# ScriptCode best practices ### Context The rules for writing ScriptCode on the Eximee platform will help ensure consistency, readability, and code security, and will also make onboarding new employees easier. Create ScriptCode according to the rules described below.

Area	Rule
Consistent naming convention	Write code in English - use English names for variables, functions, etc. Exceptions: top-down business naming decisions or a high level of script complexity (in this case, the decision belongs to the low-code developer). If you decide on a Polish naming convention - be consistent within a single script. Literal constants hard-coded in code, name them in UPPER_SNAKE_CASE format, e.g. const MOBILE_CHANNEL = "mobile" Name other variables and functions in camelCase format, e.g. const correlationId = context.getFirstParameter('correlationId'), let motherBranchNumber, function generateBranch()
Order in the code structure	Organize code according to the following order: Literal constants- declare at the beginning of the script Variables - then declare variables that will be used in the main logic Main logic - the main sequence of operations performed by the code (e.g. data processing, function calls) Helper functions - place at the end
Logging	Do not duplicate platform logs - if any parameters are automatically generated by the platform, do not log them again in the script Use the sensitive logger to log sensitive data, pattern: Logger.info("Customer's PESEL filled in on the form: {}", pesel) Learn more: Logging in ScriptCode
Variable declaration	Do not use vars Primitive types: use let only when you change the variable's value in the script. In other cases, use const Complex types: do not use let if you only modify the contents of an object - including arrays (Array), sets (Set), maps (Map). There is no need to use let when declaring objects - including arrays (Array), sets (Set), maps (Map) - as long as the reference (i.e. the reference to a specific object or array) will not be changed. In most cases, const should be used to declare arrays and other objects, even if their contents will be modified. Example using const: const array = [1, 2, 3]; array.push(4); // Works correctly, we are modifying the contents of the array const obj = { name: "Alice" }; obj.age = 30; // Works correctly, we are modifying the object properties Note: As long as the Rhino engine does not properly support block scope for const, variables inside a "for" loop should be declared using let. More about the bug can be found in the material linked below. Learn more: Data types in JavaScript, Reference, mutability, primitive types - JavaScript recap! Scripts(ScriptService) A table listing which features are currently not properly supported by the Rhino engine Rhino: error when declaring const inside a for loop
Error handling	Use blocks `try-catch` in places where exceptions may occur. If an error occurs, log it using the logger to make it easy to track the problem.
Code readability	Right-click → choose Format Document. This will make the code more clear and readable Remove code that is commented out and no longer needed Write comments concisely and clearly, explaining more difficult parts of the code, intentions, and unusual solutions. Avoid obvious comments that merely repeat what is already readable in the code.
Code repetition	If you repeat a fragment of code several times - create a helper function
Script description	When creating a new script/validator - add a description
Tests	Create unit tests whenever possible, including edge cases.
Security	Treat any parameters entering ScriptCode as untrusted when sending them to services Sample code: Bad: Good: Do not use authorization data directly in ScriptCode Retrieve remote resources (images, documents, card images, etc.) from a trusted source (e.g. the Eximee platform, a bank resource) If you need to use any link in the application, make sure it is trusted and that its use results directly from the requirements If a given feature does not exist on the platform, submit a request - do not use external tools Learn more: OWASP_Application_Security_Verification_Standard_4.0 - scriptCode
Mathematical operations with BigDecimal	Perform mathematical operations using BigDecimal Learn more: Mathematical operations in ScriptCode
Handling falsy values	Before using properties or methods, check whether the variable's value is not `null` or `undefined`, to prevent errors related to missing values. In situations where you also want to catch `0`, an empty string or `NaN`, you can use the general condition `if(value)`.
Review	If you are not the only low-code developer on the team - ask someone from the team to review the code.

### Materials * [OWASP\_Application\_Security\_Verification\_Standard\_4.0 - scriptCode](/documentation/documentation-en/budowanie-aplikacji/logika-biznesowa/scriptcode/dobre-praktyki-scriptcode/owasp_application_security_verification_standard_4.0-scriptcode.md) * [Mathematical operations in ScriptCode](/documentation/documentation-en/budowanie-aplikacji/logika-biznesowa/scriptcode/skrypty-scriptservice/api-skryptow/operacje-matematyczne-w-scriptcode.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eximee.com/documentation/documentation-en/budowanie-aplikacji/logika-biznesowa/scriptcode/dobre-praktyki-scriptcode.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.