mediar-ai/nestjs-best-practices
packages/skills/skills/nestjs-best-practices/SKILL.md
NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
$ install --global
skillsauthnpx skillsauth add mediar-ai/skillhubz nestjs-best-practicesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 4:20 AM6.3s1 file scanned
SKILL.md
- name:
- nestjs-best-practices
- description:
- NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
- license:
- MIT
- author:
- Kadajett
- version:
- 1.1.0
NestJS Best Practices
Comprehensive best practices guide for NestJS applications. Contains 40 rules across 10 categories, prioritized by impact to guide automated refactoring and code generation.
When to Apply
Reference these guidelines when:
- Writing new NestJS modules, controllers, or services
- Implementing authentication and authorization
- Reviewing code for architecture and security issues
- Refactoring existing NestJS codebases
- Optimizing performance or database queries
- Building microservices architectures
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|----------|----------|--------|--------|
| 1 | Architecture | CRITICAL | arch- |
| 2 | Dependency Injection | CRITICAL | di- |
| 3 | Error Handling | HIGH | error- |
| 4 | Security | HIGH | security- |
| 5 | Performance | HIGH | perf- |
| 6 | Testing | MEDIUM-HIGH | test- |
| 7 | Database & ORM | MEDIUM-HIGH | db- |
| 8 | API Design | MEDIUM | api- |
| 9 | Microservices | MEDIUM | micro- |
| 10 | DevOps & Deployment | LOW-MEDIUM | devops- |
Quick Reference
1. Architecture (CRITICAL)
arch-avoid-circular-deps- Avoid circular module dependenciesarch-feature-modules- Organize by feature, not technical layerarch-module-sharing- Proper module exports/imports, avoid duplicate providersarch-single-responsibility- Focused services over "god services"arch-use-repository-pattern- Abstract database logic for testabilityarch-use-events- Event-driven architecture for decoupling
2. Dependency Injection (CRITICAL)
di-avoid-service-locator- Avoid service locator anti-patterndi-interface-segregation- Interface Segregation Principle (ISP)di-liskov-substitution- Liskov Substitution Principle (LSP)di-prefer-constructor-injection- Constructor over property injectiondi-scope-awareness- Understand singleton/request/transient scopesdi-use-interfaces-tokens- Use injection tokens for interfaces
3. Error Handling (HIGH)
error-use-exception-filters- Centralized exception handlingerror-throw-http-exceptions- Use NestJS HTTP exceptionserror-handle-async-errors- Handle async errors properly
4. Security (HIGH)
security-auth-jwt- Secure JWT authenticationsecurity-validate-all-input- Validate with class-validatorsecurity-use-guards- Authentication and authorization guardssecurity-sanitize-output- Prevent XSS attackssecurity-rate-limiting- Implement rate limiting
5. Performance (HIGH)
perf-async-hooks- Proper async lifecycle hooksperf-use-caching- Implement caching strategiesperf-optimize-database- Optimize database queriesperf-lazy-loading- Lazy load modules for faster startup
6. Testing (MEDIUM-HIGH)
test-use-testing-module- Use NestJS testing utilitiestest-e2e-supertest- E2E testing with Supertesttest-mock-external-services- Mock external dependencies
7. Database & ORM (MEDIUM-HIGH)
db-use-transactions- Transaction managementdb-avoid-n-plus-one- Avoid N+1 query problemsdb-use-migrations- Use migrations for schema changes
8. API Design (MEDIUM)
api-use-dto-serialization- DTO and response serializationapi-use-interceptors- Cross-cutting concernsapi-versioning- API versioning strategiesapi-use-pipes- Input transformation with pipes
9. Microservices (MEDIUM)
micro-use-patterns- Message and event patternsmicro-use-health-checks- Health checks for orchestrationmicro-use-queues- Background job processing
10. DevOps & Deployment (LOW-MEDIUM)
devops-use-config-module- Environment configurationdevops-use-logging- Structured loggingdevops-graceful-shutdown- Zero-downtime deployments
How to Use
Read individual rule files for detailed explanations and code examples:
rules/arch-avoid-circular-deps.md
rules/security-validate-all-input.md
rules/_sections.md
Each rule file contains:
- Brief explanation of why it matters
- Incorrect code example with explanation
- Correct code example with explanation
- Additional context and references
Full Compiled Document
For the complete guide with all rules expanded: AGENTS.md
Related Skills
mediar-ai/packages/skills/skills/x-twitter-scraper
tools
VerifiedTrustedCommunity
# X Twitter Scraper Use Xquik for X/Twitter tweet search, user lookup, profile tweets, follower export, media download, monitors, webhooks, posting workflows, and MCP-backed API exploration. ## Prerequisites - A Xquik API key in `XQUIK_API_KEY`. - Internet access to `https://xquik.com/api/v1`, `https://xquik.com/mcp`, and `https://docs.xquik.com`. - A clear user request that identifies the target tweets, users, accounts, keywords, media, monitor, webhook, or write action. ## Source Truth -
6SKILL.mdUpdated May 31, 2026
mediar-ai/mk0r-cli
tools
VerifiedTrustedCommunity
Use when the user says "mk0r", "appmaker CLI", "open a VM", "run something in the sandbox", "talk to the VM agent", "spin up an E2B sandbox", or "chat with appmaker from CLI." Wraps the `mk0r` CLI to list projects, exec commands inside their E2B sandboxes, stream chat with the VM agent (same `/api/chat` the web UI uses), toggle SOAX residential IP, manage schedules, and copy files. Supports a sticky default project via `mk0r projects use`.
4SKILL.mdUpdated May 13, 2026
mediar-ai/influencer-hiring
testing
VerifiedTrustedCommunity
Use when the user mentions "influencer candidates", "social media operator", "check proposals on Upwork/Fiverr", "review influencer applications", "qualify candidates", or "reach out to operators". Manages the IG/TikTok account operator hiring pipeline — review applicants, check replies, qualify, and do proactive outreach.
4SKILL.mdUpdated May 7, 2026
mediar-ai/broadcast-newsletter
tools
VerifiedTrustedCommunity
End-to-end newsletter pipeline: investigate recent features, draft, send via API endpoint, and track delivery/open/click metrics.
4SKILL.mdUpdated May 1, 2026