Craft By Zen

4 min read

#learning   #audit   #checklist

Web App Audit Checklist

This checklist is a starting point for web app audits. It’s a living document, and will be updated as we learn more.

App Level

Accessibility (A11y)

Audit Performance and Scalability

i18n Support

Testing Level

Package Level

How to upgrade npm packages

Run yarn outdated. You will get a table of outdated packages. It will look like the following:

Package           Current Wanted Latest Package Type    URL
babel-jest        24.9.0  24.9.0 25.1.0 devDependencies https://github.com/facebook/jest#readme
normalizr         3.4.1   3.4.1  3.5.0  dependencies    https://github.com/paularmstrong/normalizr
react-dates       21.5.0  21.5.1 21.5.1 dependencies    https://github.com/airbnb/react-dates

npm uses semantic versioning, with a few exceptions.

The first number is the MAJOR version. The next is the MINOR version. Last digit is the PATCH version.

Patch Update

In our example table above, react-dates has a patch version update. 21.5.0 -> 21.5.1 The last digit changed from 0 to 1. That means the version is backwards compatible. Usually this means the package has bug fixes.

You can safely update the package.json with this package without doing any checks.

Minor Update

In our example table above, normalizr has a minor version update. 3.4.1 -> 3.5.0 The second digit changed from 4 to 5. That means the version should be backwards compatible. Usually this means the package has features added.

You can sometimes safely update the package.json with this package. Use your intuition if you need to check the pacakage in the app. For example, if the package type is a dev dependency, most likely you don’t have to make changes. The example package normalizr would fall under this case, and you can safely upgrade.

If there’s a new API or function worth exploring, make some changes and see how they work, if they apply to our application.

Major Update

In our example table above, babel-jest has a major version update. 24.9.0 -> 25.1.0 The first digit changed from 24 to 25. That means the version is not backwards compatible. Usually this means the package API has changed. In some cases, it may be because they have dropped support for an old version of Node. YMMV

You can never safely update the package.json with this package. Do the following:

Be wary of major changes. When in doubt, as a teammate.