Code Quality Maintainability Implementation
1. ESLint Prettier Code Formatting
| Tool | Purpose & Features | Configuration | Best Practices |
|---|---|---|---|
| ESLint NEW | Static analysis, Code quality, Bug detection, Style enforcement, Plugin ecosystem | .eslintrc.json: extends, plugins, rules, parser. TypeScript: @typescript-eslint |
Use recommended configs. Add project-specific rules. Run in CI. Fix auto-fixable. 0 warnings |
| Prettier | Code formatter, Opinionated, Consistent style, Language-agnostic, IDE integration | .prettierrc: printWidth 80, semi true, singleQuote, trailingComma es5 |
Integrate with ESLint. Format on save. Pre-commit hook. No style debates. Team consistency |
| ESLint Plugins | React hooks rules, import order, a11y checks, security rules, performance hints | eslint-plugin-react, -react-hooks, -jsx-a11y, -import, -security, -sonarjs | react-hooks: exhaustive-deps. import: order, no-duplicates. jsx-a11y: recommended |
| ESLint + Prettier Integration | Resolve conflicts, Turn off style rules, Use eslint-config-prettier, Run both | Install eslint-config-prettier. Add to extends last. Prettier formats, ESLint lints | Prettier last in extends. Use editor.formatOnSave. Separate concerns: format vs lint |
| Custom Rules | Project conventions, Naming patterns, Architecture boundaries, Import restrictions | ESLint custom rules. no-restricted-imports. Naming conventions. Max complexity | Enforce folder structure. Prevent circular deps. Naming: camelCase vars, PascalCase components |
| Performance Optimization | Cache results, Parallel execution, Ignore files, Lint staged, Incremental linting | --cache flag. .eslintignore for build/. lint-staged for changed files only |
Cache in CI. Lint only staged files locally. Ignore dist/, node_modules/. 10x faster |
Example: ESLint + Prettier configuration
// .eslintrc.json
{
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/recommended",
"plugin:react/recommended",
"plugin:react-hooks/recommended",
"plugin:jsx-a11y/recommended",
"plugin:import/recommended",
"plugin:import/typescript",
"prettier" // Must be last to override style rules
],
"plugins": ["@typescript-eslint", "react", "react-hooks", "import"],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2023,
"sourceType": "module",
"ecmaFeatures": { "jsx": true },
"project": "./tsconfig.json"
},
"rules": {
// React
"react/react-in-jsx-scope": "off",
"react-hooks/exhaustive-deps": "error",
"react/prop-types": "off",
// TypeScript
"@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
"@typescript-eslint/explicit-function-return-type": "off",
"@typescript-eslint/no-explicit-any": "warn",
// Imports
"import/order": ["error", {
"groups": ["builtin", "external", "internal", "parent", "sibling", "index"],
"newlines-between": "always",
"alphabetize": { "order": "asc" }
}],
"import/no-duplicates": "error",
// Code quality
"no-console": ["warn", { "allow": ["warn", "error"] }],
"complexity": ["warn", 10],
"max-lines": ["warn", 300]
},
"settings": {
"react": { "version": "detect" },
"import/resolver": { "typescript": {} }
}
}
// .prettierrc
{
"semi": true,
"singleQuote": true,
"printWidth": 80,
"tabWidth": 2,
"trailingComma": "es5",
"arrowParens": "always",
"endOfLine": "lf"
}Example: Package.json scripts
// package.json
{
"scripts": {
"lint": "eslint . --ext .ts,.tsx,.js,.jsx --cache",
"lint:fix": "eslint . --ext .ts,.tsx,.js,.jsx --fix",
"format": "prettier --write \"**/*.{ts,tsx,js,jsx,json,css,md}\"",
"format:check": "prettier --check \"**/*.{ts,tsx,js,jsx,json,css,md}\"",
"type-check": "tsc --noEmit"
}
}2. Husky Pre-commit Git Hooks
| Tool | Purpose | Configuration | Use Cases |
|---|---|---|---|
| Husky | Git hooks management, Automate quality checks, Pre-commit/push hooks, Team consistency | npx husky install. Add hooks: npx husky add .husky/pre-commit |
