Core Features โ
Express Forge comes packed with everything you need to build robust APIs.
๐ก๏ธ TypeScript First โ
Type safety is at the core of Express Forge. Every scaffolded project includes:
- Strict TypeScript configuration.
- Path aliases (e.g.,
@/config/env). - Type-safe environment variables via Zod.
- Automated scaffolding with your choice of npm, pnpm, yarn, or bun.
๐ Flexible Authentication โ
Scaffold a complete authentication system with a single choice:
- JWT Authentication: Choose between HttpOnly Cookies (recommended for web) or Bearer Headers (recommended for mobile/API clients).
- Session Auth: Battle-tested session management for stateful applications.
- Protected Routes: Every boilerplate includes a protected resource showing you exactly how to use the auth middleware.
๐พ Database Integration โ
Choose your favorite ORM and get started instantly:
- Prisma: Modern ORM with auto-generated client and type-safe queries.
- Sequelize: The most popular traditional ORM for Node.js.
- Migrations: Pre-configured scripts to handle database schema changes.
๐งช Testing Suite โ
Don't ship broken code. Express Forge sets up a complete testing environment:
- Vitest/Jest: Choose your favorite test runner.
- Supertest: For high-level API integration tests.
- Example Tests: Every scaffolded project includes example unit and integration tests.
๐ณ Docker Support โ
Ship to production with confidence:
- Multi-stage Build: Optimized Dockerfiles for smaller production images.
- Docker Compose: Includes a
docker-compose.ymlwith a database setup for local development.
๐ Security Best Practices โ
Stay secure by default with pre-configured industry standards:
- Helmet: Automatically sets security-related HTTP headers to protect against common vulnerabilities.
- CORS: Flexible Cross-Origin Resource Sharing configuration.
- Rate Limiting: Integrated
express-rate-limitto prevent brute-force attacks and DDoS. - Dotenv & Zod: Every environment variable is validated on startup. If a variable is missing or malformed, the app fails fast with a clear error message.
๐ Logging & Monitoring โ
- Pino/Winston: High-performance, structured logging. Pino is used by default for its extreme speed and JSON output, which is perfect for log aggregators like ELK or Datadog.
- Health Checks: A standard
/healthendpoint is included, providing uptime, memory usage, and database connectivity status.
๐ OpenAPI Documentation โ
Never let your documentation get out of sync:
- Swagger UI: Integrated UI to explore and test your API endpoints directly from the browser.
- Auto-generated Spec: The CLI generates a
docs.jsonendpoint that is always up-to-date with your code's JSDoc annotations. - Security Schemas: Pre-configured security definitions for your chosen auth strategy (Cookie or Bearer).
๐งฑ Graceful Shutdown โ
Every Express Forge project handles SIGTERM and SIGINT signals correctly. This ensures that:
- No new requests are accepted.
- Existing requests are finished.
- Database connections are closed cleanly.
- The process exits without data corruption.
๐ ๏ธ Error Handling & Responses โ
Express Forge enforces a consistent communication pattern between your API and clients.
Centralized Error Handling โ
A global error middleware is the "safety net" for your application. It catches all errors and transforms them into structured JSON responses, handling Zod validation errors and custom ApiError instances automatically.
Custom ApiError Class โ
Stop throwing generic strings. Use the built-in ApiError class to provide context, status codes, and operational flags:
ApiError.notFound('User not found')ApiError.unauthorized()ApiError.badRequest('Invalid input', validationErrors)
Standardized ApiResponse โ
Ensure your frontend team always knows what to expect. Every success response follows a predictable schema:
{
"success": true,
"message": "Operation successful",
"data": { ... }
}Async Error Wrapper โ
The provided asyncHandler utility eliminates the need for try-catch blocks in your controllers, automatically forwarding any promise rejections to the global error handler.