Node.js Error Handling That Doesn't Embarrass You in Production

Node.js Error Handling That Doesn't Embarrass You in Production
Brandon Perfetti

Technical PM + Software Engineer

Topics:Node.jsError HandlingProduction Reliability
Tech:ExpressStructured LoggingSentry / Monitoring Tools

I shipped a tiny API and ignored error handling until my first outage. A malformed payload from a client caused a runtime exception, the process didn't crash reliably, some requests hung, logs were cryptic, and users saw 500s for minutes. That incident taught me a hard lesson: error handling that 'works' in tutorials rarely survives production complexity. This article lays out a practical, implementation-forward plan for Node.js error handling you can apply to real services — including what to crash on, what to keep running, how to surface issues, and the patterns tutorials skip that bite you later.

1) Start with the Right Mental Model: Operational vs Programmer Errors

Errors fall into two fundamentally different buckets and you must treat them differently. Operational errors are expected runtime issues caused by the environment or inputs: network timeouts, malformed user input, unavailable downstream services, rate limiting, out-of-memory conditions when under load. Programmer errors indicate bugs in your code: logic mistakes, invalid assumptions, undefined variables, or corrupted memory (rare in JS but possible through native addons).

Why this matters: operational errors should be handled gracefully and communicated to the client with safe messages and status codes. Programmer errors are unsafe to try to continue from — they can leave your process in an inconsistent state. The correct action for many programmer errors is to fail fast, crash the process, and restart after capturing diagnostic data.

  • Operational errors -> handle + respond (4xx/5xx depending on context), monitor and possibly retry.
  • Programmer errors -> log complete diagnostics and crash the process to avoid undefined state.
  • Design your code and middleware so you can reliably distinguish between the two categories.

2) Use Custom Error Classes to Assert Intent

Throwing bare Error objects makes it hard to reason about intent downstream. Define a small hierarchy of custom error classes that carry metadata: status codes, whether the error is operational, and a stable error code for observability. Keep these classes small and explicit so business logic can create them intentionally.

Example minimal design: an AppError base class for expected errors (validation, auth, rate limit) and let unhandled exceptions be treated as programmer errors. Attach fields you need: statusCode, isOperational, errorCode, and optionally metadata for monitoring.

  • AppError: for expected, user- or environment-caused failures (isOperational=true).
  • ValidationError, AuthError, DownstreamError: subclasses with fixed status codes and error codes.
  • Any thrown Error without isOperational=true is treated as a programmer error by the centralized handler.

3) Centralize Error Handling — The Middleware Contract

Centralized error handling gives you a single place to map errors to HTTP responses, sanitize messages, add correlation IDs, and forward exceptions to monitoring. For Express, implement an error-handling middleware with signature (err, req, res, next). The middleware should:

1) Classify the error (operational vs programmer). 2) For operational errors, respond with a minimal safe payload and appropriate status code. 3) For programmer errors, capture diagnostics, return a generic 500, and initiate a graceful shutdown if necessary. Always include a stable errorCode or correlationId the client can give support.

  • Never send stack traces to clients in production. Send a short message and error ID.
  • Attach request IDs to both logs and responses so traces link across services.
  • For async route handlers, use a wrapper that catches rejected promises and forwards to next(err).

4) Practical Patterns: Code Samples and Conventions

Keep your application logic throwing AppError instances for known conditions. Example (conceptual): class AppError extends Error { constructor(message, statusCode = 500, errorCode = 'INTERNAL', isOperational = true) { super(message); this.statusCode = statusCode; this.errorCode = errorCode; this.isOperational = isOperational; Error.captureStackTrace(this, this.constructor); } }

Wrap async handlers to avoid missing rejections: const wrap = fn => (req, res, next) => Promise.resolve(fn(req,res,next)).catch(next); Apply wrap to all async route handlers or use frameworks that do this for you.