Prevent bad commits. Run linters. Check types. Validate messages. Block force-push |
| lint-staged | Run linters on staged files only, Fast feedback, Incremental linting, Auto-fix | .lintstagedrc.json: Map file patterns to commands. eslint --fix, prettier --write |
Lint only changed files. Format on commit. 10x faster than full lint. Auto-fix issues |
| Pre-commit Hook | Lint staged files, Format code, Type check, Run unit tests, Validate imports | lint-staged, prettier, tsc --noEmit, jest --findRelatedTests. Exit 1 on failure | Quality gate before commit. Catch errors early. Consistent formatting. Fast (2-10s) |
| Commit Message Lint | Conventional commits, Enforce format, Changelog generation, Semantic versioning | @commitlint/config-conventional. Format: type(scope): subject. feat/fix/chore | Consistent history. Auto-changelog. Semantic release. CI/CD integration. Git log search |
| Pre-push Hook | Full tests, E2E tests, Build verification, Branch protection, Prevent WIP | npm test, npm run build, check branch name. Prevent push to main. Longer checks | Final validation. Run full test suite. Prevent broken builds. Check for TODO/FIXME |
| Hook Management | Install hooks, Share with team, CI compatibility, Skip hooks, Debug hooks | husky install in postinstall. Commit .husky/ to git. Skip: --no-verify. CI: skip hooks | Auto-install for new devs. Version control hooks. Emergency skip option. Debug with set -x |
Example: Complete Husky + lint-staged setup
// package.json
{
"scripts": {
"prepare": "husky install",
"lint-staged": "lint-staged"
},
"devDependencies": {
"husky": "^8.0.0",
"lint-staged": "^15.0.0",
"@commitlint/cli": "^18.0.0",
"@commitlint/config-conventional": "^18.0.0"
}
}
// .lintstagedrc.json
{
"*.{ts,tsx,js,jsx}": [
"eslint --fix",
"prettier --write",
"jest --bail --findRelatedTests --passWithNoTests"
],
"*.{json,css,md}": ["prettier --write"],
"*.{ts,tsx}": ["bash -c 'tsc --noEmit'"]
}
// .husky/pre-commit
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
echo "🔍 Running pre-commit checks..."
npx lint-staged
// .husky/commit-msg
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
npx --no -- commitlint --edit $1
// .husky/pre-push
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
echo "🧪 Running pre-push checks..."
# Check for console.log
if git diff origin/main --name-only | xargs grep -n "console.log"; then
echo "❌ Found console.log in code"
exit 1
fi
# Run full tests
npm test -- --coverage --watchAll=false
# commitlint.config.js
module.exports = {
extends: ['@commitlint/config-conventional'],
rules: {
'type-enum': [2, 'always', [
'feat', 'fix', 'docs', 'style', 'refactor',
'perf', 'test', 'chore', 'revert', 'ci'
]],
'subject-case': [2, 'always', 'sentence-case'],
'subject-max-length': [2, 'always', 72],
'body-max-line-length': [2, 'always', 100]
}
};3. SonarQube Code Analysis Quality Gates
| Feature | Description | Metrics & Thresholds | Implementation |
|---|---|---|---|
| Quality Gates | Pass/fail criteria, Code coverage, Code smells, Security hotspots, Duplication | Coverage ≥80%, Duplications <3%, Maintainability A, Security A, Reliability A | SonarCloud or self-hosted. Integrate with CI. Block merge if failed. Daily scans |
| Code Coverage | Line coverage, Branch coverage, Function coverage, Uncovered lines, Coverage trends | Target: 80% overall, 60% new code minimum. Track trends. Fail if coverage drops | Jest/Vitest lcov report. Upload to SonarQube. PR decoration. Coverage badge in README |
| Code Smells | Maintainability issues, Cognitive complexity, Duplicated code, Large functions/classes | Complexity <15, File <300 lines, Function <50 lines, Duplication <3%, Debt <5% | Auto-detect patterns. Refactor suggestions. Technical debt tracking. Time to fix estimates |
