nodejs-backend-patterns
Provides guidance for building scalable Node.js backend services using Express/Fastify, covering best practices and architectural patterns.
Install this skill
Security score
The nodejs-backend-patterns skill was audited on May 28, 2026 and we found 13 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 46 | console.log(`${req.method} ${req.path}`); |
Template literal with variable interpolation in command context
| 52 | console.log(`Server running on port ${PORT}`); |
Template literal with variable interpolation in command context
| 277 | const setClause = fields.map((field, idx) => `${field} = $${idx + 2}`).join(", "); |
Template literal with variable interpolation in command context
| 279 | const query = ` |
Template literal with variable interpolation in command context
| 466 | duration: `${duration}ms`, |
Access to .env file
| 37 | app.use(cors({ origin: process.env.ALLOWED_ORIGINS?.split(",") })); |
Access to .env file
| 50 | const PORT = process.env.PORT || 3000; |
Access to .env file
| 68 | level: process.env.LOG_LEVEL || "info", |
Access to .env file
| 333 | const payload = jwt.verify(token, process.env.JWT_SECRET!) as JWTPayload; |
Access to .env file
| 414 | host: process.env.REDIS_HOST, |
Access to .env file
| 415 | port: parseInt(process.env.REDIS_PORT || "6379"), |
Access to .env file
| 449 | level: process.env.LOG_LEVEL || "info", |
Access to .env file
| 556 | const message = process.env.NODE_ENV === "production" ? "Internal server error" : err.message; |