ClawHub

NestJS

Avoid common NestJS mistakes — DI scoping, circular dependencies, validation pipes, and module organization traps.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 756 · 6 current installs · 6 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is a NestJS best-practices guide; asking only for the 'node' binary (present on systems that run Nest apps) is reasonable. There are no unrelated binaries, credentials, or config paths requested.
Instruction Scope
SKILL.md contains developer guidance (DI, modules, validation, execution order, testing) and does not instruct the agent to read files, access secrets, call external endpoints, or perform system-level changes. The instructions are advisory and confined to the stated topic.
Install Mechanism
No install step or remote downloads are present (instruction-only). Nothing is written to disk or executed by an installer as part of the skill package.
Credentials
The skill declares no environment variables, credentials, or config paths. That aligns with an advice-only NestJS guidance skill and is proportionate.
Persistence & Privilege
always is false and there is no installation or configuration persistence. The skill does not request elevated or permanent presence in the agent environment.
Assessment
This skill is an advice-only set of NestJS best practices and appears internally consistent and low-risk: it doesn't request credentials, install code, or access files. Before relying on any recommendation in production, validate the specific guidance against the official NestJS docs or your codebase (small nuances exist in framework behavior). Also ensure your environment has Node on PATH if you plan to run any related tooling; otherwise you can safely enable this skill for developer help.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk973e2b1cyzyjhnzhnzz40d1xd80x1kh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐱 Clawdis
OSLinux · macOS · Windows
Binsnode

SKILL.md

Dependency Injection

  • Provider not available — must be in providers array AND exports if used by other modules
  • Circular dependency crashes — use forwardRef(() => Module) in both modules
  • Default scope is singleton — same instance across requests, careful with state
  • Request-scoped provider — @Injectable({ scope: Scope.REQUEST }), propagates to dependents

Module Organization

  • Import module, not provider directly — imports: [UserModule] not providers: [UserService]
  • exports makes providers available to importers — without it, provider stays private
  • Global modules need @Global() decorator — only for truly shared (config, logger)
  • forRoot() vs forRootAsync() — async for when config depends on other providers

Validation

  • ValidationPipe needs class-validator decorators — plain classes won't validate
  • Enable transform: true for auto-transformation — string "1" to number 1
  • whitelist: true strips unknown properties — forbidNonWhitelisted: true to error instead
  • Nested objects need @ValidateNested() AND @Type(() => NestedDto) — both required

Execution Order

  • Middleware → Guards → Interceptors (pre) → Pipes → Handler → Interceptors (post) → Filters
  • Guards can't access transformed body — run before pipes
  • Global pipes run before route pipes — but after guards
  • Exception filters catch errors from entire chain — including guards and pipes

Exception Handling

  • throw new HttpException() not return — must throw for filter to catch
  • Custom exceptions extend HttpException — or implement ExceptionFilter
  • Unhandled exceptions become 500 — wrap external calls in try/catch
  • Built-in exceptions: BadRequestException, NotFoundException, etc. — use these, not generic HttpException

Testing

  • createTestingModule doesn't auto-mock — provide mocks explicitly in providers
  • Override with .overrideProvider(X).useValue(mock) — before .compile()
  • E2E tests need app.init() — and app.close() in afterAll
  • Request-scoped providers complicate unit tests — consider making them singleton when possible

Common Mistakes

  • @Body() without DTO returns plain object — no validation, no transformation
  • @Param('id') is always string — use ParseIntPipe for number: @Param('id', ParseIntPipe)
  • Guards returning false gives 403 — throw specific exception for better error messages
  • Async providers need factory — useFactory: async () => await createConnection()
  • Forgetting await on async service methods — returns Promise, not value

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…