JS | Strict Mode in NodeJS

“Do I need to add ‘use strict’; on the top of all my NodeJS files?”

First things first, what does the “strict mode” directive mean?

The “use strict” directive was new in ECMAScript version 5. It is not a statement, but a literal expression, ignored by earlier versions of JavaScript. The purpose of “use strict” is to indicate that the code should be executed in “strict mode”. With strict mode, you can not, for example, use undeclared variables.

From W3

What does it do?

Basically, it prevents to write bad Javascript code and make debugging easier:

  • Provides better errors by throwing an Error object. Bye bye silent errors.
  • Prevents the use of undeclared variables: The problem here isn’t the fact to use of a variable without declaring it, but rather the potential mistype probability of a variable name that creates a new variable. Awful for debugging.
  • Prevents to overwrite read only properties: undefined = true;.
  • Prevents the use of malformed octal literals:
1
2
3
4
5
6

'use strict';

// let x = 021; // SyntaxError: Octal literals are not allowed in strict mode.
let x = 0o21;   // Works

console.log(x); // 17
  • Simplifying variable uses

Strict mode simplifies how variable names map to particular variable definitions in the code. Many compiler optimizations rely on the ability to say that variable X is stored in that location: this is critical to fully optimizing JavaScript code. JavaScript sometimes makes this basic mapping of name to variable definition in the code impossible to perform until runtime. Strict mode removes most cases where this happens, so the compiler can better optimize strict mode code.

From developer.mozilla.org

  • Increasing security

Strict mode makes it easier to write “secure” JavaScript. Some websites now provide ways for users to write JavaScript which will be run by the website on behalf of other users. JavaScript in browsers can access the user’s private information, so such JavaScript must be partially transformed before it is run, to censor access to forbidden functionality. JavaScript’s flexibility makes it effectively impossible to do this without many runtime checks. Certain language functions are so pervasive that performing runtime checks has a considerable performance cost. A few strict mode tweaks, plus requiring that user-submitted JavaScript be strict mode code and that it be invoked in a certain manner, substantially reduce the need for those runtime checks.

From developer.mozilla.org

  • Get ready for ESNext by reserving keywords and again preventing for making bad things.

The list is so long… Thats enough, we’re gonna stop here.

To sum up, ‘use strict’ doesn’t only prevents bad code, but it also allows JavaScript optimizations.

Now that we know what 'use strict' does and how useful it is, let’s get back to our reflection.

Does NodeJS manage it for us?

The first though in mind could be to imagine that the NodeJS manages this part for us. But the short answer is no. Why? Let’s dive into Node’s modules.

Node modules

In the NodeJS module system, each file is considered as a module. The module standard used by NodeJS is CommonJS, which doesn’t provide the strict mode by default, unlike ES Modules.

But we can hope to have one day this module type in NodeJs. The official documentation mentions that the ES Module feature is experimental (Stability: 1) in the latest LTS v12.16.2. So you can start using it now, just don’t forget to check how to enable the feature.

So right know, we still have to add on the top of all our files the expression 'use strict' in order to add an additional security layer to your code.

Linter

Some people say that the linter can be a good alternative to write 'use strict'; on top of all your files, by, for instance, using the no-undef rule. But as we saw, the strict mode has also an optimization role. It still has a positive impact on our code and we should keep it.

Packages

Some npm packages can add for you the 'use strict'; directive everywhere, but I don’t recommend this solution. One more dependency is one more potential vulnerability. Maybe I am a bit too paranoiac, but my point is to always limit the dependencies if their functionalities can be easily made.

Conclusion

I simply should recommend to use a strong linter with:

1

'strict': ['error', 'safe'],

With this rule, you will be forced to add the strict mode directive on the top of all your CommonJS modules.

I hope you learned something and enjoyed the article. Have a great day!

Refs

Glossary

  • Literal

In computer science, a literal is a notation for representing a fixed value in source code. Almost all programming languages have notations for atomic values such as integers, floating-point numbers, and strings, and usually for booleans and characters; some also have notations for elements of enumerated types and compound values such as arrays, records, and objects. An anonymous function is a literal for the function type. In contrast to literals, variables or constants are symbols that can take on one of a class of fixed values, the constant being constrained not to change. Literals are often used to initialize variables, for example, in the following, 1 is an integer literal and the three letter string in “cat” is a string literal:

1
2

int a = 1;
string s = "cat";

From Wikipedia

  • Statement

Sequences of actions that should be performed to get a desired result …

From maksimivanov.com

  • Expression

… an expression returns a value …

From maksimivanov.com

© 2020 - 2025 Codeboy
Built with Hugo
Theme Stack designed by Jimmy