{"id":13486813,"url":"https://github.com/chnirt/nestjs-graphql-best-practice","last_synced_at":"2025-05-14T14:08:17.494Z","repository":{"id":37819512,"uuid":"206923707","full_name":"chnirt/nestjs-graphql-best-practice","owner":"chnirt","description":"NestJS (Express + TypeORM + GraphQL + MongoDB) codebase containing real world examples (CRUD, auth, advanced patterns, etc).","archived":false,"fork":false,"pushed_at":"2025-04-12T08:57:10.000Z","size":4396,"stargazers_count":1331,"open_issues_count":119,"forks_count":250,"subscribers_count":28,"default_branch":"cicd","last_synced_at":"2025-04-12T14:15:36.277Z","etag":null,"topics":["apollo-graphql","mongodb","nestjs","nestjs-best-practices","typeorm","typescript"],"latest_commit_sha":null,"homepage":"https://github.com/chnirt/nestjs-graphql-best-practice","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chnirt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"chnirt","patreon":"chnirt","open_collective":"chnirt","ko_fi":"chnirt","tidelift":"chnirt/nestjs-graphql-best-practice","community_bridge":"nestjs-graphql-best-practice","liberapay":"chnirt","issuehunt":"chnirt","otechie":"chnirt","custom":"https://chnirt.github.io/nestjs-graphql-best-practice/"}},"created_at":"2019-09-07T06:03:22.000Z","updated_at":"2025-04-09T01:04:42.000Z","dependencies_parsed_at":"2023-01-31T16:46:42.711Z","dependency_job_id":"8c847839-4966-4001-8975-ea38ea41d0b9","html_url":"https://github.com/chnirt/nestjs-graphql-best-practice","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chnirt%2Fnestjs-graphql-best-practice","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chnirt%2Fnestjs-graphql-best-practice/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chnirt%2Fnestjs-graphql-best-practice/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chnirt%2Fnestjs-graphql-best-practice/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chnirt","download_url":"https://codeload.github.com/chnirt/nestjs-graphql-best-practice/tar.gz/refs/heads/cicd","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254159700,"owners_count":22024564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apollo-graphql","mongodb","nestjs","nestjs-best-practices","typeorm","typescript"],"created_at":"2024-07-31T18:00:51.505Z","updated_at":"2025-05-14T14:08:17.478Z","avatar_url":"https://github.com/chnirt.png","language":"TypeScript","funding_links":["https://github.com/sponsors/chnirt","https://patreon.com/chnirt","https://opencollective.com/chnirt","https://ko-fi.com/chnirt","https://tidelift.com/funding/github/chnirt/nestjs-graphql-best-practice","https://funding.communitybridge.org/projects/nestjs-graphql-best-practice","https://liberapay.com/chnirt","https://issuehunt.io/r/chnirt","https://otechie.com/chnirt","https://chnirt.github.io/nestjs-graphql-best-practice/","https://www.buymeacoffee.com/YT6K1FI"],"categories":["TypeScript"],"sub_categories":[],"readme":"# Nestjs GraphQL Best Practice\n\n\u003e ### NestJS (Express + Typeorm) codebase containing real world examples (CRUD, auth, advanced patterns, etc).\n\n[![Build Status](https://travis-ci.org/chnirt/nestjs-graphql-best-practice.svg?branch=cicd)](https://travis-ci.org/chnirt/nestjs-graphql-best-practice)\n[![CircleCI](https://circleci.com/gh/chnirt/nestjs-graphql-best-practice/tree/cicd.svg?style=svg)](https://circleci.com/gh/chnirt/nestjs-graphql-best-practice/tree/cicd)\n[![Known Vulnerabilities](https://snyk.io//test/github/chnirt/nestjs-graphql-best-practice/badge.svg?targetFile=package.json)](https://snyk.io//test/github/chnirt/nestjs-graphql-best-practice?targetFile=package.json)\n[![Greenkeeper badge](https://badges.greenkeeper.io/chnirt/nestjs-graphql-best-practice.svg)](https://greenkeeper.io/)\n[![Coverage Status](https://coveralls.io/repos/github/chnirt/nestjs-graphql-best-practice/badge.svg)](https://coveralls.io/github/chnirt/nestjs-graphql-best-practice)\n\n\u003cimg src=\"src/assets/images/project-logo.png\" alt=\"Node.js Best