Gathering detailed insights and metrics for node-express-mongodb-jwt-rest-api-skeleton
Gathering detailed insights and metrics for node-express-mongodb-jwt-rest-api-skeleton
This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API). Demo of frontend in VueJS here: https://github.com/davellanedam/vue-skeleton-mvp
Installations
npm install node-express-mongodb-jwt-rest-api-skeletonDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
12.22.12
NPM Version
6.14.16
Score
38.2
Supply Chain
87.1
Quality
67.2
Maintenance
25
Vulnerability
95.1
License
Contributors
5
Unable to fetch Contributors
Languages
3
JavaScript
HTML
Shell
JavaScript (99.2%)
HTML (0.48%)
Shell (0.32%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
davellanedam
Download Statistics
Total Downloads
38,639
Last Day
5
Last Week
88
Last Month
339
Last Year
8,049
GitHub Statistics
MIT License
902 Stars
374 Commits
286 Forks
46 Watchers
10 Branches
5 Contributors
Updated on Jan 28, 2025
Maintainers
1
Package Meta Information
Latest Version
9.0.5
Package Id
node-express-mongodb-jwt-rest-api-skeleton@9.0.5
Unpacked Size
162.84 kB
Size
38.24 kB
File Count
153
NPM Version
6.14.16
Node Version
12.22.12
Total Downloads
Cumulative downloads
Total Downloads
38,639
Last Day
25%
5
Compared to previous day
Last Week
2.3%
88
Compared to previous week
Last Month
-18.5%
339
Compared to previous month
Last Year
81%
8,049
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
26
Node.js express.js MongoDB JWT REST API - Basic Project Skeleton
Getting started
This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API)
This project is created to help other developers create a basic REST API in an easy way with Node.js. This basic example shows how powerful and simple JavaScript can be. Do you want to contribute? Pull requests are always welcome to show more features.
Buy me a coffee
Hi! I'm Daniel Avellaneda, I'm an open source enthusiast and devote my free time to building projects in this field.
I'm the creator and maintainer of node-express-mongodb-jwt-rest-api-skeleton and vue-skeleton-mvp
These projects are a "starter web app kit" for any developer who wants to build their own app without starting from scratch: API + Frontend
Both projects have been downloaded thousands of times by web developers around the world.
I'm doing my best to provide you a good experience when using my apps, so if you like what I'm doing and wish to say "thanks!", please buy me a coffee :coffee:
Feel free to send me a tweet https://twitter.com/davellanedam, share this with others or make a pull request
Features
- Multiple environment ready (development, production)
- Custom email/password user system with basic security and blocking for preventing brute force attacks.
- Compressed responses.
- Secured HTTP headers.
- CORS ready.
- Cache ready (Redis).
- HTTP request logger in development mode.
- i18n ready (for sending emails in multiple languages).
- User roles.
- Pagination ready.
- User profile.
- Users list for admin area.
- Cities model and controller example.
- Login access log with IP, browser and country location (for country it looks for the header
cf-ipcountrythat CloudFlare creates when protecting your website). - API autogenerated documentation by Postman.
- API collection example for Postman.
- Testing with mocha/chai for API endpoints.
- NPM scripts for cleaning and seeding the MongoDB database.
- NPM script for keeping good source code formatting using prettier and ESLint.
- Use of ESLint for good coding practices.
- Mailer example with Nodemailer and Mailgun.
- Ability to refresh token
- JWT Tokens, make requests with a token after login with
Authorizationheader with valueBearer yourTokenwhereyourTokenis the signed and encrypted token given in the response from the login process.
Requirements
- Node.js 10+
- MongoDB 3.6+
- Redis 5.0+
Demo
A demo of this API is located at: https://api-demo.daniel-avellaneda.com
Login credentials
email: admin@admin.com
password: 12345
IMPORTANT: Database resets every 30 mins like "12:00am, 12:30am, 1:00am" and so on. So anything you do with the API will be lost after a short time.
API documentation
Postman API example collection
If you want to test it don´t forget to change the server variable to:
https://api-demo.daniel-avellaneda.com
Demo is also linked to a VueJS project that shows how this API can be integrated to a frontend that is able to consume an API.
Repo is here: https://github.com/davellanedam/vue-skeleton-mvp
Running demo is here: https://vue-demo.daniel-avellaneda.com
How to install
Using Git (recommended)
- Clone the project from github. Change "myproject" to your project name.