Centralized error middleware (conceptual): function errorHandler(err, req, res, next) { const id = req.id || generateId(); if (err.isOperational) { log.info({ id, errorCode: err.errorCode }, 'operational error'); res.status(err.statusCode).json({ error: err.message, code: err.errorCode, id }); } else { log.error({ id, stack: err.stack }, 'programmer error'); captureException(err, { extra: { requestId: id }}); res.status(500).json({ error: 'Internal server error', code: 'INTERNAL', id }); // optionally trigger graceful shutdown } }

  • Use a single shape for errors sent to clients: { error, code, id }.
  • Always log full diagnostic info server-side, including stack, request body (sanitized), headers, and requestId.
  • Use stable error codes (strings) for dashboards and alerts, not full messages.

5) Logging, Monitoring, and Alerting — Make Errors Actionable

Logs are useless unless correlated and structured. Use JSON structured logs with requestId, userId (if available), errorCode, and environment tags. Send critical errors to an APM/monitoring tool (Sentry, Datadog, New Relic) with the full stack and context. Create alerts on the signals that matter: error-rate increase for a particular errorCode, spike in 5xx per minute, or an increase in restart frequency.

Don't just count 500s. Count errorCode occurrences, track successful retries, and monitor latency before and after errors to detect cascading impacts.

  • Log structure: timestamp, level, message, requestId, errorCode, stack, route, user (if safe).
  • Alert on new or rising programmer-error stacks and high-frequency operational errors.
  • Capture enough context for post-mortems: request body (scrub secrets), headers, feature flags, and environment.

6) When to Crash and How to Restart Safely

If you classify an error as a programmer error, crash the process. Continued execution after an unknown bug leads to unpredictable behavior and harder-to-debug issues. But don't crash naively: ensure you capture diagnostics (logs, heap snapshot if appropriate) and perform a graceful shutdown so in-flight requests have a chance to finish or time out cleanly.

Implement a health-check and process lifecycle: on detecting an unrecoverable state, stop accepting new requests, wait up to a configured timeout for current requests, flush logs and metrics, then exit with a non-zero code so your orchestrator (Kubernetes, systemd) restarts the process. Tie restarts to alerting so repeated crashes trigger an incident instead of silent restarts.

  • Programmer error -> capture diagnostics -> attempt graceful shutdown -> exit(1).
  • Operational error -> try retries with backoff or circuit-breaker; don't crash on transient downstream failure.
  • Use readiness probes: set unhealthy before shutdown so load balancers stop sending traffic.

7) Testing and Deployment Checklist

Tests and deployment practices close the loop. Unit-test that your business logic throws AppError for invalid input. Integration-test that the error handler returns sanitized payloads and attaches request IDs. Simulate downstream failures to validate retry and circuit-breaker behavior. Run chaos exercises in staging: introduce crashes, increase latency on a dependency, and assert your service recovers cleanly and produces actionable alerts.

In deployment, include a post-deploy smoke test that hits health checks and a few representative endpoints that exercise error paths. If you use feature flags, ensure error reporting includes the flag state so you can correlate regressions to experiments.

  • Unit tests for custom error generation and mapping to status codes.
  • Integration tests calling endpoints with invalid input and simulated downstream failures.
  • Post-deploy smoke tests and chaos exercises in staging.

Conclusion

Error-handling is not cosmetic: it determines whether incidents are actionable or cryptic, recoverable or catastrophic. Use explicit custom errors to express intent, centralize handling so you have one place to enforce policies, separate operational responses from programmer failures, and instrument thoroughly so alerts point you to the root cause. Adopt a policy to crash and restart on unknown programmer errors after collecting diagnostics — letting a broken process linger is often worse than a quick restart. These steps reduce ambiguity in incidents, speed up root-cause analysis, and make your service more robust under real-world conditions.

Action Checklist

  1. Define an AppError base class in your codebase and replace ad-hoc throws with explicit errors.
  2. Implement a centralized error-handling middleware that classifies errors and returns { error, code, id }.
  3. Wrap async route handlers to ensure rejections reach the error middleware.
  4. Add structured logging with requestId and integrate a monitoring tool to capture exceptions and set alerts on errorCode spikes.
  5. Implement graceful shutdown and readiness probes; trigger them on programmer-error detection.
  6. Write unit and integration tests that exercise both operational and programmer-error paths and add post-deploy smoke tests.