d-subrahmanyam/express-typescript
.agents/skills/express-typescript/SKILL.md
Guidelines for building robust APIs with Express.js and TypeScript, covering middleware patterns, routing, and security best practices
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add d-subrahmanyam/deno-fresh-microservices express-typescriptInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:54 PM1.8s1 file scanned
SKILL.md
- name:
- express-typescript
- description:
- Guidelines for building robust APIs with Express.js and TypeScript, covering middleware patterns, routing, and security best practices
Express TypeScript Development
You are an expert in Express.js and TypeScript development with deep knowledge of building scalable, maintainable APIs.
TypeScript General Guidelines
Basic Principles
- Use English for all code and documentation
- Always declare types for variables and functions (parameters and return values)
- Avoid using
anytype - create necessary types instead - Use JSDoc to document public classes and methods
- Write concise, maintainable, and technically accurate code
- Use functional and declarative programming patterns; avoid classes where possible
- Prefer iteration and modularization to adhere to DRY principles
Nomenclature
- Use PascalCase for types and interfaces
- Use camelCase for variables, functions, and methods
- Use kebab-case for file and directory names
- Use UPPERCASE for environment variables
- Use descriptive variable names with auxiliary verbs:
isLoading,hasError,canDelete - Start each function with a verb
Functions
- Write short functions with a single purpose
- Use arrow functions for middleware and handlers
- Use async/await consistently throughout the codebase
- Use the RO-RO pattern for multiple parameters
Types and Interfaces
- Prefer interfaces over types for object shapes
- Avoid enums; use maps or const objects instead
- Use Zod for runtime validation with inferred types
- Use
readonlyfor immutable properties
Express-Specific Guidelines
Project Structure
src/
routes/
{resource}/
index.ts
controller.ts
validators.ts
middleware/
auth.ts
errorHandler.ts
requestLogger.ts
validateRequest.ts
services/
{domain}Service.ts
models/
{entity}.ts
types/
express.d.ts
index.ts
utils/
config/
app.ts
server.ts
Application Setup
import express, { Express } from 'express';
import helmet from 'helmet';
import cors from 'cors';
import { errorHandler } from './middleware/errorHandler';
import { requestLogger } from './middleware/requestLogger';
import routes from './routes';
const createApp = (): Express => {
const app = express();
// Security middleware
app.use(helmet());
app.use(cors());
// Body parsing
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// Request logging
app.use(requestLogger);
// Routes
app.use('/api', routes);
// Error handling (must be last)
app.use(errorHandler);
return app;
};
export default createApp;
Middleware Patterns
- Use middleware for cross-cutting concerns
- Chain middleware in order of execution
- Handle errors in dedicated error middleware
import { Request, Response, NextFunction } from 'express';
// Request logging middleware
const requestLogger = (req: Request, res: Response, next: NextFunction): void => {
const start = Date.now();
res.on('finish', () => {
const duration = Date.now() - start;
console.log(`${req.method} ${req.path} ${res.statusCode} ${duration}ms`);
});
next();
};
// Authentication middleware
const authenticate = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
const token = req.headers.authorization?.split(' ')[1];
if (!token) {
res.status(401).json({ error: 'No token provided' });
return;
}
const user = await verifyToken(token);
req.user = user;
next();
} catch (error) {
res.status(401).json({ error: 'Invalid token' });
}
};
Routing
- Organize routes by resource
- Use Router for modular route definitions
- Apply middleware at appropriate levels
import { Router } from 'express';
import { authenticate } from '../middleware/auth';
import { validateRequest } from '../middleware/validateRequest';
import { createUserSchema, updateUserSchema } from './validators';
import * as controller from './controller';
const router = Router();
router.get('/', controller.listUsers);
router.get('/:id', controller.getUser);
router.post('/', validateRequest(createUserSchema), controller.createUser);
router.put('/:id', authenticate, validateRequest(updateUserSchema), controller.updateUser);