| Security Analysis | Vulnerabilities, Security hotspots, OWASP Top 10, Injection flaws, Sensitive data | Zero vulnerabilities (High/Critical). Review all hotspots. OWASP compliance. Secrets scan | Detect XSS, SQL injection, hardcoded secrets. Taint analysis. Dependency vulnerabilities |
| Technical Debt | Debt ratio, Debt time, Effort estimation, Issue prioritization, Remediation cost | Debt ratio <5%, Max 30min debt per 1h dev time. Track in sprints. Pay down weekly | Calculate from issues. SQALE rating. Prioritize by severity. Sprint debt budget |
| CI Integration | PR decoration, Quality gate status, Branch analysis, Comment on PRs, Block merge | Run on every PR. Comment results. Block if failed. Main branch daily. Release scan | GitHub Action/GitLab CI. sonar-scanner. Token auth. Webhook for PR comments |
Example: SonarQube CI integration
// .github/workflows/sonarqube.yml
name: SonarQube Analysis
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for better analysis
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Run tests with coverage
run: pnpm test -- --coverage --watchAll=false
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
- name: Quality Gate Check
uses: SonarSource/sonarqube-quality-gate-action@master
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
// sonar-project.properties
sonar.projectKey=my-frontend-app
sonar.organization=my-org
sonar.sources=src
sonar.tests=src
sonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts
sonar.javascript.lcov.reportPaths=coverage/lcov.info
sonar.coverage.exclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.stories.tsx
sonar.typescript.tsconfigPath=tsconfig.json
sonar.qualitygate.wait=true
# Quality Gate Thresholds
sonar.qualitygate.coverage=80
sonar.qualitygate.duplications=3
sonar.qualitygate.maintainability_rating=A
sonar.qualitygate.reliability_rating=A
sonar.qualitygate.security_rating=A4. TypeScript Strict Mode Type Safety
| Feature | Purpose | Configuration | Best Practices |
|---|---|---|---|
| Strict Mode | Maximum type safety, Catch errors, No implicit any, Null safety, Strict checks | "strict": true in tsconfig. Enables all strict flags. Gradual adoption |
Enable for new projects. Migrate incrementally. Use @ts-expect-error. Zero any goal |
| No Implicit Any | Explicit types, No inferred any, Function params, Object properties, Return types | "noImplicitAny": true. Forces explicit types. Catch untyped code |
Type all function params. Explicit return types. No any shortcuts. Use unknown instead |
| Strict Null Checks | Prevent null/undefined errors, Optional chaining, Nullish coalescing, Type guards | "strictNullChecks": true. null/undefined not assignable to types |
Use optional chaining ?. Nullish coalescing ??. Type guards: if (x) {}. Non-null assertion ! |
| Strict Function Types | Contravariance, Function param checking, Callback types, Event handlers | "strictFunctionTypes": true. Stricter function type compatibility |
Proper event handler types. Callback param types. Generic constraints. No bivariance |
| No Unused Locals/Params | Dead code detection, Cleanup unused vars, Prevent errors, Code cleanliness | "noUnusedLocals": true, "noUnusedParameters": true. Compile errors |
Prefix with _ for intentional unused. Remove dead code. Refactor parameter order |
| Advanced Type Safety | Type guards, Discriminated unions, Const assertions, Template literals, Branded types | Use as const, type predicates, exhaustive checks, strict equality. Utility types | Type guards for narrowing. Exhaustive switch. as const for immutability. Brand IDs |
Example: Strict TypeScript configuration
// tsconfig.json
{
"compilerOptions": {
// Strict Mode - Enable ALL
"strict": true,
"noImplicitAny": true,
"strictNullChecks": true,
"strictFunctionTypes": true,
"strictBindCallApply": true,
"strictPropertyInitialization": true,
