hoangnguyen0403/nestjs-controllers-services
skills/nestjs/nestjs-controllers-services/SKILL.md
Separate Controllers from Services and build Custom Decorators in NestJS. Use when defining NestJS controllers, services, or custom parameter decorators.
$ install --global
skillsauthnpx skillsauth add hoangnguyen0403/agent-skills-standard nestjs-controllers-servicesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 3:36 AM174.9s3 files scanned
SKILL.md
- name:
- nestjs-controllers-services
- description:
- Separate Controllers from Services and build Custom Decorators in NestJS. Use when defining NestJS controllers, services, or custom parameter decorators.
NestJS Controllers & Services Standards
Priority: P0 (FOUNDATIONAL)
Controllers
- Role: Handler only. Delegate all logic to Services.
- Context:
ExecutionContexthelpers (switchToHttp()) for platform-agnostic code. - Custom Decorators:
- Avoid:
@Request() req->req.user(Not type-safe). - Pattern: Create typed decorators like
@CurrentUser(),@DeviceIp().
import { RequestWithUser } from 'src/common/interfaces/request.interface';
export const CurrentUser = createParamDecorator(
(data: unknown, ctx: ExecutionContext): User => {
const request = ctx.switchToHttp().getRequest<RequestWithUser>();
return request.user;
},
);
DTOs & Validation
- Strictness:
whitelist: true: Strip properties without decorators.- Critical:
forbidNonWhitelisted: true: Throw error if unknown properties exist. - Transformation:
transform: true: Auto-convert primitives (String '1' -> Number 1) and instantiate DTO classes.- Documentation:
- Swagger Plugin:
@nestjs/swaggerCLI plugin innest-cli.jsonauto-detects DTO properties — no manual@ApiProperty().
Interceptors (Response Mapping)
- Map responses in Interceptors, not Controllers.
map()wraps success responses (e.g.{ data: T }).- See API Standards for
PageDtoandApiResponse. catchError()maps low-level errors (DB constraints) toHttpException(e.g.ConflictException) before global filter.
Services & Business Logic
- Singleton: Default.
- Stateless: No request-specific state in class properties unless
Scope.REQUEST.
Pipes & Validation
- Global: Register
ValidationPipeglobally. - Route Params: Fail fast. Always use
ParseIntPipe,ParseUUIDPipeon all ID parameters.
@Get(':id')
findOne(@Param('id', ParseIntPipe) id: number) { ... }
Lifecycle Events
- Init: Use
OnModuleInitfor connection setup. - Destroy: Use
OnApplicationShutdownfor cleanup. (RequiresenableShutdownHooks()).
Anti-Patterns
- No business logic in controllers: Delegate everything to Services; controllers only parse and respond.
- No req.user access: Create typed
@CurrentUser()decorator instead of accessing rawreq. - No REQUEST scope by default: Use SINGLETON; it makes entire injection chain request-scoped.
References
- Decorator, Pipe & Lifecycle Examples
Related Skills
hoangnguyen0403/specialist-pr-reviewer
development
VerifiedTrustedCommunity
Summarizes GitHub PR, GitLab MR, or Azure DevOps PR metadata, review threads, changed files, and template completeness. Use during review-ticket or code-review workflows when PR/MR context exists.
498SKILL.mdUpdated May 23, 2026
hoangnguyen0403/typescript-tooling
tools
VerifiedTrustedCommunity
Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling.
498SKILL.mdUpdated May 21, 2026
hoangnguyen0403/typescript-security
development
VerifiedTrustedCommunity
Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.
498SKILL.mdUpdated May 21, 2026
hoangnguyen0403/typescript-language
development
VerifiedTrustedCommunity
Apply modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings.
498SKILL.mdUpdated May 21, 2026