TypeScript is no longer optional for production applications. It is the default. Every major framework—Next.js, Remix, SvelteKit, Nuxt—ships TypeScript-first. The Microsoft TypeScript blog tracks the rapid evolution of the language, and staying current with releases is essential. Every serious SaaS product, from Stripe's API to Vercel's platform, runs TypeScript in production. The question is not whether to use TypeScript but how to use it well.
After building production systems across industries—including AeroCopilot (100% TypeScript, 18 packages, 173 database tables) and enterprise platforms at Avenue Code serving clients like Banco Itaú and Walmart—these are the patterns that separate hobby projects from production code.
Start with Strict Mode. No Exceptions.
The single highest-impact configuration change you can make is enabling strict mode in your tsconfig.json:
{
"compilerOptions": {
"strict": true,
"noUncheckedIndexedAccess": true,
"exactOptionalPropertyTypes": true,
"noFallthroughCasesInSwitch": true
}
}
strict: true enables strictNullChecks, strictFunctionTypes, strictBindCallApply, strictPropertyInitialization, noImplicitAny, noImplicitThis, and alwaysStrict. Each one catches a category of bugs at compile time rather than in production.
noUncheckedIndexedAccess is the most underused flag. Without it, accessing array[0] returns T instead of T | undefined—even though the array might be empty. This single flag prevents an entire class of runtime errors.
Teams that start with loose TypeScript and plan to "tighten it later" never do. Start strict. Adjust individual rules only when you have a concrete, documented reason.
Discriminated Unions Over Type Assertions
Type assertions (as SomeType) are escape hatches that bypass the type checker. Every assertion is a statement that you know better than the compiler—and that confidence is frequently misplaced.
Instead, model your domain with discriminated unions:
// Bad: type assertions and optional fields everywhere
interface ApiResponse {
status: string;
data?: UserData;
error?: string;
}
// Good: discriminated union makes invalid states unrepresentable
type ApiResponse =
| { status: 'success'; data: UserData }
| { status: 'error'; error: string }
| { status: 'loading' };
With discriminated unions, the compiler enforces exhaustive handling. If you add a new status, TypeScript flags every switch statement that does not handle it. This pattern scales beautifully for complex state machines—authentication flows, payment processing states, multi-step wizards.
AeroCopilot uses discriminated unions extensively for flight plan states. A flight plan is either draft, submitted, approved, or rejected—and each state carries different associated data. The type system prevents code from accessing approval data on a draft flight plan. Bugs that would have been runtime crashes become compile-time errors.
Branded Types for Domain Safety
TypeScript's structural type system means that any string is interchangeable with any other string. A userId is the same type as an orderId is the same type as a randomGarbage. Branded types fix this:
type UserId = string & { readonly __brand: 'UserId' };
type OrderId = string & { readonly __brand: 'OrderId' };
function createUserId(id: string): UserId {
// Validate the format
if (!id.match(/^usr_[a-z0-9]{16}$/)) {
throw new Error(`Invalid user ID format: ${id}`);
}
return id as UserId;
}
function getOrder(orderId: OrderId): Order { /* ... */ }
const userId = createUserId('usr_abc123def456ghi7');
getOrder(userId); // TypeScript error: UserId is not assignable to OrderId
Branded types are especially valuable in systems with many identifiers—which is every SaaS product. In AeroCopilot, we brand aircraft registration numbers, pilot license IDs, and aerodrome codes. The type system prevents passing a pilot ID where an aircraft registration is expected, catching mismatches that unit tests might miss.
Zod for Runtime Validation
TypeScript types disappear at runtime. They protect you during development but offer zero guarantees about data entering your system from APIs, databases, user input, or third-party services. Zod bridges this gap:
import { z } from 'zod';
const CreateUserSchema = z.object({
email: z.string().email(),
name: z.string().min(1).max(100),
role: z.enum(['admin', 'member', 'viewer']),
metadata: z.record(z.string()).optional(),
});
type CreateUserInput = z.infer<typeof CreateUserSchema>;
// Runtime validation at system boundaries
function createUser(raw: unknown): CreateUserInput {
return CreateUserSchema.parse(raw);
}
The pattern: define Zod schemas at every system boundary (API endpoints, form submissions, external API responses, database queries with dynamic filters). Infer TypeScript types from the schemas. This gives you a single source of truth that enforces types at both compile time and runtime.
For Next.js applications, combine Zod with server actions for end-to-end type safety from form to database. We use this pattern across every project—the schema is defined once and validated at every layer.
Error Handling That Does Not Lie
The try/catch pattern in TypeScript has a fundamental flaw: catch gives you unknown, and most developers immediately cast it to Error without checking. Worse, many functions that can fail do not signal it in their return type.
Adopt the Result pattern for operations that can fail predictably:
type Result<T, E = Error> =
| { success: true; data: T }
| { success: false; error: E };
async function fetchUser(id: UserId): Promise<Result<User, 'NOT_FOUND' | 'FORBIDDEN'>> {
const user = await db.user.findUnique({ where: { id } });
if (!user) {
return { success: false, error: 'NOT_FOUND' };
}
if (!canAccess(user)) {
return { success: false, error: 'FORBIDDEN' };
}
return { success: true, data: user };
}
// Caller is forced to handle both cases
const result = await fetchUser(userId);
if (!result.success) {
// TypeScript knows result.error is 'NOT_FOUND' | 'FORBIDDEN'
switch (result.error) {
case 'NOT_FOUND': return notFound();
case 'FORBIDDEN': return forbidden();
}
}
// TypeScript knows result.data is User
console.log(result.data.name);
Reserve try/catch for truly unexpected errors—network failures, out-of-memory conditions, bugs. Use Result types for expected failure modes. The function signature becomes honest about what can go wrong, and the caller is forced to handle it.