Practices\"\u003e\n\n## [Version 7.5.0](https://github.com/chnirt/nestjsv7.5.0.git)\n\n## Table of Contents\n\n- [Structure](#structure)\n- [Function](#function)\n- [Usage](#usage)\n- [Starting the Server](#starting-the-server)\n- [Node.js Best Practices](#nodejs-best-practices)\n  - [1. Project Structure Practices](#1-project-structure-practices)\n  - [2. Error Handling Practices](#2-error-handling-practices)\n  - [3. Code Style Practices](#3-code-style-practices)\n  - [4. Testing And Overall Quality Practices](#4-testing-and-overall-quality-practices)\n  - [5. Going To Production Practices](#5-going-to-production-practices)\n  - [6. Security Best Practices](#6-security-best-practices)\n  - [7. Performance Best Practices](#7-performance-best-practices)\n\n## Structure\n\n\u003cimg src=\"src/assets/images/structure.png\" alt=\"Node.js Best Practices\" width=\"250\"/\u003e\n\n## Function\n\n1. Dynamic import\n2. Authenticate\n   - Config jwt like OAuth ( access-token, refresh-token )\n   - OAuth Google\n   - OAuth Facebook\n3. Dump database\n   - Child process\n4. Logger\n   - NestJs\n   - Wiston\n5. Send mail\n   - Nodemailer\n6. Payment\n   - Stripe\n7. Task scheduler\n   - Timeout\n   - Interval\n   - Cron\n8. Translate\n   - Google translate\n9. Upload file\n   - Cloudinary\n   - Fs createWriteStream to folder static\n10. Test\n    - Unit\n    - E2e\n    - Coverage\n\n## Usage\n\n1. Clone repository\n\n```\n  git clone https://github.com/chnirt/nestjs-graphql-best-practice.git\n```\n\n2. Cd into directory\n\n```\n  cd nestjs-graphql-best-practice/\n```\n\n3. Create .env\n\n```\n  touch .env\n```\n\n4. Add to .env\n\n```\n  PORT=\u003cyourport\u003e\n```\n\n5. Install dependencies using npm\n\n```\n  npm i\n```\n\n## Starting the Server\n\n1. Generate graphql.schema.ts\n\n```\n  npm run gen\n```\n\n2.1 Start in development normal\n\n```\n  npm run start:dev\n```\n\n2.2 Start with webpack ( 2 terminal view )\n\n```\n  npm run webpack\n  npm run start:hmr\n```\n\n\u003ca href=\"https://www.buymeacoffee.com/YT6K1FI\" target=\"_blank\"\u003e\u003cimg src=\"https://cdn.buymeacoffee.com/buttons/default-orange.png\" alt=\"Buy Me A Coffee\" style=\"height: 51px !important;width: 217px; border-radius: 5px; !important;\" \u003e\u003c/a\u003e\n\n## Node.js Best Practices\n\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"src/assets/images/banner-2.jpg\" alt=\"Node.js Best Practices\"\u003e\n\u003c/h1\u003e\n\n### 1. Project Structure Practices\n\n[✔️] 1.1 Structure your solution by components\n\n[✔️] 1.2 Layer your components, keep Express within its boundaries\n\n[✔️] 1.3 Wrap common utilities as npm packages\n\n[❌] No neccessary - 1.4 Separate Express 'app' and 'server'\n\n[✔️] 1.5 Use environment aware, secure and hierarchical config\n\n### 2. Error Handling Practices\n\n[✔️] 2.1 Use Async-Await or promises for async error handling\n\n[✔️] 2.2 Use only the built-in Error object\n\n![❔] 2.3 Distinguish operational vs programmer errors\n\n[✔️] 2.4 Handle errors centrally, not within an Express middleware\n\n[✔️] 2.5 Document API errors using Swagger or GraphQL\n\n[✔️] 2.6 Exit the process gracefully when a stranger comes to town\n\n[✔️] 2.7 Use a mature logger to increase error visibility\n\n[✔️️] use Jest - 2.8 Test error flows using your favorite test framework\n\n![❔] 2.9 Discover errors and downtime using APM products\n\n[✔️] 2.10 Catch unhandled promise rejections\n\n[✔️] 2.11 Fail fast, validate arguments using a dedicated library\n\n### 3. Code Style Practices\n\n[❌] No neccessary - 3.1 Use ESLint\n\n[❔] 3.2 Node.js specific plugins\n\n[✔️] 3.3 Start a Codeblock's Curly Braces on the Same Line\n\n[✔️] 3.4 Separate your statements properly\n\n[✔️] 3.5 Name your functions\n\n[✔️] 3.6 Use naming conventions for variables, constants, functions and classes\n\n[✔️] 3.7 Prefer const over let. Ditch the var\n\n[✔️] 3.8 Require modules first, not inside functions\n\n[✔️] Nest must import files directly - 3.9 Require modules