SuiteScript
What enforceable SuiteScript development laws look like
Every NetSuite team I meet has a coding standard. Most of them are decoration.
They sit in a document shared once at onboarding and never opened again. They say useful-sounding things: write clean code, handle errors, mind governance. That is advice, not a rule. When the deadline lands, advice is the first thing a developer trades away. Six months later someone inherits the result and cannot tell which shortcuts were deliberate.
The SuiteScript work I put my name to runs on a different kind of standard. Not a style guide but a set of enforceable laws: conditions a script has to satisfy before it is allowed near a production account. The word "enforceable" is the whole point. Here is what it means in practice.
A law names the failure it prevents
A guideline says "consider governance." A law says why, and what breaks if you ignore it. "Consider governance" is easy to nod at and skip. "This afterSubmit halts part-way through a bulk save because it exceeds its unit budget, leaving half your records updated and half not" is not skippable. Every law is written as the second kind: the rule, then the production incident it exists to stop. A developer who understands the failure does not need policing.
Governance is declared, not discovered
The first governance law is a comment. Every script states its estimated governance consumption at the top, broken down by operation. You cannot declare a number you have not thought about, so the law forces the calculation that most governance failures come from skipping. The companion law: before any loop that loads or submits a record, check the remaining usage and stop early if it is low. Governance failures are not bad luck. They are arithmetic nobody did in advance.
The platform's limits are the design, not the enemy
Server-side SuiteScript does not support async/await. Developers arriving from modern JavaScript treat that as a defect to route around. The law is blunt: use the synchronous HTTP calls, and understand that this is the correct pattern, not a workaround. That is the tone the whole framework takes with NetSuite's constraints. Code that respects the shape of the platform outlives code that fights it.
Never invent an identifier
One law does more work than any other: never use a field ID you have not verified against the record in the target account. No guessing from memory, no assuming the sandbox matches production. It reads like paranoia until you have spent an afternoon on a script that failed because a custom field prefix differed between accounts. Invented identifiers are quiet killers: the code passes review, deploys clean, and fails only on the record that matters.
Build only what the requirement needs
The newest law is about proportion. Build the minimum that satisfies the requirement: a scheduled script where a saved search would do, an abstraction for a problem you have once, all of it is cost someone maintains for a decade. Configuration before code is the same instinct one level up. The most expensive line of SuiteScript is the one that should never have been written.
Why laws beat guidelines
The difference is enforcement. A guideline asks a developer to remember. A law is checked, and a script carrying a critical violation does not get committed. That is the only mechanism that survives a deadline. None of this needs a large team. It needs a standard with teeth, applied to the principal's code as strictly as to anyone else's. Estates rarely fail on one dramatic mistake. They drift, one unenforced shortcut at a time.
If you have inherited an estate and cannot tell which scripts were built to a standard and which to a deadline, that is worth knowing before the next change goes in. The NetSuite Estate Health Check is a fixed-fee, five-day diagnostic that answers exactly that.
Unsure what your estate actually contains?
The NetSuite Estate Health Check is a fixed-fee, five-day diagnostic: a prioritised risk register and a remediation roadmap, quoted before you commit.
Request the health check