"noImplicitThis": true,
"alwaysStrict": true,
// Additional Strictness
"noUnusedLocals": true,
"noUnusedParameters": true,
"noImplicitReturns": true,
"noFallthroughCasesInSwitch": true,
"noUncheckedIndexedAccess": true,
"allowUnusedLabels": false,
"allowUnreachableCode": false,
// Module Resolution
"moduleResolution": "bundler",
"esModuleInterop": true,
"resolveJsonModule": true,
"isolatedModules": true,
// Emit
"declaration": true,
"declarationMap": true,
"sourceMap": true,
"removeComments": true,
// Type Checking
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": ["src/**/*"],
"exclude": ["node_modules", "dist", "build"]
}Example: Advanced type safety patterns
// Type guards
function isError(value: unknown): value is Error {
return value instanceof Error;
}
// Discriminated unions
type Result<T> =
| { success: true; data: T }
| { success: false; error: string };
function handleResult(result: Result<User>) {
if (result.success) {
console.log(result.data.name); // Type-safe
} else {
console.error(result.error);
}
}
// Const assertions
const CONFIG = {
API_URL: 'https://api.example.com',
TIMEOUT: 5000
} as const;
// Type: { readonly API_URL: "https://api.example.com", readonly TIMEOUT: 5000 }
// Branded types for IDs
type UserId = string & { readonly __brand: 'UserId' };
type PostId = string & { readonly __brand: 'PostId' };
function getUser(id: UserId): User { /* ... */ }
// getUser('123' as UserId); // Explicit casting required
// Exhaustive checks
type Status = 'idle' | 'loading' | 'success' | 'error';
function handleStatus(status: Status) {
switch (status) {
case 'idle': return 'Idle';
case 'loading': return 'Loading';
case 'success': return 'Success';
case 'error': return 'Error';
default:
const exhaustive: never = status;
throw new Error(`Unhandled status: ${exhaustive}`);
}
}
// Utility types
type PartialUser = Partial<User>; // All optional
type RequiredUser = Required<User>; // All required
type ReadonlyUser = Readonly<User>; // Immutable
type UserKeys = keyof User; // Union of keys
type UserValues = User[keyof User]; // Union of values5. JSDoc Documentation Generation
| Aspect | Purpose | Syntax & Tags | Best Practices |
|---|---|---|---|
| JSDoc Comments | API documentation, Type hints, IDE tooltips, Auto-completion, Examples | /** Description @param {type} name @returns {type} */. Above declarations |
Document public APIs. Describe purpose, params, returns. Add examples. TypeScript types |
| Common Tags | @param, @returns, @throws, @example, @deprecated, @see, @since, @author | @param {string} name - Description. @returns {Promise<User>} The user. @example code | Type with TypeScript. Describe behavior. Show examples. Mark deprecated. Link related |
| TypeScript Integration | Type checking from JSDoc, Gradual typing, JS to TS migration, Tooling support | @type, @typedef, @template. TS reads JSDoc. checkJs: true in tsconfig | Use TS types in JSDoc. checkJs for validation. Migrate to TS incrementally. Type imports |
| Documentation Generation | TypeDoc, JSDoc, API docs, Markdown output, HTML site, CI automation | typedoc --out docs src/. Configure typedoc.json. Generate on deploy | Auto-generate docs. Deploy to GitHub Pages. Version docs. Include in CI. Search enabled |
| Component Documentation | React props, Component purpose, Usage examples, Storybook integration, Props table | Document props interface. @example with JSX. Storybook for visual. PropTypes/TS | Document all public components. Show usage. Link to Storybook. Accessibility notes |
| Maintenance | Keep docs updated, Review in PRs, Deprecation notices, Changelog, Version docs | Lint docs with eslint-plugin-jsdoc. Update with code. Archive old versions | Docs in PR checklist. Lint for completeness. Deprecate gracefully. Semantic versioning |