by folders, opposed to the files directly\n\n[✔️] 3.10 Use the `===` operator\n\n[✔️] 3.11 Use Async Await, avoid callbacks\n\n[✔️] 3.12 Use arrow function expressions (=\u003e)\n\n### 4. Testing And Overall Quality Practices\n\n[✔️] 4.1 At the very least, write API (component) testing\n\n[✔️] use Jest - 4.2 Include 3 parts in each test name\n\n[✔️] use Jest - 4.3 Structure tests by the AAA pattern\n\n[✔️] 4.4 Detect code issues with a linter\n\n[〽️] use Jest - 4.5 Avoid global test fixtures and seeds, add data per-test\n\n[✔️] 4.6 Constantly inspect for vulnerable dependencies\n\n![❔] 4.7 Tag your tests\n\n[✔️] 4.8 Check your test coverage, it helps to identify wrong test patterns\n\n[✔️] 4.9 Inspect for outdated packages\n\n[✔️] 4.10 Use production-like env for e2e testing\n\n[✔️] 4.11 Refactor regularly using static analysis tools\n\n[✔️] 4.12 Carefully choose your CI platform (Jenkins vs CircleCI vs Travis vs Rest of the world)\n\n### 5. Going To Production Practices\n\n![❔] 5.1. Monitoring!\n\n[✔️] 5.2. Increase transparency using smart logging\n\n![❔] 5.3. Delegate anything possible (e.g. gzip, SSL) to a reverse proxy\n\n[✔️] 5.4. Lock dependencies\n\n![❔] 5.5. Guard process uptime using the right tool\n\n[✔️] 5.6. Utilize all CPU cores\n\n[✔️] 5.7. Create a ‘maintenance endpoint’\n\n[✔️] 5.8. Discover errors and downtime using APM products\n\n[✔️] 5.9. Make your code production-ready\n\n![❔] 5.10. Measure and guard the memory usage\n\n[✔️] 5.11. Get your frontend assets out of Node\n\n![❔] 5.12. Be stateless, kill your servers almost every day\n\n[✔️] 5.13. Use tools that automatically detect vulnerabilities\n\n![❔] 5.14. Assign a transaction id to each log statement\n\n[✔️] 5.15. Set NODE_ENV=production\n\n![❔] 5.16. Design automated, atomic and zero-downtime deployments\n\n![❔] 5.17. Use an LTS release of Node.js\n\n![❔] 5.18. Don't route logs within the app\n\n### 6. Security Best Practices\n\n[✔️] 6.1. Embrace linter security rules\n\n[✔️] 6.2. Limit concurrent requests using a middleware\n\n[✔️] 6.3 Extract secrets from config files or use packages to encrypt them\n\n[✔️] 6.4. Prevent query injection vulnerabilities with ORM/ODM libraries\n\n![❔] 6.5. Collection of generic security best practices\n\n[✔️] 6.6. Adjust the HTTP response headers for enhanced security\n\n[✔️] 6.7. Constantly and automatically inspect for vulnerable dependencies\n\n[✔️] 6.8. Avoid using the Node.js crypto library for handling passwords, use Bcrypt\n\n![❔] 6.9. Escape HTML, JS and CSS output\n\n[✔️] 6.10. Validate incoming JSON schemas\n\n![❔] 6.11. Support blacklisting JWTs\n\n![❔] 6.12. Prevent brute-force attacks against authorization\n\n[✔️] 6.13. Run Node.js as non-root user\n\n[✔️] 6.14. Limit payload size using a reverse-proxy or a middleware\n\n![❔] 6.15. Avoid JavaScript eval statements\n\n![❔] 6.16. Prevent evil RegEx from overloading your single thread execution\n\n[✔️] 6.17. Avoid module loading using a variable\n\n![❔] 6.18. Run unsafe code in a sandbox\n\n![❔] 6.19. Take extra care when working with child processes\n\n[✔️] 6.20. Hide error details from clients\n\n[✔️] 6.21. Configure 2FA for npm or Yarn\n\n[❌] No neccessary - 6.22. Modify session middleware settings\n\n![❔] 6.23. Avoid DOS attacks by explicitly setting when a process should crash\n\n[❌] No neccessary - 6.24. Prevent unsafe redirects\n\n[✔️] 6.25. Avoid publishing secrets to the npm registry\n\n### 7. Performance Best Practices\n\nOur contributors are working on this section. [Would you like to join?](https://github.com/i0natan/nodebestpractices/issues/256)\n\n[✔️] 7.1. Prefer native JS methods over user-land utils like Lodash\n\n[❔] 7.2. Use Fastify in place of Express\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchnirt%2Fnestjs-graphql-best-practice","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchnirt%2Fnestjs-graphql-best-practice","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchnirt%2Fnestjs-graphql-best-practice/lists"}