router.delete('/:id', authenticate, controller.deleteUser);
export default router;
Request Validation
- Validate all incoming requests
- Use Zod for schema definition and validation
- Create reusable validation middleware
import { z } from 'zod';
import { Request, Response, NextFunction } from 'express';
const createUserSchema = z.object({
body: z.object({
name: z.string().min(1),
email: z.string().email(),
password: z.string().min(8),
}),
});
const validateRequest = (schema: z.ZodSchema) => {
return async (req: Request, res: Response, next: NextFunction): Promise<void> => {
try {
await schema.parseAsync({
body: req.body,
query: req.query,
params: req.params,
});
next();
} catch (error) {
if (error instanceof z.ZodError) {
res.status(400).json({
error: 'Validation failed',
details: error.errors,
});
return;
}
next(error);
}
};
};
Error Handling
- Create custom error classes
- Use centralized error handler middleware
- Return consistent error responses
class AppError extends Error {
constructor(
public statusCode: number,
public message: string,
public code: string = 'INTERNAL_ERROR'
) {
super(message);
this.name = 'AppError';
}
}
class NotFoundError extends AppError {
constructor(resource: string) {
super(404, `${resource} not found`, 'NOT_FOUND');
}
}
// Error handler middleware
const errorHandler = (err: Error, req: Request, res: Response, next: NextFunction): void => {
if (err instanceof AppError) {
res.status(err.statusCode).json({
error: err.code,
message: err.message,
});
return;
}
console.error(err);
res.status(500).json({
error: 'INTERNAL_ERROR',
message: 'An unexpected error occurred',
});
};
TypeScript Extensions
Extend Express types for custom properties:
// types/express.d.ts
import { User } from '../models/User';
declare global {
namespace Express {
interface Request {
user?: User;
requestId?: string;
}
}
}
Security Best Practices
- Use helmet for security headers
- Implement rate limiting
- Sanitize user inputs
- Use HTTPS in production
- Implement CORS properly
import helmet from 'helmet';
import rateLimit from 'express-rate-limit';
app.use(helmet());
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});
app.use('/api', limiter);
Testing
- Use Jest with supertest for integration tests
- Test middleware in isolation
- Mock external dependencies
import request from 'supertest';
import createApp from '../app';
describe('Users API', () => {
const app = createApp();
it('should create a user', async () => {
const response = await request(app)
.post('/api/users')
.send({ name: 'John', email: '[email protected]', password: 'password123' })
.expect(201);
expect(response.body).toHaveProperty('id');
expect(response.body.name).toBe('John');
});
});
Related Skills
d-subrahmanyam/fastify-typescript
development
VerifiedTrustedCommunity
Guidelines for building high-performance APIs with Fastify and TypeScript, covering validation, Prisma integration, and testing best practices
SKILL.mdUpdated Apr 17, 2026
d-subrahmanyam/fastapi
development
VerifiedTrustedCommunity
FastAPI modern Python web framework. Covers routing, Pydantic models, dependency injection, and async support. Use when building Python APIs. USE WHEN: user mentions "fastapi", "pydantic", "async python api", "python rest api", asks about "dependency injection python", "python openapi", "python swagger", "async endpoints", "python api validation", "fastapi middleware" DO NOT USE FOR: Django apps - use `django` instead, Flask apps - use `flask` instead, synchronous Python APIs without type hints, GraphQL-only APIs
SKILL.mdUpdated Apr 16, 2026
d-subrahmanyam/fastapi-testing
tools
VerifiedTrustedCommunity
FastAPI integration testing specialist. Covers synchronous TestClient, async httpx AsyncClient, dependency injection overrides, auth testing (JWT, OAuth2, API keys), WebSocket testing, file uploads, background tasks, middleware testing, and HTTP mocking with respx, responses, and pytest-httpserver. USE WHEN: user mentions "FastAPI test", "TestClient", "httpx async test", "dependency override test", "respx mock", asks about testing FastAPI endpoints, authentication in tests, or HTTP client mocking. DO NOT USE FOR: Django - use `pytest-django`; pytest internals - use `pytest`; Container infrastructure - use `testcontainers-python`
SKILL.mdUpdated Apr 16, 2026
d-subrahmanyam/fastapi-python
development
VerifiedTrustedCommunity
Expert in FastAPI Python development with best practices for APIs and async operations
SKILL.mdUpdated Apr 16, 2026