Project Summary

  • Date: June 2022 - December 2022
  • Description: era.js is an opinionated Node.js backend framework and CLI tool for scaffolding Express-based REST APIs. It provides a zero-config CLI (era dev) that interactively guides setup (database choice, MongoDB URI), pre-configures security middleware (Helmet, CORS, XSS, Mongo sanitization), and offers a modular loader pattern with route abstraction utilities - reducing boilerplate when starting new Node.js backend projects.

Motivation

Eliminate repetitive setup when starting new Node.js REST APIs by providing a structured, security-hardened skeleton with an interactive CLI, so I can skip boilerplate and dive straight into writing business logic.

Links

Github repo: https://github.com/benlhachemi/era.js

Tech Stack

  • Runtime: Node.js (ES Modules)
  • Web Framework: Express.js 4.x
  • Database: MongoDB (Mongoose 6.x)
  • Auth: JWT, bcrypt, Google OAuth
  • Validation: Joi
  • CLI: Yargs, Inquirer, Boxen, Signale
  • Security: Helmet, xss-clean, express-mongo-sanitize
  • Dev Tools: ESLint (Airbnb), Nodemon

Key Features

  1. Custom CLI (era dev) - Interactive setup with DB config prompts, auto-detects missing MongoDB URI, starts dev server via Nodemon with styled startup output.
  2. Pre-configured Security Pipeline - Helmet, CORS, body/cookie parsers, XSS sanitization, and MongoDB operator injection protection wired in.
  3. Modular Loader Architecture - Clean 3-tier loader (index, middlewares, routes) for pluggable middleware and route mounting.
  4. Route Abstraction Utilities - publicRoute() builder maps HTTP methods to controllers with input validation; stubs for authRoute and adminRoute indicate planned auth layers.
  5. JWT Authentication Plumbing - Dependencies and partial implementation for JWT, refresh tokens, and Google OAuth login.

What I Learned

  • Designing an interactive CLI with Yargs + Inquirer that checks config state before launching a dev server.
  • Structuring a modular Express app with a loader pattern (middleware, routes, server).
  • Building abstract route utilities to keep controller code clean and consistent.
  • Hardening an Express app with security best practices (Helmet, XSS, Mongo sanitization).
  • Scaffolding architecture that balances flexibility with opinionated defaults.
  • Managing an unfinished OSS project - understanding what it takes to go from scaffolding to production readiness.