Code Standards

Code Standards

All products submitted to AppTrovo should follow these coding standards. Well-written code leads to fewer support requests, better reviews, and higher sales.

General Principles

  • Write clean, readable code with consistent formatting
  • Use meaningful names for variables, functions, and classes
  • Follow the single responsibility principle — each function/class should do one thing
  • Include error handling for all external operations (API calls, file operations, database queries)
  • Remove debug code, console logs, and commented-out blocks before submission

Security Requirements

  • Input validation: Validate and sanitize all user inputs
  • SQL injection: Use parameterized queries or ORM — never concatenate user input into SQL
  • XSS prevention: Escape output in templates, use Content Security Policy headers
  • CSRF protection: Include CSRF tokens in all forms
  • Authentication: Use secure password hashing (bcrypt, Argon2)
  • File uploads: Validate file types, enforce size limits, store outside webroot
  • Secrets management: Use environment variables — never hardcode API keys or passwords

Language-Specific Standards

PHP

  • Follow PSR-12 coding style
  • Use type hints for parameters and return types
  • Use namespaces and autoloading (PSR-4)
  • Minimum PHP 8.1 (prefer 8.2+)

JavaScript / TypeScript

  • Use ES6+ syntax (const/let, arrow functions, destructuring)
  • Prefer TypeScript for large projects
  • Include package.json with pinned dependency versions
  • Use a linter (ESLint) and formatter (Prettier)

Python

  • Follow PEP 8 style guide
  • Include requirements.txt or pyproject.toml
  • Use type hints (Python 3.9+)
  • Include virtual environment setup instructions

Database

  • Use migrations for schema management (not raw SQL dumps)
  • Include seed data for demo/testing purposes
  • Support multiple databases where possible (MySQL, PostgreSQL)
  • Use proper indexes on frequently queried columns
  • Include database schema documentation

Testing

  • Include basic unit tests for core functionality
  • Provide test credentials for demo environments
  • Document how to run tests
  • Products with test suites rank higher in search results

Last updated April 13, 2026