Nestjs Best Practices
Apply 40 prioritized NestJS rules across modules, DI, security, and performance when generating or reviewing backend code.
Overview
Nestjs-best-practices is an agent skill most often used in Build (also Ship review) that enforces 40 NestJS rules across ten architecture, security, and performance categories.
Install
npx skills add https://github.com/kadajett/agent-nestjs-skills --skill nestjs-best-practicesWhat is this skill?
- 40 rules across 10 categories from Architecture and DI through DevOps
- Priority tiers: CRITICAL architecture/DI, HIGH error, security, performance
- Prefixed rule IDs (arch-, di-, error-, security-, perf-, test-, db-, api-, micro-, devops-)
- Invoke when writing, reviewing, or refactoring NestJS for production readiness
- Covers auth, microservices, database/ORM, and automated refactoring guidance
- 10 rule categories from Architecture through DevOps & Deployment
- Skill metadata version 1.1.0
Adoption & trust: 17.8k installs on skills.sh; 189 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your agent-generated NestJS code sprawls across modules with weak DI, leaky auth, and ORM patterns that will not survive production traffic.
Who is it for?
Indie SaaS backends on NestJS who want a single skill to steer both generation and PR review toward production patterns.
Skip if: Express-only stacks, front-end-only projects, or beginners who have not scaffolded a Nest app yet.
When should I use this skill?
Writing, reviewing, or refactoring NestJS modules, controllers, services, auth, performance, or microservices.
What do I get? / Deliverables
New and reviewed code aligns with prioritized arch-, di-, security-, and perf- rules so refactors target the highest-impact Nest failures first.
- Code aligned to prefixed NestJS rule IDs
- Review notes grouped by impact tier (CRITICAL through LOW-MEDIUM)
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Build/backend is the canonical shelf for module, controller, and service work; the same rules apply during ship-time review and refactors. Backend subphase covers NestJS architecture, auth, ORM, microservices, and API design patterns the skill catalogs.
Where it fits
Scaffold a new feature module and apply arch- and di- critical rules before wiring controllers.
Run a PR review pass prioritizing error- and security- categories on auth guards and filters.
Tune perf- and db- rules after slow query reports in production Nest services.
How it compares
NestJS opinionated rule pack for agents, not a replacement for nest CLI or your org’s custom ESLint alone.
Common Questions / FAQ
Who is nestjs-best-practices for?
Solo and indie developers building NestJS APIs who want agents to follow Kadajett’s 40-rule guide when writing or reviewing server code.
When should I use nestjs-best-practices?
While building modules and auth in Build/backend, during Ship review before merge, and when refactoring microservices or database layers for performance.
Is nestjs-best-practices safe to install?
MIT-licensed skill metadata; verify the agent-nestjs-skills repo and Security Audits panel on this Prism page before adding to your project.
SKILL.md
READMESKILL.md - Nestjs Best Practices
# NestJS Best Practices Comprehensive best practices guide for NestJS applications. Contains 40 rules across 10 categories, prioritized by impact to guide automated refactoring and code generation. ## When to Apply Reference these guidelines when: - Writing new NestJS modules, controllers, or services - Implementing authentication and authorization - Reviewing code for architecture and security issues - Refactoring existing NestJS codebases - Optimizing performance or database queries - Building microservices architectures ## Rule Categories by Priority | Priority | Category | Impact | Prefix | |----------|----------|--------|--------| | 1 | Architecture | CRITICAL | `arch-` | | 2 | Dependency Injection | CRITICAL | `di-` | | 3 | Error Handling | HIGH | `error-` | | 4 | Security | HIGH | `security-` | | 5 | Performance | HIGH | `perf-` | | 6 | Testing | MEDIUM-HIGH | `test-` | | 7 | Database & ORM | MEDIUM-HIGH | `db-` | | 8 | API Design | MEDIUM | `api-` | | 9 | Microservices | MEDIUM | `micro-` | | 10 | DevOps & Deployment | LOW-MEDIUM | `devops-` | ## Quick Reference ### 1. Architecture (CRITICAL) - `arch-avoid-circular-deps` - Avoid circular module dependencies - `arch-feature-modules` - Organize by feature, not technical layer - `arch-module-sharing` - Proper module exports/imports, avoid duplicate providers - `arch-single-responsibility` - Focused services over "god services" - `arch-use-repository-pattern` - Abstract database logic for testability - `arch-use-events` - Event-driven architecture for decoupling ### 2. Dependency Injection (CRITICAL) - `di-avoid-service-locator` - Avoid service locator anti-pattern - `di-interface-segregation` - Interface Segregation Principle (ISP) - `di-liskov-substitution` - Liskov Substitution Principle (LSP) - `di-prefer-constructor-injection` - Constructor over property injection - `di-scope-awareness` - Understand singleton/request/transient scopes - `di-use-interfaces-tokens` - Use injection tokens for interfaces ### 3. Error Handling (HIGH) - `error-use-exception-filters` - Centralized exception handling - `error-throw-http-exceptions` - Use NestJS HTTP exceptions - `error-handle-async-errors` - Handle async errors properly ### 4. Security (HIGH) - `security-auth-jwt` - Secure JWT authentication - `security-validate-all-input` - Validate with class-validator - `security-use-guards` - Authentication and authorization guards - `security-sanitize-output` - Prevent XSS attacks - `security-rate-limiting` - Implement rate limiting ### 5. Performance (HIGH) - `perf-async-hooks` - Proper async lifecycle hooks - `perf-use-caching` - Implement caching strategies - `perf-optimize-database` - Optimize database queries - `perf-lazy-loading` - Lazy load modules for faster startup ### 6. Testing (MEDIUM-HIGH) - `test-use-testing-module` - Use NestJS testing utilities - `test-e2e-supertest` - E2E testing with Supertest - `test-mock-external-services` - Mock external dependencies ### 7. Database & ORM (MEDIUM-HIGH) - `db-use-transactions` - Transaction management - `db-avoid-n-plus-one` - Avoid N+1 query problems - `db-use-migrations` - Use migrations for schema changes ### 8. API Design (MEDIUM) - `api-use-dto-serialization` - DTO and response serialization - `api-use-interceptors` - Cross-cutting concerns - `api-versioning` - API versioning strategies - `api-use-pipes` - Input transformation with pipes ### 9. Microservices (MEDIUM) - `micro-use-patterns` - Message and event patterns - `micro-use-health-checks` - Health checks for orchestration - `micro-use-queues` - Background job processing ### 10. DevOps &