aiskillstore/pitfalls-express-api
skills/barissozen/pitfalls-express-api/SKILL.md
Express API conventions and storage patterns. Use when building REST APIs, defining routes, or implementing storage interfaces. Triggers on: Express, router, API route, status code, storage interface.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace pitfalls-express-apiInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 1:20 AM61.3s2 files scanned
SKILL.md
- name:
- pitfalls-express-api
- description:
- Express API conventions and storage patterns. Use when building REST APIs, defining routes, or implementing storage interfaces. Triggers on: Express, router, API route, status code, storage interface.
Express API Pitfalls
Common pitfalls and correct patterns for Express APIs.
When to Use
- Building REST API routes
- Implementing storage interfaces
- Setting HTTP status codes
- Validating request bodies
- Reviewing Express API code
Workflow
Step 1: Verify Route Structure
Check that routes follow REST conventions.
Step 2: Check Status Codes
Ensure correct status codes for each operation.
Step 3: Verify Validation
Confirm input validation middleware is in place.
Route Structure
// Public routes
GET /api/resource // List
GET /api/resource/:id // Get one
// Admin routes (with auth middleware)
POST /api/admin/resource // Create (201)
PATCH /api/admin/resource/:id // Update (200)
DELETE /api/admin/resource/:id // Delete (204)
// ✅ Always validate before storage
router.post('/', validateBody(schema), async (req, res) => {
const validated = req.body; // Already validated by middleware
});
Status Codes
| Operation | Success | Not Found | Invalid | |-----------|---------|-----------|---------| | GET | 200 | 404 | 400 | | POST | 201 | - | 400 | | PATCH | 200 | 404 | 400 | | DELETE | 204 | 404 | - |
Storage Interface Pattern
// ✅ Define interface for all storage operations
interface IStorage {
// Strategies
getStrategies(): Promise<Strategy[]>;
getStrategy(id: string): Promise<Strategy | undefined>;
createStrategy(data: NewStrategy): Promise<Strategy>;
updateStrategy(id: string, data: Partial<Strategy>): Promise<Strategy | undefined>;
deleteStrategy(id: string): Promise<boolean>;
}
// ✅ Implement for different backends
class DbStorage implements IStorage { ... } // PostgreSQL
class MemStorage implements IStorage { ... } // Testing
Background Job Patterns
// ✅ Cleanup on process exit
const intervals: NodeJS.Timeout[] = [];
function startJob(fn: () => void, ms: number) {
const id = setInterval(fn, ms);
intervals.push(id);
return id;
}
process.on('SIGTERM', () => {
intervals.forEach(clearInterval);
process.exit(0);
});
// ✅ Handle overlapping executions
let isRunning = false;
async function scanForOpportunities() {
if (isRunning) return;
isRunning = true;
try {
await scan();
} finally {
isRunning = false;
}
}
Quick Checklist
- [ ] Routes follow REST conventions
- [ ] Correct status codes returned
- [ ] Input validation on all endpoints
- [ ] Storage interface abstraction used
- [ ] Background jobs handle cleanup
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026