Skip to main content

nodejs-backend-patterns

Guides on building production-ready Node.js backend services with best practices for APIs, authentication, and database integration.

Install this skill

or
41/100

Security score

The nodejs-backend-patterns skill was audited on Mar 8, 2026 and we found 31 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 46

Template literal with variable interpolation in command context

SourceSKILL.md
46console.log(`${req.method} ${req.path}`);
medium line 52

Template literal with variable interpolation in command context

SourceSKILL.md
52console.log(`Server running on port ${PORT}`);
medium line 284

Template literal with variable interpolation in command context

SourceSKILL.md
284.map((field, idx) => `${field} = $${idx + 2}`)
medium line 287

Template literal with variable interpolation in command context

SourceSKILL.md
287const query = `
medium line 328

Template literal with variable interpolation in command context

SourceSKILL.md
328throw new Error(`No factory registered for ${key}`);
medium line 555

Template literal with variable interpolation in command context

SourceSKILL.md
555duration: `${duration}ms`,
medium line 954

Template literal with variable interpolation in command context

SourceSKILL.md
954const cacheKey = `${propertyKey}:${JSON.stringify(args)}`;
low line 37

Access to .env file

SourceSKILL.md
37app.use(cors({ origin: process.env.ALLOWED_ORIGINS?.split(",") }));
low line 50

Access to .env file

SourceSKILL.md
50const PORT = process.env.PORT || 3000;
low line 68

Access to .env file

SourceSKILL.md
68level: process.env.LOG_LEVEL || "info",
low line 351

Access to .env file

SourceSKILL.md
351host: process.env.DB_HOST,
low line 352

Access to .env file

SourceSKILL.md
352port: parseInt(process.env.DB_PORT || "5432"),
low line 353

Access to .env file

SourceSKILL.md
353database: process.env.DB_NAME,
low line 354

Access to .env file

SourceSKILL.md
354user: process.env.DB_USER,
low line 355

Access to .env file

SourceSKILL.md
355password: process.env.DB_PASSWORD,
low line 418

Access to .env file

SourceSKILL.md
418const payload = jwt.verify(token, process.env.JWT_SECRET!) as JWTPayload;
low line 499

Access to .env file

SourceSKILL.md
499host: process.env.REDIS_HOST,
low line 500

Access to .env file

SourceSKILL.md
500port: parseInt(process.env.REDIS_PORT || "6379"),
low line 534

Access to .env file

SourceSKILL.md
534level: process.env.LOG_LEVEL || "info",
low line 651

Access to .env file

SourceSKILL.md
651process.env.NODE_ENV === "production"
low line 680

Access to .env file

SourceSKILL.md
680host: process.env.DB_HOST,
low line 681

Access to .env file

SourceSKILL.md
681port: parseInt(process.env.DB_PORT || "5432"),
low line 682

Access to .env file

SourceSKILL.md
682database: process.env.DB_NAME,
low line 683

Access to .env file

SourceSKILL.md
683user: process.env.DB_USER,
low line 684

Access to .env file

SourceSKILL.md
684password: process.env.DB_PASSWORD,
low line 717

Access to .env file

SourceSKILL.md
717await mongoose.connect(process.env.MONGODB_URI!, {
low line 867

Access to .env file

SourceSKILL.md
867process.env.REFRESH_TOKEN_SECRET!,
low line 888

Access to .env file

SourceSKILL.md
888return jwt.sign(payload, process.env.JWT_SECRET!, {
low line 894

Access to .env file

SourceSKILL.md
894return jwt.sign(payload, process.env.REFRESH_TOKEN_SECRET!, {
low line 908

Access to .env file

SourceSKILL.md
908host: process.env.REDIS_HOST,
low line 909

Access to .env file

SourceSKILL.md
909port: parseInt(process.env.REDIS_PORT || "6379"),
Scanned on Mar 8, 2026
View Security Dashboard
Installation guide →
GitHub Stars 30.6K
Rate this skill
Categorydevelopment
UpdatedApril 11, 2026
openclawbackendbackend-developerfullstack-developerproduct-managerdevelopmentproduct
javascript-typescriptwshobson/agents