nestjs-best-practices
PopularNestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
NestJS best practices and architecture patterns for building production-ready applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper patterns for modules, dependency injection, security, and performance.
NestJS Best Practices
Comprehensive best practices guide for NestJS applications. Contains 40 rules across 10 categories, prioritized by impact to guide automated refactoring and code generation.
When to Apply
Reference these guidelines when:
- Writing new NestJS modules, controllers, or services
- Implementing authentication and authorization
- Reviewing code for architecture and security issues
- Refactoring existing NestJS codebases
- Optimizing performance or database queries
- Building microservices architectures
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|---|---|---|---|
| 1 | Architecture | CRITICAL | arch- |
| 2 | Dependency Injection | CRITICAL | di- |
| 3 | Error Handling | HIGH | error- |
| 4 | Security | HIGH | security- |
| 5 | Performance | HIGH | perf- |
| 6 | Testing | MEDIUM-HIGH | test- |
| 7 | Database & ORM | MEDIUM-HIGH | db- |
| 8 | API Design | MEDIUM | api- |
| 9 | Microservices | MEDIUM | micro- |
| 10 | DevOps & Deployment | LOW-MEDIUM | devops- |
Quick Reference
1. Architecture (CRITICAL)
arch-avoid-circular-deps- Avoid circular module dependenciesarch-feature-modules- Organize by feature, not technical layerarch-module-sharing- Proper module exports/imports, avoid duplicate providersarch-single-responsibility- Focused services over "god services"arch-use-repository-pattern- Abstract database logic for testabilityarch-use-events- Event-driven architecture for decoupling
2. Dependency Injection (CRITICAL)
di-avoid-service-locator- Avoid service locator anti-patterndi-interface-segregation- Interface Segregation Principle (ISP)di-liskov-substitution- Liskov Substitution Principle (LSP)di-prefer-constructor-injection- Constructor over property injectiondi-scope-awareness- Understand singleton/request/transient scopesdi-use-interfaces-tokens- Use injection tokens for interfaces
3. Error Handling (HIGH)
error-use-exception-filters- Centralized exception handlingerror-throw-http-exceptions- Use NestJS HTTP exceptionserror-handle-async-errors- Handle async errors properly
4. Security (HIGH)
security-auth-jwt- Secure JWT authenticationsecurity-validate-all-input- Validate with class-validatorsecurity-use-guards- Authentication and authorization guardssecurity-sanitize-output- Prevent XSS attackssecurity-rate-limiting- Implement rate limiting
5. Performance (HIGH)
perf-async-hooks- Proper async lifecycle hooksperf-use-caching- Implement caching strategiesperf-optimize-database- Optimize database queriesperf-lazy-loading- Lazy load modules for faster startup
6. Testing (MEDIUM-HIGH)
test-use-testing-module- Use NestJS testing utilitiestest-e2e-supertest- E2E testing with Supertesttest-mock-external-services- Mock external dependencies
7. Database & ORM (MEDIUM-HIGH)
db-use-transactions- Transaction managementdb-avoid-n-plus-one- Avoid N+1 query problemsdb-use-migrations- Use migrations for schema changes
8. API Design (MEDIUM)
api-use-dto-serialization- DTO and response serializationapi-use-interceptors- Cross-cutting concernsapi-versioning- API versioning strategiesapi-use-pipes- Input transformation with pipes
9. Microservices (MEDIUM)
micro-use-patterns- Message and event patternsmicro-use-health-checks- Health checks for orchestrationmicro-use-queues- Background job processing
10. DevOps & Deployment (LOW-MEDIUM)
devops-use-config-module- Environment configurationdevops-use-logging- Structured loggingdevops-graceful-shutdown- Zero-downtime deployments
How to Use
Read individual rule files for detailed explanations and code examples:
rules/arch-avoid-circular-deps.md
rules/security-validate-all-input.md
rules/_sections.md
Each rule file contains:
- Brief explanation of why it matters
- Incorrect code example with explanation
- Correct code example with explanation
- Additional context and references
Full Compiled Document
For the complete guide with all rules expanded: AGENTS.md
You Might Also Like
Related Skills
site-architecture
When the user wants to plan, map, or restructure their website's page hierarchy, navigation, URL structure, or internal linking. Also use when the user mentions "sitemap," "site map," "visual sitemap," "site structure," "page hierarchy," "information architecture," "IA," "navigation design," "URL structure," "breadcrumbs," "internal linking strategy," "website planning," "what pages do I need," "how should I organize my site," or "site navigation." Use this whenever someone is planning what pages a website should have and how they connect. NOT for XML sitemaps (that's technical SEO — see seo-audit). For SEO audits, see seo-audit. For structured data, see schema.
coreyhaines31
persona-it-admin
Administer IT — monitor security and configure Workspace.
googleworkspace
vercel-optimize
Use for Vercel cost and performance optimization on deployed projects, especially Next.js, SvelteKit, Nuxt, and limited Astro apps. Collect Vercel metrics, usage, project config, and code scan results first; investigate only metric-backed candidates; produce ranked recommendations grounded in verified files and version-aware Vercel/framework docs. Trigger for Vercel bill reduction, slow or expensive routes, caching opportunities, Function Invocations, Build Minutes, Fast Data Transfer, Core Web Vitals, Bot Management, Fluid compute, or cost breakdown requests.
vercel-labsgws-admin-reports
Google Workspace Admin SDK: Audit logs and usage reports.
googleworkspacegws-shared
gws CLI: Shared patterns for authentication, global flags, and output formatting.
googleworkspace