Merged
Conversation
On docker use development mode. Add dev script that hot reload the code, make development process more rapid.
Add a simpler tests framework. In future, it will require more tests.
Add a new configuration to enable / disable query suggestion API.
Improve docker setup for better development and production workflows.
The preprod is more stable for development than using the closed dev environment. For specific development process we can change it back to use the dev environment.
Skip test code to be analysis for code quality.
In API clients reduce code duplication
Fix some SonarQube code quality issues.
Ensure correct ownership when copying production dependencies.
Add --build flag to production detached mode command in README
Update sonar-project.properties to clarify test file patterns.
Implement comprehensive security improvements for Docker production environment: **Dockerfile Security:** - Add read-only permissions for application source files (chmod 444/555) - Restrict file ownership to non-root user (node:node) - Separate writable directories (logs, uploads) with explicit permissions - Fix node_modules ownership to prevent EACCES errors in production **docker-compose.prod.yml Hardening:** - Enable read-only root filesystem to prevent runtime tampering - Add no-new-privileges flag to block privilege escalation - Configure tmpfs mounts with noexec/nosuid for /tmp, npm cache, logs, and uploads - Drop all Linux capabilities and only add NET_BIND_SERVICE - Comprehensive inline documentation for security settings **package.json:** - Remove prestart script that conflicts with read-only filesystem - Dependencies are pre-installed during Docker build, making runtime npm install unnecessary These changes follow Docker security best practices and defense-in-depth principles, significantly reducing the attack surface while maintaining full functionality. Container filesystem is now immutable except for designated writable tmpfs mounts.
Refactor this code to not nest functions more than 4 levels deep.
Make sure no write permissions are assigned to the copied resource.
For application files and directories enforce read-only permissions.
This was referenced Dec 10, 2025
…ration - Add automatic retry mechanism for transient network failures (EAI_AGAIN, ECONNRESET, ENOTFOUND, ETIMEDOUT) - Implement exponential backoff for retries (500ms, 1000ms delays) - Configure up to 2 retry attempts in production, disabled in test environment - Add explicit timeout configuration (30s) and Connection: close header to prevent keep-alive issues - Add Google DNS servers (8.8.8.8, 8.8.4.4) to Docker Compose for reliable DNS resolution - Consolidate all timeout and retry settings into this.options for consistency - Improve error logging with retry attempt counters and warnings Fixes socket hang up and DNS resolution errors that prevented the application from displaying data.
- Update config from 3.3.6 to 3.3.12 - Fixes TypeError: Utils.isRegExp is not a function - Resolves compatibility issue with Node.js v25.2.1
- Add sonar.security.hotspots.exclusions configuration - Prevents false positive security warnings on mock URLs in tests - Test files already excluded from main analysis via sonar.exclusions
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update package-lock.json with project name.
feat: improve development process
On docker use development mode.
Add dev script that hot reload the code, make development process more rapid.