Example: Comprehensive JSDoc documentation
/**
* Fetches user data from the API with retry logic
*
* @param {string} userId - The unique user identifier
* @param {Object} options - Configuration options
* @param {number} [options.maxRetries=3] - Maximum retry attempts
* @param {number} [options.timeout=5000] - Request timeout in ms
* @returns {Promise<User>} The user object
* @throws {NetworkError} When network request fails after retries
* @throws {ValidationError} When userId is invalid
*
* @example
* // Fetch user with default options
* const user = await fetchUser('123');
*
* @example
* // Fetch with custom options
* const user = await fetchUser('123', {
* maxRetries: 5,
* timeout: 10000
* });
*
* @see {@link https://api.example.com/docs API Documentation}
* @since 2.0.0
*/
async function fetchUser(
userId: string,
options: FetchOptions = {}
): Promise<User> {
// Implementation
}
/**
* User profile component with avatar and bio
*
* @component
* @param {Object} props - Component props
* @param {User} props.user - User object to display
* @param {boolean} [props.showBio=true] - Whether to show user bio
* @param {Function} [props.onEdit] - Callback when edit button clicked
* @returns {JSX.Element} Rendered component
*
* @example
* <UserProfile
* user={currentUser}
* showBio={false}
* onEdit={handleEdit}
* />
*/
export function UserProfile({ user, showBio = true, onEdit }: Props) {
// Component implementation
}
/**
* Custom hook for managing form state with validation
*
* @template T - Form values type
* @param {T} initialValues - Initial form values
* @param {ValidationSchema<T>} schema - Validation schema
* @returns {FormState<T>} Form state and handlers
*
* @example
* const { values, errors, handleChange, handleSubmit } = useForm({
* email: '',
* password: ''
* }, loginSchema);
*/
function useForm<T>(
initialValues: T,
schema: ValidationSchema<T>
): FormState<T> {
// Hook implementation
}Example: TypeDoc configuration
// typedoc.json
{
"entryPoints": ["src/index.ts"],
"out": "docs",
"name": "My Frontend Library",
"includeVersion": true,
"excludePrivate": true,
"excludeProtected": false,
"excludeExternals": true,
"readme": "README.md",
"plugin": ["typedoc-plugin-markdown"],
"theme": "default",
"categorizeByGroup": true,
"defaultCategory": "Other",
"categoryOrder": [
"Components",
"Hooks",
"Utilities",
"Types",
"*"
]
}
// package.json
{
"scripts": {
"docs": "typedoc",
"docs:serve": "typedoc --watch --serve"
}
}
// .github/workflows/docs.yml
name: Generate Docs
on:
push:
branches: [main]
jobs:
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm install
- run: npm run docs
- name: Deploy to GitHub Pages
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs6. Dependency Management Renovate Dependabot
| Tool | Features | Configuration | Best Practices |
|---|---|---|---|
| Renovate Bot NEW | Auto PRs, Grouped updates, Custom schedules, Automerge, Vulnerability alerts | renovate.json: automerge, schedule, grouping, semantic commits. 100% customizable | Group minor/patch. Automerge patch. Weekly schedule. Pin versions. Test before merge |
| Dependabot | GitHub native, Security alerts, Version updates, Auto PRs, Compatibility score | .github/dependabot.yml: package-ecosystem, schedule, reviewers, labels, groups | Enable security updates. Daily security, weekly deps. Group by type. Auto-assign reviewers |
| Update Strategies | Major/minor/patch, Lockfile-only, Ranged versions, Pinned versions, Monorepo support | Patch: automerge. Minor: review. Major: manual. Pin in prod. Range in lib | Pin exact versions apps. Use ^ in libraries. Lock file committed. Test all updates |
| Vulnerability Scanning | npm audit, Snyk, OWASP dependency-check, CVE alerts, Severity scoring, Auto-fix | npm audit fix, Snyk test, dependabot security updates. Weekly scans. Block high CVEs | Fix critical immediately. Weekly audit. Use Snyk in CI. Monitor transitive deps. Quarantine |
