#best-practices

Secure your applications against common vulnerabilities. OWASP Top 10: 1. Injection (SQL, NoSQL, OS commands - use parameterized queries). 2. Broken Authentication (implement MFA, secure password storage with bcrypt). 3. Sensitive Data Exposure (encrypt data at rest and in transit, HTTPS). 4. XML External Entities (disable XXE in parsers). 5. Broken Access Control (enforce authorization checks). 6. Security Misconfiguration (disable debug mode, update dependencies). 7. XSS (sanitize user input, use CSP headers). 8. Insecure Deserialization (validate serialized data). 9. Using Components with Known Vulnerabilities (dependency scanning). 10. Insufficient Logging (log security events). Use security headers, rate limiting.

Create a production-quality Jupyter notebook template. Structure: 1. Markdown header with title, author, date, and objective. 2. Table of contents with anchor links. 3. Environment setup cell (imports, configs, random seed). 4. Exploratory Data Analysis section with visualizations. 5. Modeling section with clear train/test split. 6. Results summary with key metrics and business recommendations. Use consistent styling, hide warnings, and include inline documentation.

Write maintainable code using SOLID principles. Principles: 1. Single Responsibility (class has one reason to change). 2. Open/Closed (open for extension, closed for modification). 3. Liskov Substitution (subclasses should be substitutable for base classes). 4. Interface Segregation (many specific interfaces > one general). 5. Dependency Inversion (depend on abstractions, not concretions). Additional: DRY (Don't Repeat Yourself), KISS (Keep It Simple), YAGNI (You Aren't Gonna Need It). Use meaningful names. Functions should be small (<20 lines). Comments explain why, not what. Refactor regularly. Code is read 10x more than written.

Conduct thorough code reviews with this checklist. Areas to review: 1. Functionality (does it work as intended? edge cases handled?). 2. Code quality (readable, maintainable, follows style guide). 3. Tests (adequate coverage, meaningful assertions). 4. Performance (no obvious bottlenecks, efficient algorithms). 5. Security (input validation, no SQL injection, XSS prevention). 6. Documentation (comments for complex logic, README updates). 7. Error handling (graceful failures, logging). 8. Dependencies (necessary, up-to-date, no vulnerabilities). Use constructive feedback. Suggest improvements, don't just criticize. Automate with linters. Aim for 200-400 LOC per review. Balance thoroughness with speed.

Write effective code documentation. Levels: 1. Code comments (explain why, not what - complex logic only). 2. Function/method docs (parameters, return values, exceptions - JSDoc, docstrings). 3. README (setup, usage, examples). 4. API documentation (OpenAPI/Swagger for REST). 5. Architecture docs (system design, diagrams). 6. Changelog (version history). Best practices: Keep docs close to code. Update with code changes. Use examples. Avoid obvious comments. Document assumptions and edge cases. Use diagrams (C4 model, UML). Tools: Sphinx, Doxygen, MkDocs. Good code is self-documenting, but docs add context.

Act as a senior software engineer. Take the following code snippet and refactor it for better readability, performance, and maintainability. Explain the changes you made and why.

Act as a peer reviewer for my code. I will provide a pull request link or a code snippet. Please review it for potential bugs, style inconsistencies, performance issues, and security vulnerabilities. Provide constructive feedback and suggest specific improvements.

Explain the "Singleton" design pattern. What problem does it solve? Provide a code example of how to implement it in Java or Python. Discuss its pros and cons, and when it is appropriate to use.

Take the following C-style for-loop in Python and rewrite it in a more "Pythonic" way. Explain why the Pythonic version is preferred. Original code: `for i in range(len(my_list)): print(my_list[i])`

Explain the "Single Responsibility Principle" (SRP) from the SOLID principles of object-oriented design. Provide a simple "before" code example in C# or Java that violates SRP, and then show an "after" example that refactors the code to adhere to the principle.

What is the best practice for managing environment variables (e.g., API keys, database passwords) in a Node.js project? Explain the use of `.env` files and the `dotenv` package. Provide an example of how to load and access variables from a `.env` file.