Skills
skills/xirothedev/agent-skills/nestjs-best-practices

nestjs-best-practices

SKILL.md

NestJS Best Practices

Comprehensive guide for building production-ready NestJS applications. Contains 26 rules across 13 categories, covering security, architecture, performance, validation, database operations, authentication, and advanced patterns.

When to Apply

Reference these guidelines when:

  • Writing new NestJS modules, controllers, or services
  • Implementing authentication and authorization
  • Setting up Prisma database operations
  • Creating DTOs and validation pipes
  • Adding middleware or guards
  • Implementing error handling and logging
  • Reviewing NestJS code for best practices
  • Refactoring existing NestJS applications

Rule Categories by Priority

Priority Category Impact Prefix
1 Security CRITICAL security-
2 Performance HIGH performance-
3 Architecture HIGH architecture-
4 Error Handling HIGH error-handling-
5 Validation CRITICAL validation-
6 Database CRITICAL database-
7 Authentication CRITICAL auth-
8 API MEDIUM api-
9 Configuration CRITICAL config-
10 Testing MEDIUM testing-
11 Deployment MEDIUM deployment-
12 Middleware MEDIUM middleware-
13 Advanced HIGH advanced-

Quick Reference

1. Security (CRITICAL)

  • security-cors-whitelist - Enable CORS with whitelist origins only
  • security-dependency-audit - Regular dependency security audits with bun
  • security-helmet-headers - Use Helmet middleware for security headers

2. Performance (HIGH)

  • performance-redis-caching - Cache frequently used data with Redis

3. Architecture (HIGH)

  • architecture-short-functions - Keep functions short and single purpose
  • architecture-feature-modules - Organize code by feature modules
  • architecture-no-dead-code - Remove unused code and dependencies
  • architecture-thin-controllers - Single responsibility - separate controller and service
  • architecture-naming-conventions - Use consistent naming conventions
  • architecture-event-driven - Use event-driven architecture for loose coupling

4. Error Handling (HIGH)

  • error-handling-exception-filter - Enable global exception filter
  • error-handling-structured-logging - Implement proper logging strategy

5. Validation (CRITICAL)

  • validation-custom-pipes - Create custom pipes for query parameter transformation
  • validation-dto-validation - Validate all inputs with DTOs and ValidationPipe

6. Database (CRITICAL)

  • database-parameterized-queries - Use parameterized queries to prevent SQL injection (Prisma v7)

7. Authentication (CRITICAL)

  • auth-password-hashing - Use Bun's built-in Crypto for secure password hashing (argon2/bcrypt)
  • auth-route-guards - Use guards for route protection

8. API (MEDIUM)

  • api-cursor-pagination - Use cursor-based pagination for large datasets
  • api-swagger-docs - Generate Swagger/OpenAPI documentation

9. Configuration (CRITICAL)

  • config-no-secrets - Never hardcode secrets - use environment variables

10. Testing (MEDIUM)

  • testing-unit-tests - Write comprehensive unit tests

11. Deployment (MEDIUM)

  • deployment-health-checks - Implement health check endpoints

12. Middleware (MEDIUM)

  • middleware-compression - Enable compression middleware for responses
  • middleware-rate-limiting - Implement rate limiting for all routes

13. Advanced (HIGH)

  • advanced-lazy-loading - Lazy load non-critical modules
  • advanced-scheduled-tasks - Use @nestjs/schedule for cron jobs and scheduled tasks

How to Use

Read individual rule files for detailed explanations and code examples:

rules/security-cors-whitelist.md
rules/auth-route-guards.md
rules/validation-dto-validation.md
rules/_sections.md

Each rule file contains:

  • "For AI Agents" section with step-by-step implementation instructions
  • Quick Reference Checklist for code review
  • ❌ WRONG vs ✅ CORRECT patterns with file locations
  • Installation commands using bun add
  • Comprehensive code examples for NestJS + Prisma
  • Security and performance considerations

Key Patterns

Agent-Friendly Format

All rules are optimized for AI agents with:

  • Explicit file locations (e.g., src/users/users.service.ts)
  • Step-by-step "For AI Agents" sections
  • ✅ CORRECT vs ❌ WRONG pattern comparisons
  • Quick Reference Checklists
  • Clear installation instructions

Technology Stack

  • Framework: NestJS with Express/Fastify adapter
  • Runtime: Bun (native crypto, scheduling)
  • Database: Prisma v7 (sql template tag, interactive transactions)
  • Validation: class-validator + class-transformer
  • Security: Helmet, CORS whitelisting, rate limiting
  • Scheduling: @nestjs/schedule with cron/interval decorators
  • Events: EventEmitter2 for loose coupling

Full Compiled Document

For the complete guide with all rules expanded: AGENTS.md

Build Commands

cd packages/nestjs-best-practices-build
bun install
bun run build      # Generate AGENTS.md
bun run validate   # Validate rule files
bun run dev        # Build and validate

Statistics

  • 13 sections covering all aspects of NestJS development
  • 26 rules prioritized by impact (CRITICAL, HIGH, MEDIUM)
  • Prisma v7 compatible database patterns
  • Bun runtime native features (Crypto.hashPassword, @nestjs/schedule)
  • Agent-optimized for automated code generation and review
Weekly Installs
85
Repository
xirothedev/agent-skills
GitHub Stars
12
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
gemini-cli73
opencode72
codex70
cursor69
github-copilot65
amp56