Every Dart developer eventually faces the same question: how do we handle the absence of a value without crashing or drowning in null checks? Null safety, introduced in Dart 2.12, gives us tools to answer that question at compile time. But the feature set is broad—nullable types, late, required, null-aware operators, and more—and choosing the right pattern for each situation is not always obvious. This guide is for teams who want to move beyond the basics and adopt patterns that scale, reduce bugs, and keep code readable over the long term.
We'll walk through the core decision framework, compare three common approaches, and explore the trade-offs that emerge in real projects. The goal is not to prescribe a single style, but to give you criteria for making consistent choices across your codebase.
The Decision: Who Must Choose and Why Now
Null safety is not an optional upgrade. For any Dart project started after March 2021, sound null safety is the default. But even teams that migrated early often carry patterns from the pre-null-safe era—defensive null checks everywhere, heavy use of ?.toString() ?? '', and a lingering uncertainty about when to use late versus ?.
This decision matters most when you are:
- Designing a new package or feature that will be consumed by others
- Refactoring a legacy codebase with thousands of nullable fields
- Building a data layer that interacts with external APIs or databases
- Onboarding new developers who need consistent conventions to avoid mistakes
The cost of getting it wrong is deferred. A single ! that bypasses a null check can cause a production crash months later, in a code path nobody remembers. Conversely, excessive null handling bloats the code and obscures business logic. The right time to choose a pattern is before you write the first line of a new class or function, not after the bugs appear.
We recommend that every team define a short null-safety style guide—no more than a page—that covers four decisions: when to use nullable types, when to use late, when to use required in constructors, and how to handle deserialization. The rest of this guide will help you build that guide.
Why the Default Choice Is Not Enough
Dart's default—non-nullable unless you add ?—is a good start, but it leaves room for interpretation. For example, should a String field that may be empty use null or an empty string? The language does not decide; your team must. That is where patterns come in.
Option Landscape: Three Approaches to Null Handling
We can group the most common null-safety patterns into three broad approaches. Each has its own strengths, weaknesses, and typical use cases.
Approach 1: Defensive Null Checking Everywhere
This is the most straightforward style: make fields nullable when there is any chance they might be absent, and guard every usage with if (x != null), ??, or ?.method(). It closely mirrors the pre-null-safe style, but now the compiler enforces that you handle the null case.
When to use: Legacy migrations, simple value objects where null is a valid state (e.g., an optional middle name), and external data sources where you cannot guarantee completeness.
When to avoid: Deeply nested objects, because the null checks proliferate. Also avoid in performance-sensitive loops where redundant checks add overhead.
Approach 2: Late Initialization with Assertions
The late keyword tells the compiler that a field will be set before it is used, but not at construction time. Combined with an assertion, it can reduce boilerplate while still catching misuse in debug mode.
late final String name;
void init(String value) {
name = value;
assert(name.isNotEmpty);
}
When to use: Dependency injection, state restoration, or any scenario where initialization order is controlled and tested.
When to avoid: Public APIs where consumers might forget to call the initializer. Also avoid when the field might logically never be set—that is a design smell.
Approach 3: Fully Non-Nullable Design with Sentinel Objects
This approach aims to eliminate null from the domain model entirely. Instead of a nullable String?, you define a sealed class or use a sentinel constant (e.g., const unknown = ''). The benefit is that all fields are non-nullable, and the type system guarantees you never need a null check.
sealed class ApiResult {}
class Success extends ApiResult { final String data; Success(this.data); }
class Error extends ApiResult { final String message; Error(this.message); }
When to use: State management, complex domain logic, and any situation where null does not represent a valid value. Works well with pattern matching.
When to avoid: Simple data holders (like a JSON model) where the overhead of a sealed hierarchy outweighs the benefit. Also avoid when interop with nullable APIs is heavy.
How to Choose: Comparison Criteria That Matter
Selecting among these approaches depends on four criteria: readability, safety, performance, and maintenance cost. Let's examine each.
Readability
Code is read far more often than it is written. The defensive approach is easy to understand for anyone familiar with pre-null-safe Dart, but it can obscure the happy path. Late initialization reads cleanly when the initialization is nearby, but it introduces temporal coupling. The sentinel approach requires understanding the sealed hierarchy, but once learned, it makes the state space explicit.
In practice, readability often correlates with team experience. If your team is new to Dart, the defensive style may be the most approachable. For experienced teams, sentinel objects can reduce cognitive load by eliminating null branches.
Safety
All three approaches are safe when used correctly, but they differ in how they fail. Defensive checks can be forgotten in deep call chains. Late fields throw a runtime LateInitializationError if accessed before initialization—caught in debug mode but still a crash. Sentinel objects are the safest because the compiler enforces that every case is handled, especially with Dart's pattern matching (exhaustiveness checking).
Performance
Null checks are cheap, but they add up in hot loops. Late fields have a small runtime flag to track initialization, which is negligible. Sentinel objects may introduce extra allocations (for wrapper classes), but the difference is usually not measurable in UI code. In server-side Dart where throughput matters, the defensive approach can have a slight edge because it avoids allocating wrapper objects.
Maintenance Cost
The biggest maintenance cost comes from changing requirements. If a field that was non-nullable becomes nullable, the defensive approach requires adding checks everywhere—a compiler-guided refactor. Late fields require moving initialization earlier. Sentinel objects require adding a new subclass or variant, which is often simpler because the compiler tells you all the places that need updating.
