express-api-patterns
Facilitates Express.js API development with best practices for routing, middleware, error handling, and request validation.
Install this skill
Security score
The express-api-patterns skill was audited on Feb 9, 2026 and we found 29 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 55 | console.log(`${req.method} ${req.path}`); |
Template literal with variable interpolation in command context
| 91 | console.log(`Server running on http://localhost:${PORT}`); |
Template literal with variable interpolation in command context
| 92 | console.log(`Environment: ${process.env.NODE_ENV || 'development'}`); |
Template literal with variable interpolation in command context
| 181 | res.write(`data: ${JSON.stringify(chunk)}\n\n`); |
Template literal with variable interpolation in command context
| 404 | throw new APIError(`Claude API error: ${error.message}`, 503); |
Template literal with variable interpolation in command context
| 411 | prompt += `Topic: ${config.topic}\n`; |
Template literal with variable interpolation in command context
| 412 | prompt += `Depth Level: ${config.depthLevel}\n`; |
Template literal with variable interpolation in command context
| 415 | prompt += `Style Flags: ${config.styleFlags.join(', ')}\n`; |
Template literal with variable interpolation in command context
| 547 | throw new Error(`Missing required config: ${missing.join(', ')}`); |
Access to .env file
| 38 | const PORT = process.env.PORT || 3001; |
Access to .env file
| 44 | origin: process.env.CLIENT_URL || 'http://localhost:5173', |
Access to .env file
| 53 | if (process.env.NODE_ENV === 'development') { |
Access to .env file
| 92 | console.log(`Environment: ${process.env.NODE_ENV || 'development'}`); |
Access to .env file
| 218 | const correctPassword = process.env.FACULTY_PASSWORD; |
Access to .env file
| 350 | stack: process.env.NODE_ENV === 'development' ? err.stack : undefined, |
Access to .env file
| 362 | ...(process.env.NODE_ENV === 'development' && { stack: err.stack }) |
Access to .env file
| 381 | apiKey: process.env.ANTHROPIC_API_KEY |
Access to .env file
| 507 | port: parseInt(process.env.PORT || '3001', 10), |
Access to .env file
| 508 | nodeEnv: process.env.NODE_ENV || 'development', |
Access to .env file
| 511 | password: process.env.FACULTY_PASSWORD |
Access to .env file
| 515 | apiKey: process.env.ANTHROPIC_API_KEY |
Access to .env file
| 519 | apiKey: process.env.OPENAI_API_KEY |
Access to .env file
| 523 | cloudName: process.env.CLOUDINARY_CLOUD_NAME, |
Access to .env file
| 524 | apiKey: process.env.CLOUDINARY_API_KEY, |
Access to .env file
| 525 | apiSecret: process.env.CLOUDINARY_API_SECRET |
Access to .env file
| 529 | origin: process.env.CLIENT_URL || 'http://localhost:5173' |
External URL reference
| 44 | origin: process.env.CLIENT_URL || 'http://localhost:5173', |
External URL reference
| 91 | console.log(`Server running on http://localhost:${PORT}`); |
External URL reference
| 529 | origin: process.env.CLIENT_URL || 'http://localhost:5173' |