RaheesAhmed/nextjs-fullstack
skills/nextjs/SKILL.md
Build full-stack applications with Next.js 15, React 19, and App Router. Covers server components, server actions, parallel routes, intercepting routes, middleware authentication, ISR/SSG/SSR strategies, streaming, API route patterns, edge runtime, and performance optimization. Use when building Next.js applications.
$ install --global
skillsauthnpx skillsauth add RaheesAhmed/SajiCode nextjs-fullstackInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 17, 2026, 5:16 AM254.5s1 file scanned
SKILL.md
- name:
- nextjs-fullstack
- description:
- Build full-stack applications with Next.js 15, React 19, and App Router. Covers server components, server actions, parallel routes, intercepting routes, middleware authentication, ISR/SSG/SSR strategies, streaming, API route patterns, edge runtime, and performance optimization. Use when building Next.js applications.
Next.js 15 Full-Stack Mastery
Project Setup
npx -y create-next-app@latest ./ --typescript --tailwind --eslint --app --src-dir --import-alias "@/*" --turbopack
App Router Architecture
src/
├── app/
│ ├── layout.tsx # Root layout (fonts, providers, metadata)
│ ├── page.tsx # Home
│ ├── loading.tsx # Root loading skeleton
│ ├── error.tsx # Root error boundary
│ ├── not-found.tsx # 404
│ ├── globals.css
│ ├── (marketing)/ # Route group — no prefix in URL
│ │ ├── page.tsx # / (if no app/page.tsx)
│ │ ├── about/page.tsx # /about
│ │ └── pricing/page.tsx # /pricing
│ ├── (auth)/ # Auth route group
│ │ ├── layout.tsx # Auth layout (centered, minimal)
│ │ ├── login/page.tsx
│ │ └── register/page.tsx
│ ├── dashboard/
│ │ ├── layout.tsx # Dashboard shell
│ │ ├── page.tsx # /dashboard
│ │ ├── settings/page.tsx # /dashboard/settings
│ │ └── @modal/(.)item/[id]/page.tsx # Intercepting route for modals
│ └── api/
│ └── webhooks/route.ts # Webhook handler
├── components/
│ ├── ui/ # shadcn/ui components
│ ├── layout/ # Header, Sidebar, Footer
│ └── features/ # Feature-specific components
├── lib/
│ ├── utils.ts
│ └── db.ts
└── actions/ # Server actions
├── auth.ts
└── posts.ts
Server Components (default)
// Runs on server — NO "use client" needed
// Direct database access, no waterfall
export default async function DashboardPage() {
const [user, stats, recentPosts] = await Promise.all([
getUser(),
getStats(),
getRecentPosts(),
]);
return (
<div>
<h1>Welcome, {user.name}</h1>
<StatsGrid stats={stats} />
<RecentPosts posts={recentPosts} />
</div>
);
}
Server Actions (mutations)
"use server";
import { revalidatePath } from "next/cache";
import { redirect } from "next/navigation";
import { z } from "zod";
const CreatePostSchema = z.object({
title: z.string().min(1).max(200),
content: z.string().min(1),
});
export async function createPost(formData: FormData) {
const parsed = CreatePostSchema.safeParse({
title: formData.get("title"),
content: formData.get("content"),
});
if (!parsed.success) {
return { error: parsed.error.flatten().fieldErrors };
}
const post = await db.post.create({ data: parsed.data });
revalidatePath("/dashboard");
redirect(`/posts/${post.id}`);
}
Client Components (ONLY when needed)
"use client";
import { useActionState } from "react";
import { createPost } from "@/actions/posts";
export function CreatePostForm() {
const [state, action, pending] = useActionState(createPost, null);
return (
<form action={action}>
<input name="title" required disabled={pending} />
{state?.error?.title && <p className="text-red-500 text-sm">{state.error.title}</p>}
<textarea name="content" required disabled={pending} />
<button type="submit" disabled={pending}>
{pending ? "Creating..." : "Create Post"}
</button>
</form>
);
}
Middleware Authentication
import { NextRequest, NextResponse } from "next/server";