Trade-offs: When Each Approach Shines (and Fails)
Let's compare the three approaches across concrete scenarios.
| Scenario | Defensive | Late | Sentinel |
|---|---|---|---|
| JSON deserialization | Good: nullable fields match JSON null | Poor: requires separate init step | Fair: need custom fromJson with sentinel values |
| State management (BLoC / Riverpod) | Fair: many null checks in UI | Poor: late fields conflict with hot reload | Excellent: sealed states are idiomatic |
| Dependency injection | Poor: nullable dependencies hide errors | Excellent: late final is perfect | Fair: can use factory pattern |
| Performance-critical loop | Fair: each null check is a branch | Good: no null checks after init | Good: non-nullable, but allocation overhead |
The defensive approach is the safest choice for public APIs where you have no control over how the data is used. The late approach is ideal for internal wiring where you know the initialization order. The sentinel approach is best for domain logic where null is not a meaningful value and you want exhaustive handling.
Common Mistake: Overusing the Bang Operator
No matter which approach you choose, resist the temptation to use ! as a quick fix. Every ! is a deferred crash. If you find yourself writing foo!.bar!.baz, step back. Either the data should be non-nullable, or you need to handle the null case explicitly. The bang operator should be reserved for situations where you have proven, through a preceding check, that the value is not null—and even then, consider using an assertion or a local variable with promotion.
Implementation Path: From Decision to Code
Once you have chosen a primary approach, here are the concrete steps to implement it consistently.
Step 1: Audit Existing Code
Search your codebase for patterns that indicate null-safety fatigue: excessive ?? chains, ! on nullable fields, and late variables that are never assigned. Use the Dart analyzer with strict-casts and strict-inference enabled.
Step 2: Define Nullability Rules per Layer
Not every layer needs the same rules. For example:
- Data layer (models, JSON): Use defensive style with nullable fields for optional data. Consider using freezed or json_serializable to generate null-safe code.
- Business logic (repositories, services): Prefer sentinel objects or sealed classes to represent success/failure/loading states.
- UI layer (widgets): Use non-nullable fields with
requiredconstructors. Avoid nullable state variables; use sentinel states instead.
Step 3: Write a Lint Rule
Add custom lint rules (using custom_lint or built-in lints) to enforce your conventions. For example, ban ! outside of test files, or require that every late field has an assertion.
Step 4: Test Null-Sensitive Code Paths
Write unit tests that exercise null and error cases. For defensive code, test that missing values produce the expected fallback. For sentinel objects, test all variants. For late fields, test that accessing before initialization throws.
Risks of Choosing Wrong or Skipping Steps
The most common mistake is not choosing at all—mixing patterns inconsistently across the codebase. This leads to confusion, bugs, and wasted time during code reviews.
Risk 1: Null Leakage Through Public APIs
If you use late in a public class, consumers have no way to know they must call an initializer before accessing the field. The result is a runtime crash that could have been caught at compile time with a nullable type or a constructor parameter.
Risk 2: False Confidence from Non-Nullable Types
Declaring a field as non-nullable does not mean it will always have a valid value. For example, a List<String> that is never null can still be empty. Teams sometimes forget that empty collections are different from absent ones. Use nullable types when the absence is meaningful, and non-nullable types with sentinel values for empty states.
Risk 3: Over-Engineering with Sealed Classes
Sealed classes are powerful, but they add complexity. For a simple flag like isLoading, a boolean is clearer. Reserve sealed hierarchies for states that have multiple payloads or behaviors.
Risk 4: Ignoring Migration Debt
If you skip the audit step and just add ? everywhere during migration, you end up with a codebase that compiles but is littered with unnecessary nullable types. Over time, developers stop trusting the type system and start adding redundant checks. Invest the time to remove nullable types where they are not needed.
Mini-FAQ: Frequent Questions About Dart Null Safety
Should I use late or ? for a field that is set after construction?
If the field is always set before it is used (e.g., in initState of a stateful widget), late final is appropriate. If there is any chance the field remains unset, use a nullable type with a default fallback.
What is the best way to handle null from JSON?
Use json_serializable with nullable: true or write manual fromJson that converts null to a sentinel. Avoid using ! in deserialization—it will crash on missing keys.
How do I make a generic type nullable?
Use T? for the type parameter, but be aware that T might itself be nullable. The Null class can help: T extends Object? is the most permissive bound.
When should I use required in a constructor?
Use required for every parameter that must be provided at construction time. This is the default for non-nullable fields. Avoid making a field required if it could be omitted with a sensible default.
Is it safe to use ?? with non-nullable types?
Yes, the right-hand side of ?? is only evaluated if the left side is null. Since the left side is non-nullable, the ?? will never trigger, but the compiler still requires the right side to be of the correct type. Use it only with nullable types.
Recommendation: A Balanced, Layer-Based Approach
After reviewing the trade-offs, we recommend a hybrid strategy rather than a single pattern. Use nullable types sparingly—only when the domain models a genuine absence. For initialization ordering, prefer late final with assertions over nullable fields. For state management, adopt sealed classes or freezed unions to make impossible states unrepresentable. And always, always avoid the bang operator in production code unless you have a local, provable null check immediately above.
Start by auditing one module in your codebase. Apply the layer-based rules from the implementation path. Measure the number of null-related crashes or errors before and after. We predict you will see fewer runtime failures and more readable code. The key is consistency: document your decisions, enforce them with lints, and revisit them as your project evolves.
Next steps: Write a one-page style guide for your team, enable strict analysis options, and replace your top ten ! usages with explicit handling. The rest will follow.
Comments (0)
Please sign in to post a comment.
Don't have an account? Create one
No comments yet. Be the first to comment!