https://github.com/matiaspalmac/fivem-resource-builder
Scaffold secure FiveM and RedM resources fast. A Claude Code skill for ESX, QBCore, QBox, ox and NUI.
https://github.com/matiaspalmac/fivem-resource-builder
boilerplate claude-code claude-skill esx fivem generator gta5 lua nui ox-lib qbcore qbox rdr3 redm scaffolding
Last synced: about 4 hours ago
JSON representation
Scaffold secure FiveM and RedM resources fast. A Claude Code skill for ESX, QBCore, QBox, ox and NUI.
- Host: GitHub
- URL: https://github.com/matiaspalmac/fivem-resource-builder
- Owner: matiaspalmac
- License: mit
- Created: 2026-06-21T09:32:01.000Z (10 days ago)
- Default Branch: main
- Last Pushed: 2026-06-21T14:37:56.000Z (10 days ago)
- Last Synced: 2026-06-21T16:24:06.813Z (10 days ago)
- Topics: boilerplate, claude-code, claude-skill, esx, fivem, generator, gta5, lua, nui, ox-lib, qbcore, qbox, rdr3, redm, scaffolding
- Language: JavaScript
- Homepage: https://www.npmjs.com/package/fivem-resource-builder
- Size: 43 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# FiveM Resource Builder
[](https://www.npmjs.com/package/fivem-resource-builder)
[](https://www.npmjs.com/package/fivem-resource-builder)
[](https://opensource.org/licenses/MIT)
A Claude Code skill that scaffolds full FiveM and RedM resources with the security already in place. Ask for a shop, a garage, a job, a HUD; you get a working resource where every server event validates input, every price lives on the server, and nothing trusts the client.
```bash
npx fivem-resource-builder
```
Restart Claude Code, then `/fivem-resource-builder` or just say what you want:
> "create a QBCore shop with a NUI"
> "scaffold an ESX garage"
> "add a secure buy event to this resource"
## Why it's different
Most generators hand you an empty skeleton and wish you luck. This one writes the parts people get wrong:
- `source` resolved on the server, never sent by the client
- Input validated for type, range, length and NaN
- Rate limits and anti-dupe mutexes on money and item events
- Prices read from server config, not from the NUI
- Proximity checks on world actions
- `playerDropped` and `onResourceStop` cleanup, every time
- NUI that escapes user text and ships a browser preview mode
The output is built to pass the audit (below) on the first run.
## What you get
| Layer | What it generates |
|-------|-------------------|
| Manifest | `cerulean`, `lua54`, explicit file list, declared dependencies |
| Framework | auto-detect bridge for ESX, QBCore, QBox (ox_core), ND_Core, standalone |
| Server | validated events, parameterized SQL, ACE permissions |
| Client | two-tier threads, cached natives, full cleanup |
| NUI | XSS-safe rendering, intent-only callbacks, CSP, preview mode |
| ox | `lib.callback`, `ox_target`, `ox_inventory` hooks, `lib.points`, `lib.locale` |
| TypeScript | optional esbuild/Vite build with typed natives and NUI hot reload |
| CI | luacheck GitHub Action and `.luacheckrc` tuned for Cfx globals |
It looks up real natives, framework exports and model hashes instead of guessing them.
Frameworks: ESX Legacy, QBCore, QBox (ox_core), ND_Core, ox_lib, standalone, and RedM (VORP, RSG, RedEM).
## The toolkit
Three tools, one workflow.
| Stage | Tool |
|-------|------|
| Build | **fivem-resource-builder** |
| Audit | [fivem-security-audit](https://github.com/matiaspalmac/fivem-security-audit) |
| Protect | [dei_security_scanner](https://github.com/matiaspalmac/dei_security_scanner) |
Build it secure, audit the diff before you deploy, run the scanner so anything injected later gets caught.
## License
MIT