|
| 1 | +# Production Checklist |
| 2 | + |
| 3 | +## Environment Configuration |
| 4 | + |
| 5 | +* [ ] **Environment variables (`.env.production`)**: ensure all sensitive variables are properly defined and read from `process.env`. |
| 6 | +* [ ] **`next.config.js` in production mode**: check settings like: |
| 7 | + * `images.domains` (if using `next/image`) |
| 8 | + * `reactStrictMode: true` |
| 9 | + * `compress: true` |
| 10 | + |
| 11 | +## Build and Optimization |
| 12 | + |
| 13 | +* [ ] Run the build command to generate the optimized production version (`.next` folder): |
| 14 | + |
| 15 | + ```bash |
| 16 | + npm run build |
| 17 | + ```` |
| 18 | + |
| 19 | +* [ ] Verify there are no warnings or errors during build. |
| 20 | +* [ ] Review bundle sizes (`next build` shows this). Use [next-bundle-analyzer](https://www.npmjs.com/package/@next/bundle-analyzer) if needed. |
| 21 | + |
| 22 | +## Dependencies |
| 23 | + |
| 24 | +* [ ] Ensure dependencies are clean and up-to-date: |
| 25 | + |
| 26 | + ```bash |
| 27 | + npm prune --production |
| 28 | + ``` |
| 29 | + |
| 30 | +* [ ] Use only necessary dependencies in production, remove unnecessary dev packages. |
| 31 | +* [ ] Check for vulnerabilities: |
| 32 | + |
| 33 | + ```bash |
| 34 | + npm audit fix --force |
| 35 | + ``` |
| 36 | + |
| 37 | +## Error Handling and Logging |
| 38 | + |
| 39 | +* [ ] Client-side error capturing (`try/catch`, `ErrorBoundary`). |
| 40 | +* [ ] Server-side error capturing (middleware or API handlers). |
| 41 | +* [ ] Integration with a monitoring service: Sentry, LogRocket, Datadog, etc. |
| 42 | + |
| 43 | +## Security |
| 44 | + |
| 45 | +* [ ] Use HTTPS (if on Vercel, Netlify, or behind a proxy). |
| 46 | +* [ ] Enable secure HTTP headers: |
| 47 | + * Content Security Policy (CSP) |
| 48 | + * Strict-Transport-Security |
| 49 | + * X-Content-Type-Options |
| 50 | + * Referrer-Policy |
| 51 | +* [ ] Disable listing of unnecessary public files. |
| 52 | +* [ ] Do not include `.env*`, `node_modules/`, `tests/`, or any sensitive files in the deployment. |
| 53 | + |
| 54 | +## Authentication and Sessions |
| 55 | + |
| 56 | +* [ ] Cookies configured with: |
| 57 | + * `Secure` |
| 58 | + * `HttpOnly` |
| 59 | + * `SameSite=Strict` or `Lax` |
| 60 | +* [ ] Token refresh if using JWT |
| 61 | +* [ ] Server-side validation (`getServerSideProps`, API Routes) to protect private routes. |
| 62 | + |
| 63 | +## CDN, Images, and Assets |
| 64 | + |
| 65 | +* [ ] Use `next/image` with domain config or custom loader if not using Vercel. |
| 66 | +* [ ] Use cache headers for static assets (`Cache-Control`). |
| 67 | +* [ ] Use a CDN for images or assets if your infrastructure allows it. |
| 68 | + |
| 69 | +## Deployment |
| 70 | + |
| 71 | +* [ ] Choose between: |
| 72 | + * **Vercel** (recommended for Next.js) |
| 73 | + * **Docker** + **Nginx** |
| 74 | + * **Node.js server with PM2** |
| 75 | + |
| 76 | +* [ ] If using Docker: |
| 77 | + * Multi-stage build |
| 78 | + * Lightweight image (based on `node:alpine`) |
| 79 | + * Well-defined volumes with no development leaks |
| 80 | + |
| 81 | +## Testing |
| 82 | + |
| 83 | +* [ ] Unit and integration tests (Jest, Testing Library). |
| 84 | +* [ ] Post-deploy smoke testing. |
| 85 | +* [ ] Manual review on different devices/browsers. |
| 86 | + |
| 87 | +## SEO and Performance |
| 88 | + |
| 89 | +* [ ] Meta tags (`next/head`) |
| 90 | +* [ ] OpenGraph, Twitter cards |
| 91 | +* [ ] Lighthouse score > 90 |
| 92 | +* [ ] Sitemaps and `robots.txt` |
| 93 | +* [ ] `manifest.json` file and PWA support if applicable |
| 94 | + |
| 95 | +## Metrics and Monitoring |
| 96 | + |
| 97 | +* [ ] Integration with Google Analytics, Plausible, etc. |
| 98 | +* [ ] Centralized logging if on a custom environment |
| 99 | +* [ ] Error or downtime alerts |
0 commit comments