A junior dev asked me something recently that actually made me think. He said: “As a software developer or vibe coder, while you’re building, what do you usually look out for before moving to production? If you can give me something like a framework or blueprint, it would really help me while I build so I can avoid basic mistakes.”
My first answer was simple: understand the basics and fundamentals of the programming language you’re using. Then the tools and libraries on top of that. Even if you are a vibe coder, this still applies to you. You can’t debug what you don’t understand. and you can’t secure what you don’t know exists.
But the question deserved more than that. So here’s the full answer.
First, your code
Before you do anything else, look at your code like a stranger would.
If you are a vibe coder, READ THE CODE!
Are there API keys or passwords written directly in it? It will bite you HARD!.
Are you handling errors? Every time you fetch data from an API, every time you wait for something async, every time a user types something into a field, assume it will fail. What does your app show when it does? If the answer is “a blank screen” or “nothing,” that’s a bug.
Also, remove your console.log statements. it’s fine if you are still in development stage, abeg not in production.
Second, your data
If users are sending data to your server, you validate it on the server. Not just in the browser, on the server!. Frontend validation is for user experience. Backend validation is for security. Someone can bypass your frontend in about 30 seconds.
Never trust what a user sends you. Treat every input like it was typed by someone trying to break your app, because eventually, someone will. Check it. Don’t just pass it straight into your database.
Also check your database queries. Are you accidentally fetching thousands of rows when you only need ten? Are you running a query every time someone presses a key? Small things like this slow your app down quietly, and you won’t notice until it’s under real load.
Third, auth and security
There are two things that feel similar but are completely different: authentication (are you who you say you are?) and authorization (are you allowed to do this?).
A lot of developers only think about authentication. They make sure users are logged in, and they stop there. But if a logged-in user can view another user’s data just by changing a number in the URL, there will be problem ohh my brother 😂.
Sensitive endpoints like login, password reset, e.t.c. should have rate limits so no one can hammer them with thousands of attempts. CORS should be locked down to specific domains in production, not set to * (which means “everyone”).
Fourth, does your product actually work?
Ngl this sounds obvious but it gets ignored more than you’d think.
Go through your app like a new user would.
Think through every scenario you can.
What happens if a user fills in the form but leaves one field empty? What if they paste 10,000 characters into a text box that’s supposed to hold a name? What if they click the submit button twice really fast? What if they go back after submitting? What if they close the tab halfway through a payment, then come back. Are they charged twice? What if they upload a file that’s 500MB when you expected 2MB? What if they use your app on slow 3G and the request times out mid-action?
These aren’t just any cases. These are regular use cases. Real users do all of this, not to be malicious but because people just use things differently than you expect. (Not everyone is as smart as you are)
Every time you build a feature, form a habit of asking yourself what happens if a user does this or that, or doesn’t do this or that. You won’t catch everything, but you’ll catch a lot.
I’m just going to drop this here, i think this post is getting too long. Loading states and error messages aren’t nice to haves. They’re part of the product. If your app freezes silently when something goes wrong, users won’t think “there’s a bug.” like you, they’ll think your product doesn’t work. Which takes us to the fisth.
Fifth, your infrastructure
The most common “works on my machine” failure in production is environment variables not being set correctly. Your app works locally because your .env file is there. On the server, it might not be. Double check.
You also need logging. Once you ship, you need a way to know when things break before your users have to tell you.
And run your build before you push your code especially if you are collaborating with other devs (make dem no go sw**r for you 😂). Make sure it compiles cleanly. Warnings you’ve been ignoring locally sometimes become errors in a different environment.
Sixth, your users
Does your app work on mobile? If you built a web app and only tested it on your laptop, open it on your phone right now. You might be surprised.
Is it fast? Not fast on your machine with nothing else running, fast for someone on a mid-range android phone (android users abeg no come for me 👀) on a decent connection. Compress your images. Don’t load things you don’t need yet. These things matters too.
The order to remember before you press enter (hehe you get the rhyme?😂)
Code → Data → Auth & Security → Product behavior → Infrastructure → User experience.
Each layer depends on the one before it. You can have a beautiful UI and still ship rubbish if you skipped layer two or three.
You don’t have to be perfect before you ship. But you should be able to say you thought through each of these, including the “what ifs.”
I know i have not said all, but as you move on and gain more experience you get to understand better.