1git clone https://github.com/davellanedam/node-express-mongodb-jwt-rest-api-skeleton.git ./myproject
Using manual download ZIP
- Download repository
- Uncompress to your desired directory
Install npm dependencies after installing (Git or manual download)
1cd myproject 2npm install 3npm update
Setting up environments (development or production)
- In the root this repository you will find a file named
.env.example - Create a new file by copying and pasting the file and then renaming it to just
.env - The file
.envis already ignored, so you never commit your credentials. - Change the values of the file to your environment (development or production)
- Upload the
.envto your environment server(development or production) - If you use the postman collection to try the endpoints, change value of the variable
serveron your environment to the url of your server, for development mode use http://localhost:3000
IMPORTANT: By default token expires in 3 days (4320 minutes set in .env.example). You can refresh token at endpoint GET /token. If everything it´s ok you will get a new token.
Mailer
To ensure the deliverability of emails sent by this API, Mailgun is used for mailing users when they sign up, so if you want to use that feature go sign up at their website https://www.mailgun.com
If you want to try a different method it´s ok, I used https://nodemailer.com for this API and they have different transport methods like: smtp.
i18n
Language is automatically detected from Accept-Language header on the request. So either you send locale manually on the request or your browser will send its default, if Accept-Language header is not sent then it will use en locale as default.
How to run
Database cleaning and seeding samples
There are 3 available commands for this: fresh, clean and seed.
1npm run command
freshcleans and then seeds the database with dynamic data.cleancleans the database.seedseeds the database with dynamic data.
Running in development mode (lifting API server)
1npm run dev
You will know server is running by checking the output of the command npm run dev
1**************************** 2* Starting Server 3* Port: 3000 4* NODE_ENV: development 5* Database: MongoDB 6* DB Connection: OK 7****************************
Running tests
It´s a good practice to do tests at your code, so a sample of how to do that in mocha/chai is also included in the /test directory
1npm run test
Formatting code
Format your code with prettier by typing:
1npm run format
Formatting markdown files
Format all your markdown files with remark by typing:
1npm run remark
Linting code
Lint your code with ESLint by typing:
1npm run lint
Usage
Once everything is set up to test API routes either use Postman or any other api testing application. Default username/password combination for login is admin@admin.com/12345.
API documentation
https://documenter.getpostman.com/view/487539/RWaHwoLV
Postman API example collection
You can import the example collection to Postman. To import, click the import button located and select postman-example.json located within the root directory.
Go to manage environments to create environments for development, production, etc. On each of the environments you create you will need to:
-
Create a new key
authTokenand within the/loginrequest this value is automatically updated after a successfull login through a script located in theteststab. Each time you make a request to the API it will sendAuthorizationheader with thetokenvalue in the request, you can check this on the headers of users or cities endpoints in the Postman example. -
Create a second key
serverwith the url of your server, for development mode use http://localhost:3000
This is a REST API, so it works using the following HTTP methods:
- GET (Read): Gets a list of items, or a single item
- POST (Create): Creates an item
- PATCH (Update): Updates an item
- DELETE: Deletes an item
Creating new models
If you need to add more models to the project just create a new file in /app/models/ and it will be loaded dynamically.
Creating new routes
If you need to add more routes to the project just create a new file in /app/routes/ and it will be loaded dynamically.
Creating new controllers
When you create a new controller, try to also create another folder with validations and helpers. Ex. /countries, /countries/validators and /countries/helpers. An example of this is included in the repository.
Bugs or improvements
Feel free to report any bugs or improvements. Pull requests are always welcome.
License
This project is open-sourced software licensed under the MIT License. See the LICENSE file for more information.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 2/8 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'development'
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
47 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-pvrw-g6fx-mcx2
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-f825-f98c-gj3g
- Warn: Project is vulnerable to: GHSA-h8hf-x3f4-xwgp
- Warn: Project is vulnerable to: GHSA-9m93-w8w6-76hh
- Warn: Project is vulnerable to: GHSA-m7xq-9374-9rvx
- Warn: Project is vulnerable to: GHSA-vg7j-7cwx-8wgw
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9h6g-pr28-7cqp
- Warn: Project is vulnerable to: GHSA-v923-w3x8-wh69
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-35q2-47q7-3pc3
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
2
/10
Last Scanned on 2025-02-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More