const protectedPaths = ["/dashboard", "/settings", "/api/protected"];
const authPaths = ["/login", "/register"];
export function middleware(request: NextRequest) {
const token = request.cookies.get("session")?.value;
const { pathname } = request.nextUrl;
const isProtected = protectedPaths.some((p) => pathname.startsWith(p));
const isAuthPage = authPaths.some((p) => pathname.startsWith(p));
if (isProtected && !token) {
return NextResponse.redirect(new URL(`/login?from=${pathname}`, request.url));
}
if (isAuthPage && token) {
return NextResponse.redirect(new URL("/dashboard", request.url));
}
return NextResponse.next();
}
export const config = { matcher: ["/((?!_next/static|_next/image|favicon.ico).*)"] };
Data Fetching Strategies
| Strategy | Use When | Revalidation |
|----------|----------|-------------|
| Dynamic (SSR) | User-specific data | Every request |
| Static (SSG) | Blog posts, docs | Build time |
| ISR | Product pages | Time-based (revalidate: 60) |
| Client-side | Real-time data | SWR / React Query |
// ISR: revalidate every 60 seconds
export const revalidate = 60;
// On-demand revalidation
import { revalidateTag } from "next/cache";
await fetch(url, { next: { tags: ["products"] } });
revalidateTag("products");
Metadata & SEO
import type { Metadata } from "next";
export const metadata: Metadata = {
title: { default: "App Name", template: "%s | App Name" },
description: "App description for SEO",
openGraph: {
title: "App Name",
description: "App description",
url: "https://app.com",
siteName: "App Name",
images: [{ url: "/og.png", width: 1200, height: 630 }],
type: "website",
},
twitter: { card: "summary_large_image" },
robots: { index: true, follow: true },
};
Rules
- Server Components by DEFAULT — add
"use client"only for hooks/interactivity - Server Actions for mutations — NOT API routes
next/imagefor ALL imagesnext/fontfor fonts — NO external CSS font importsnext/linkfor navigation — NO<a>tags for internal links- Metadata in layout.tsx or page.tsx — never in
<Head> - Use
loading.tsxfor streaming/suspense - Use
error.tsxfor error boundaries
Related Skills
RaheesAhmed/web-research
development
VerifiedTrustedCommunity
Deep web research and data extraction skill. Systematically research ANY topic by fetching URLs, reading documentation, crawling API docs, evaluating npm/pypi packages, comparing technologies, and synthesizing findings into actionable recommendations. Use when researching libraries, frameworks, APIs, solutions, or any topic requiring web investigation.
66SKILL.mdUpdated May 17, 2026
RaheesAhmed/testing-patterns
development
VerifiedTrustedCommunity
Design and implement comprehensive test suites. Covers unit testing, integration testing, E2E testing with Playwright, API testing, mocking strategies, test data factories, TDD workflow, snapshot testing, coverage targets, and CI integration. Use when writing tests, designing test architecture, or debugging test failures.
66SKILL.mdUpdated May 17, 2026
RaheesAhmed/superpowers
development
VerifiedTrustedCommunity
Core engineering workflow that activates on EVERY task. Enforces systematic plan-before-code methodology, multi-file refactoring safety, dependency-aware changes, pre-flight verification, and zero-placeholder quality standards. Use PROACTIVELY on all coding tasks.
66SKILL.mdUpdated May 17, 2026
RaheesAhmed/styling-patterns
tools
VerifiedTrustedCommunity
Implement production styling systems with Tailwind CSS, vanilla CSS, or CSS-in-JS. Covers CSS architecture (BEM, utility-first, modules), design tokens, responsive patterns, animation systems, dark mode, container queries, print styles, and performance optimization. Use when implementing designs or building CSS architectures.
66SKILL.mdUpdated May 17, 2026