| Monorepo Management | Workspace updates, Hoisting, Dedupe, Peer deps, Version sync, Selective updates | pnpm/yarn workspaces. Renovate/Dependabot workspace support. Group workspace deps | Sync versions across workspace. Dedupe regularly. Hoist common deps. Test full workspace |
| Automation & CI | Auto-approve, Auto-merge, CI passing, Semantic commits, Changelog, Release notes | Merge if CI passes + patch. Group PRs by type. Test coverage. Semantic commits | Automerge patch only. Review minor. Manual major. Check changelogs. Test compatibility |
Example: Renovate configuration
// renovate.json
{
"extends": ["config:base"],
"schedule": ["after 10pm on sunday"],
"timezone": "America/New_York",
"labels": ["dependencies"],
"assignees": ["@team-lead"],
"semanticCommits": "enabled",
"rangeStrategy": "bump",
"packageRules": [
{
"matchUpdateTypes": ["patch", "pin", "digest"],
"automerge": true,
"automergeType": "branch"
},
{
"matchUpdateTypes": ["minor"],
"groupName": "minor dependencies",
"automerge": false
},
{
"matchUpdateTypes": ["major"],
"groupName": "major dependencies",
"labels": ["breaking-change"],
"automerge": false
},
{
"matchPackagePatterns": ["^@types/"],
"groupName": "type definitions",
"automerge": true
},
{
"matchPackagePatterns": ["^eslint", "^prettier"],
"groupName": "linting tools",
"schedule": ["before 3am on Monday"]
},
{
"matchDepTypes": ["devDependencies"],
"extends": ["schedule:weekly"]
}
],
"vulnerabilityAlerts": {
"enabled": true,
"labels": ["security"],
"assignees": ["@security-team"]
}
}Example: Dependabot configuration
# .github/dependabot.yml
version: 2
updates:
# npm dependencies
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "sunday"
time: "03:00"
open-pull-requests-limit: 10
reviewers:
- "team-lead"
assignees:
- "developer"
labels:
- "dependencies"
- "automated"
commit-message:
prefix: "chore"
prefix-development: "chore"
include: "scope"
# Group updates
groups:
react:
patterns:
- "react*"
- "@types/react*"
testing:
patterns:
- "jest"
- "@testing-library/*"
- "vitest"
build-tools:
patterns:
- "vite"
- "webpack"
- "babel"
# Ignore specific packages
ignore:
- dependency-name: "legacy-package"
update-types: ["version-update:semver-major"]
# GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
labels:
- "ci"
- "dependencies"
# Docker
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
Dependency Management Best Practices:
- Security First: Enable automated security updates. Fix critical CVEs within 24h. Weekly npm audit
- Version Strategy: Pin exact versions in apps. Use ^ ranges in libraries. Commit lock files
- Update Schedule: Patch: immediate/automerge. Minor: weekly review. Major: manual testing
- Testing: Run full test suite before merge. Check breaking changes. Test in staging
- Monitoring: Track update success rate. Monitor bundle size. Check performance impact
Code Quality & Maintainability Summary
- ESLint + Prettier: Enforce code style. 300+ rules. Auto-fix on save. Run in CI. 0 warnings policy
- Git Hooks: Husky + lint-staged. Lint on commit (2-5s). Format automatically. Conventional commits
- Code Analysis: SonarQube quality gates. 80% coverage. Zero critical issues. Technical debt <5%
- TypeScript Strict: Enable all strict flags. No implicit any. Null safety. Type guards. 100% type coverage
- Documentation: JSDoc for all public APIs. TypeDoc generation. Examples. Deploy to GitHub Pages
- Dependencies: Renovate/Dependabot automation. Weekly updates. Automerge patch. Security alerts
Quality Standards: Maintain 80%+ test coverage, zero ESLint errors, SonarQube Quality Gate passing,
TypeScript strict mode, all public APIs
documented, and dependencies updated weekly. Quality is non-negotiable
for production code.