⭐Best Practices

Follow these guidelines to build high-quality NOVA scripts.

Security

Always Validate Server-Side

-- ❌ BAD: Trusting client data
RegisterNetEvent('shop:buyItem')
AddEventHandler('shop:buyItem', function(item, price)
    local player = Nova.Functions.GetPlayer(source)
    player:RemoveMoney(price)  -- Client could send price = 0!
    player:AddItem(item, 1)
end)

-- ✅ GOOD: Server validates everything
RegisterNetEvent('shop:buyItem')
AddEventHandler('shop:buyItem', function(itemName)
    local source = source
    local player = Nova.Functions.GetPlayer(source)
    if not player then return end
    
    local item = Config.ShopItems[itemName]
    if not item then return end  -- Item doesn't exist
    
    if player:GetMoney() < item.price then
        Nova.Functions.Notify(source, 'Not enough money', 'error')
        return
    end
    
    player:RemoveMoney(item.price)
    player:AddItem(itemName, 1)
    Nova.Functions.Notify(source, 'Purchased ' .. item.label, 'success')
end)

Never Expose Sensitive Data to Client

-- ❌ BAD: Sending all player data
TriggerClientEvent('sendData', source, player)

-- ✅ GOOD: Send only what's needed
TriggerClientEvent('sendData', source, {
    name = player.fullname,
    job = player:GetJob().label,
})

Performance

Use Callbacks Instead of Polling

-- ❌ BAD: Polling every frame
CreateThread(function()
    while true do
        Wait(0)
        -- Check something every frame... 
    end
end)

-- ✅ GOOD: Event-driven
AddEventHandler('Nova:PlayerLoaded', function(source, player)
    -- React to events instead
end)

Minimize Database Queries

-- ❌ BAD: Query on every action
RegisterNetEvent('doAction')
AddEventHandler('doAction', function()
    local result = MySQL.Sync.fetchAll('SELECT * FROM ...', {})
    -- ...
end)

-- ✅ GOOD: Cache and use player object
RegisterNetEvent('doAction')
AddEventHandler('doAction', function()
    local player = Nova.Functions.GetPlayer(source)
    -- Player data is already cached in memory
    local money = player:GetMoney()  -- No DB query needed
end)

Use Proper Wait Times

-- ❌ BAD: Wait(0) when not needed
CreateThread(function()
    while true do
        Wait(0)  -- Runs every frame (60+ times/sec)
        DrawSomething()
    end
end)

-- ✅ GOOD: Only use Wait(0) for drawing, higher wait for checks
CreateThread(function()
    while true do
        Wait(1000)  -- Check every second
        if IsPlayerNearSomething() then
            -- Show interaction
        end
    end
end)

Code Organization

Namespace Your Events

-- ❌ BAD: Generic names that might conflict
RegisterNetEvent('getData')
RegisterNetEvent('doAction')

-- ✅ GOOD: Prefixed with script name
RegisterNetEvent('nova_myscript:getData')
RegisterNetEvent('nova_myscript:doAction')

Use the Locale System

-- ❌ BAD: Hardcoded strings
Nova.Functions.Notify(source, 'Dinheiro insuficiente!', 'error')

-- ✅ GOOD: Localized
Nova.Functions.Notify(source, L('not_enough_money'), 'error')

UI Guidelines

Follow the NOVA Theme

• Background: rgba(15, 15, 25, 0.95) with backdrop-filter: blur(20px)

• Accent Color: #84cc16 (lime green)

• Border: 1px solid rgba(132, 204, 22, 0.3)

• Border Radius: 16px for containers, 8px for buttons

• Font: 'Segoe UI', sans-serif

• Text Color: #e4e4e7

Support i18n in NUI

Always pass locale strings to your NUI and apply them dynamically. Never hardcode text in HTML.