Gathering detailed insights and metrics for nodstarter
Gathering detailed insights and metrics for nodstarter
Starter application for Node.js to provide rapid Restful APIs development, pre-configured, secured routers, services, and models
Installations
npm install nodstarterDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
13.8.0
NPM Version
6.14.2
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
1 Stars
66 Commits
1 Forks
1 Watchers
15 Branches
4 Contributors
Updated on Aug 22, 2024
Maintainers
1
Package Meta Information
Latest Version
1.0.21
Package Id
nodstarter@1.0.21
Unpacked Size
36.24 kB
Size
11.10 kB
File Count
29
NPM Version
6.14.2
Node Version
13.8.0
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
11
Nodstarter
Nodstarter is a starter application for Node.js designed to facilitate rapid RESTful API development. It provides pre-configured, secured routers, services, and models to streamline the creation of secure and scalable applications.
Table of Contents
- General Info
- Technologies
- Initial Code
- Project Structure
- Code Example
- Sign In API Call Example
- Environment Variables
- Setup
- Before Running
- Demo
- New Ideas
- Future Plans
- Contributing
- License Summary
- NPM Statistics
- Project Based
General Info
Nodstarter provides a framework for developing secure RESTful APIs quickly. It includes pre-configured routers, services, and models, allowing developers to focus on writing business logic rather than setup and configuration.
Technologies
- Node.js: JavaScript runtime for building scalable network applications.
- Express: Web framework for Node.js.
- MongoDB: NoSQL database for storing data.
- Mongoose: ORM for MongoDB.
- Lodash: Utility library for JavaScript.
- Morgan: HTTP request logger middleware.
- Body-parser: Middleware for parsing request bodies.
- Method-override: Middleware to allow HTTP verbs such as PUT or DELETE.
- Bcrypt: Library for hashing passwords.
- Express-jwt: Middleware for JWT authentication.
- Jsonwebtoken: Library for signing and verifying JSON Web Tokens.
- Cors: Middleware for enabling Cross-Origin Resource Sharing.
- Nodemon: Utility for auto-reloading the server during development.
- Testing Libraries: Supertest, Chai, and Mocha for testing.
Initial Code
Nodstarter includes models for users, posts, and categories, with predefined relationships:
- User to Posts: One-to-many.
- Posts to Categories: Many-to-many.
These components are organized into routers, controllers, and models to provide a clear structure for API development.
Project structure
├── index.js
├── package.json
├── scripts
│ └── post_install.js
└── server
├── api
│ ├── categories
│ │ ├── controller.js
│ │ ├── model.js
│ │ └── router.js
│ ├── index.js
│ ├── posts
│ │ ├── controller.js
│ │ ├── model.js
│ │ └── router.js
│ └── users
│ ├── controller.js
│ ├── model.js
│ └── router.js
├── auth
│ ├── controller.js
│ ├── index.js
│ └── routers.js
├── config
│ ├── development.js
│ ├── index.js
│ ├── production.js
│ └── testing.js
├── index.js
├── middleware
│ ├── err.js
│ └── index.js
└── util
├── createRouter.js
└── logger.js
Code example
This is the configuration to the JWT token to the user
JWT configuration
1const expressJwt = require('express-jwt'); 2const config = require('../config'); 3const logger = require('../util/logger'); 4const jwt = require('jsonwebtoken'); 5const checkToken = expressJwt({ 6 secret: config.secrets.jwt 7}); 8const User = require('../api/users/model'); 9exports.decodeToken = () => { 10 return (req, res, next) => { 11 if (req.query && req.query.hasOwnProperty('access_token')) { 12 req.headers.authorization = 'Bearer ' + req.query.access_token; 13 } 14 checkToken(req, res, next); 15 }; 16}; 17 18exports.getFreshUser = () => { 19 return (req, res, next) => { 20 User.findById(req.user._id) 21 .then((user) => { 22 if (!user) { 23 res.status(400).send('Unanuthorized'); 24 } else { 25 req.user = user; 26 next(); 27 } 28 }, (err) => { 29 next(err); 30 }); 31 }; 32}; 33 34exports.verifyUser = () => { 35 return (req, res, next) => { 36 var username = req.body.username; 37 var password = req.body.password; 38 39 if (!username || !password) { 40 res.status(400).send('You need a username and password'); 41 return; 42 } 43 44 User.findOne({ 45 username: username 46 }) 47 .then((user) => { 48 logger.log('the selected user from DB: ' + user); 49 if (!user) { 50 logger.log('No user with the given username'); 51 res.status(401).send('Invalid username or password'); 52 } else if (!user.authenticate(password)) { 53 logger.log('Invalid password'); 54 res.status(401).send('Invalid username or password'); 55 } else { 56 req.user = user; 57 next(); 58 } 59 }, (err) => { 60 next(err); 61 }); 62 }; 63}; 64 65exports.signToken = (id) => { 66 logger.log("id is: " + id); 67 return jwt.sign({ 68 _id: id 69 }, config.secrets.jwt, { 70 expiresIn: config.expireTime 71 }); 72};
Sign in API call example
1curl --header "Content-Type: application/json" --request POST --data '{"username":"test_user_4","password":"12345"}' http://localhost:3000/auth/signin
, Output
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1ZTY2NjQwODYzMGE0NDE3MThiMjNhMzgiLCJpYXQiOjE1ODQ2Mzc4NDIsImV4cCI6MTU4NDY1MjI0Mn0.MODWP86ebc8XOMjDGyuvNCWWoKnQhpZpl81ynFGExG8"}
Environment variables
Nodstarter starts searching first for the following environment variables if found them will use them if not will use the default. The default values for NODE_ENV is development, NODE_PORT is 3000 and JWT is Gambell
You can choose the environment for the NODE_ENV variable from one of the following profiles (development, production, testing)
NODE_ENVNODE_PORTJWT
Setup
- Init with npm:
1$ npm init
- Install:
1$ npm install nodstarter
- Start:
1$ npm start
, or use in one-line command:
1$ npm init; npm install nodstarter; npm start
Before running
Please make sure that the MongoDB daemon is up and running
- Ubuntu
systemctl start mongodb
- Macos
brew services run mongodb-community
Demo
Running Tests (future plan)
Running and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:
1$ npm install && npm test
Future plans
- Swagger file for the existing APIs
- Add tests for the existing APIs
- Ability to make nodstarter a command line to install models, controllers and routers, etc.
New Ideas
If you have new ideas about the project please describe what you want to do and changes using an issue.
Contributing
See CONTRIBUTING.md
License summary
See License
NPM statistics
Project based
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/14 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/0xh3xa/nodstarter/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/0xh3xa/nodstarter/nodejs.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:25
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 2 commits out of 26 are checked with a SAST tool
Reason
16 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-m7xq-9374-9rvx
- Warn: Project is vulnerable to: GHSA-vg7j-7cwx-8wgw
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Score
2.8
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More