Module Structure for Monorepos
AeroCopilot's 18-package monorepo works because each package has clear boundaries and explicit exports. The patterns that make this work:
Barrel exports with intention. Each package exposes a public API through index.ts. Internal implementation details are not exported. This prevents consumers from depending on internal structures that might change.
// packages/auth/src/index.ts — the public API
export { authenticate } from './authenticate';
export { authorize } from './authorize';
export type { Session, Permission } from './types';
// Internal helpers are NOT exported
// import { hashPassword } from '@repo/auth/internal' — this should not work
Layered architecture within packages. Each package follows the same internal structure: types → utils → core logic → adapters. Dependencies flow inward: adapters depend on core logic, core logic depends on types. Never the reverse.
Explicit dependency declarations. Every package declares its dependencies in package.json, even for monorepo-internal packages. No implicit imports across package boundaries. This ensures packages can be extracted, tested, and deployed independently.
TypeScript with Prisma: Type-Safe Database Access
Prisma generates TypeScript types directly from your database schema. This is transformative for production applications—your database schema becomes the single source of truth for data types throughout your application.
// Prisma generates types from your schema
// No manual type definitions for database models
import { PrismaClient } from '@prisma/client';
const prisma = new PrismaClient();
// Full type safety: TypeScript knows exactly what fields exist
const user = await prisma.user.findUnique({
where: { id: userId },
include: { orders: true },
});
// user.orders is typed as Order[] because of the include
// user.nonExistentField would be a compile error
The key practice: never bypass Prisma's type system with raw queries unless performance absolutely demands it. When you do use raw queries, wrap them in typed functions that validate the output against Zod schemas.
For complex queries, use Prisma's generated types to build type-safe query helpers:
import type { Prisma } from '@prisma/client';
function buildUserFilter(params: {
role?: string;
active?: boolean;
search?: string;
}): Prisma.UserWhereInput {
return {
...(params.role && { role: params.role }),
...(params.active !== undefined && { active: params.active }),
...(params.search && {
OR: [
{ name: { contains: params.search, mode: 'insensitive' } },
{ email: { contains: params.search, mode: 'insensitive' } },
],
}),
};
}
Configuration and Environment Variables
Environment variables are the most common source of runtime TypeScript failures. The fix is simple: validate them at startup.
import { z } from 'zod';
const envSchema = z.object({
DATABASE_URL: z.string().url(),
OPENAI_API_KEY: z.string().startsWith('sk-'),
NODE_ENV: z.enum(['development', 'test', 'production']),
PORT: z.coerce.number().default(3000),
});
export const env = envSchema.parse(process.env);
If a required variable is missing, the application crashes at startup with a clear error message—not five minutes later in a database connection handler with a cryptic undefined error.
Performance Patterns
TypeScript itself has zero runtime cost—it compiles to JavaScript. But TypeScript patterns can encourage runtime overhead if you are not careful:
Avoid class hierarchies. Deep inheritance chains create unnecessary object overhead and make the code harder to tree-shake. Prefer composition with plain objects and functions.
Use const assertions for static data. as const turns arrays and objects into readonly literal types, enabling better inference and preventing accidental mutation:
const ROLES = ['admin', 'member', 'viewer'] as const; type Role = (typeof ROLES)[number]; // 'admin' | 'member' | 'viewer'
Leverage template literal types for API routes. For applications with many API endpoints, template literal types catch route typos at compile time:
type ApiRoute = `/api/${string}`;
function fetchApi(route: ApiRoute): Promise<Response> {
return fetch(route);
}
fetchApi('/api/users'); // OK
fetchApi('/users'); // TypeScript error
Testing TypeScript Code
Type safety reduces but does not eliminate the need for tests. Focus testing effort on:
Business logic. The calculations, transformations, and decision trees that define your product's behavior. Types ensure the right data shapes flow through these functions; tests ensure the logic is correct.
Integration boundaries. Database queries, API calls, and third-party service interactions. Mock the external dependency, test the integration logic.
Edge cases the type system cannot express. Empty arrays that should not be empty. Numbers that must be positive. Strings that must match a format. Zod catches some of these; tests catch the rest.
Skip testing what the type system already guarantees. If a function accepts User and returns Order, you do not need a test verifying it does not return a string. The compiler already guarantees that.
The Production TypeScript Checklist
Before deploying any TypeScript application to production, verify:
- [ ]
strict: truewithnoUncheckedIndexedAccess - [ ] Zod validation at every system boundary
- [ ] Environment variables validated at startup
- [ ] No
anytypes outside of explicitly documented exceptions - [ ] No type assertions (
as) outside of branded type constructors - [ ] Discriminated unions for all state machines
- [ ] Result types for expected failure modes
- [ ] Prisma types as single source of truth for data models
- [ ] All packages have explicit, minimal public APIs
- [ ] ESLint configured with TypeScript-aware rules
- [ ] CI pipeline runs
tsc --noEmiton every commit
These practices are not theoretical. They are the patterns we apply to every production system we build, from AeroCopilot's aviation platform to enterprise systems at scale. TypeScript's power is in its type system—but only if you use it fully, honestly, and without escape hatches.
The gap between a TypeScript codebase that catches bugs at compile time and one that merely provides autocomplete is the gap between a production application and a hobby project. Choose to build for production from day one.