diff --git a/README.md b/README.md
index 17a51c91..a12e6cc9 100644
--- a/README.md
+++ b/README.md
@@ -51,14 +51,172 @@ Read in a different language: [**CN**](./README.chin
## Table of Contents
-1. [Project Structure Practices (5)](#1-project-structure-practices)
-2. [Error Handling Practices (12) ](#2-error-handling-practices)
-3. [Code Style Practices (12) ](#3-code-style-practices)
-4. [Testing And Overall Quality Practices (13) ](#4-testing-and-overall-quality-practices)
-5. [Going To Production Practices (19) ](#5-going-to-production-practices)
-6. [Security Practices (25)](#6-security-best-practices)
-7. [Performance Practices (2) (Work In Progress️ ✍️)](#7-draft-performance-best-practices)
-8. [Docker Practices (15)](#8-docker-best-practices)
+
+
+ 1. Project Structure Practices (5)
+
+
+ 1.1 Structure your solution by components
+ 1.2 Layer your components, keep the web layer within its boundaries
+ 1.3 Wrap common utilities as npm packages
+ 1.4 Separate Express 'app' and 'server'
+ 1.5 Use environment aware, secure and hierarchical config
+
+
+
+
+
+ 2. Error Handling Practices (12)
+
+
+ 2.1 Use Async-Await or promises for async error handling
+ 2.2 Use only the built-in Error object
+ 2.3 Distinguish operational vs programmer errors
+ 2.4 Handle errors centrally, not within a middleware
+ 2.5 Document API errors using Swagger or GraphQL
+ 2.6 Exit the process gracefully when a stranger comes to town
+ 2.7 Use a mature logger to increase error visibility
+ 2.8 Test error flows using your favorite test framework
+ 2.9 Discover errors and downtime using APM products
+ 2.10 Catch unhandled promise rejections
+ 2.11 Fail fast, validate arguments using a dedicated library
+ 2.12 Always await promises before returning to avoid a partial stacktrace
+
+
+
+
+
+ 3. Code Style Practices (12)
+
+
+ 3.1 Use ESLint
+ 3.2 Node.js specific plugins
+ 3.3 Start a Codeblock's Curly Braces on the Same Line
+ 3.4 Separate your statements properly
+ 3.5 Name your functions
+ 3.6 Use naming conventions for variables, constants, functions and classes
+ 3.7 Prefer const over let. Ditch the var
+ 3.8 Require modules first, not inside functions
+ 3.9 Require modules by folders, as opposed to the files directly
+ 3.10 Use the === operator
+ 3.11 Use Async Await, avoid callbacks
+ 3.12 Use arrow function expressions (=>)
+
+
+
+
+
+ 4. Testing And Overall Quality Practices (13)
+
+
+ 4.1 At the very least, write API (component) testing
+ 4.2 Include 3 parts in each test name
+ 4.3 Structure tests by the AAA pattern
+ 4.4 Detect code issues with a linter
+ 4.5 Avoid global test fixtures and seeds, add data per-test
+ 4.6 Constantly inspect for vulnerable dependencies
+ 4.7 Tag your tests
+ 4.8 Check your test coverage, it helps to identify wrong test patterns
+ 4.9 Inspect for outdated packages
+ 4.10 Use production-like environment for e2e testing
+ 4.11 Refactor regularly using static analysis tools
+ 4.12 Carefully choose your CI platform (Jenkins vs CircleCI vs Travis vs Rest of the world)
+ 4.13 Test your middlewares in isolation
+
+
+
+
+
+ 5. Going To Production Practices (19)
+
+
+ 5.1. Monitoring
+ 5.2. Increase transparency using smart logging
+ 5.3. Delegate anything possible (e.g. gzip, SSL) to a reverse proxy
+ 5.4. Lock dependencies
+ 5.5. Guard process uptime using the right tool
+ 5.6. Utilize all CPU cores
+ 5.7. Create a ‘maintenance endpoint’
+ 5.8. Discover errors and downtime using APM products
+ 5.9. Make your code production-ready
+ 5.10. Measure and guard the memory usage
+ 5.11. Get your frontend assets out of Node
+ 5.12. Be stateless, kill your servers almost every day
+ 5.13. Use tools that automatically detect vulnerabilities
+ 5.14. Assign a transaction id to each log statement
+ 5.15. Set NODE_ENV=production
+ 5.16. Design automated, atomic and zero-downtime deployments
+ 5.17. Use an LTS release of Node.js
+ 5.18. Don't route logs within the app
+ 5.19. Install your packages with npm ci
+
+
+
+
+
+ 6. Security Practices (25)
+
+
+ 6.1. Embrace linter security rules
+ 6.2. Limit concurrent requests using a middleware
+ 6.3 Extract secrets from config files or use packages to encrypt them
+ 6.4. Prevent query injection vulnerabilities with ORM/ODM libraries
+ 6.5. Collection of generic security best practices
+ 6.6. Adjust the HTTP response headers for enhanced security
+ 6.7. Constantly and automatically inspect for vulnerable dependencies
+ 6.8. Protect Users' Passwords/Secrets using bcrypt or scrypt
+ 6.9. Escape HTML, JS and CSS output
+ 6.10. Validate incoming JSON schemas
+ 6.11. Support blocklisting JWTs
+ 6.12. Prevent brute-force attacks against authorization
+ 6.13. Run Node.js as non-root user
+ 6.14. Limit payload size using a reverse-proxy or a middleware
+ 6.15. Avoid JavaScript eval statements
+ 6.16. Prevent evil RegEx from overloading your single thread execution
+ 6.17. Avoid module loading using a variable
+ 6.18. Run unsafe code in a sandbox
+ 6.19. Take extra care when working with child processes
+ 6.20. Hide error details from clients
+ 6.21. Configure 2FA for npm or Yarn
+ 6.22. Modify session middleware settings
+ 6.23. Avoid DOS attacks by explicitly setting when a process should crash
+ 6.24. Prevent unsafe redirects
+ 6.25. Avoid publishing secrets to the npm registry
+
+
+
+
+
+ 7. Performance Practices (2) (Work In Progress️ ✍️)
+
+
+ 7.1. Don't block the event loop
+ 7.2. Prefer native JS methods over user-land utils like Lodash
+
+
+
+
+
+ 8. Docker Practices (15)
+
+
+ 8.1 Use multi-stage builds for leaner and more secure Docker images
+ 8.2. Bootstrap using node command, avoid npm start
+ 8.3. Let the Docker runtime handle replication and uptime
+ 8.4. Use .dockerignore to prevent leaking secrets
+ 8.5. Clean-up dependencies before production
+ 8.6. Shutdown smartly and gracefully
+ 8.7. Set memory limits using both Docker and v8
+ 8.8. Plan for efficient caching
+ 8.9. Use explicit image reference, avoid latest tag
+ 8.10. Prefer smaller Docker base images
+ 8.11. Clean-out build-time secrets, avoid secrets in args
+ 8.12. Scan images for multi layers of vulnerabilities
+ 8.13 Clean NODE_MODULE cache
+ 8.14. Generic Docker practices
+ 8.15. Lint your Dockerfile
+
+