 Filesystem

• Use path.normalize() when writing a file path to a terminal or file. Otherwise use Unix paths (slashes).
• Use url.fileURLToPath() with import.meta.url. Alternatively, use import.meta.filename and import.meta.dirname.
• Only use lowercase a-z, 0-9 and -._,=() in filenames.
• Avoid paths longer than 260 characters.
• Copy files instead of symlinking them.
• Use chokidar to watch files.
• Avoid --watch-path
• Avoid the O_NOATIME and UV_FS_O_FILEMAP flags of fs.open()
• Avoid blksize, blocks, mode, uid, gid, atime, atimeMs, ctime, ctimeMs, birthtime and birthtimeMs returned by fs.stat().
• Use global-cache-dir to retrieve the global cache directory.
• Use env-paths for other common directories.

💻 Terminal

• Fire shell commands with execa.
• Keep shell commands to simple command arguments... calls.
• Use npx or execa to fire local binaries.
• Outside Node.js (e.g. in npm scripts), environment variables should be referenced and passed using cross-env.
• Avoid redirecting to a file descriptor with the stdio option of child_process methods.

🔒 Security

• Avoid fs.chmod(), fs.access() (except F_OK), fs.open()'s mode, fs.mkdir()'s options.mode and process.umask().
• Avoid os.userInfo().uid|gid, child_process's uid and gid, fs.chown() and the process methods getuid(), geteuid(), getgid(), getegid(), setuid(), seteuid(), setgid(), setegid(), getgroups(), setgroups() and initgroups().
• Avoid --secure-heap

📡 Networking / IPC

• Use error.code instead of error.errno.
• Use fkill to terminate processes.
• Only use process.kill() with the following signals: SIGINT, SIGTERM, SIGKILL, SIGQUIT and 0.
• Only use process.on(signal) with the following signals: SIGINT, SIGHUP and SIGWINCH.
• Use ps-list, pid-from-port and process-exists to find and check for processes.
• Sockets / named pipes must be prefixed with \\.\pipe\ on Windows.
• TCP servers should not listen() on a file descriptor.
• Do not use --diagnostic-report-on-signal

🎛️ System

• Use os Node.js core module and navigator when needed. If it lacks some information, use systeminformation instead.
• When using OS-specific logic, identify the current OS with process.platform.
• Do not assume process.hrtime() is nanoseconds-precise.
• Avoid os.cpus()'s times.nice, os.loadavg() and process.resourceUsage()'s voluntaryContextSwitches and involuntaryContextSwitches.

---

Next (🤖 Development environment)
Top