New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@cwt-build/backfire

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cwt-build/backfire

Generate production-ready Node.js backend boilerplates in seconds

latest
Source
npmnpm
Version
1.0.5
Version published
Maintainers
1
Created
Source

backfire

Backend API Creation Kit - Fast Init & Ready Environment

npm version License: MIT

Fire up production-ready Node.js backends in seconds.

Stop wasting time on boilerplate. Generate a complete, production-ready backend with authentication, validation, and best practices built in.

Features

  • Instant Setup - Get a production-ready backend in under 60 seconds
  • Authentication Ready - JWT auth, password hashing, protected routes
  • TypeScript Support - Full TypeScript or JavaScript support
  • Feature Selection - Choose exactly what you need
  • API Documentation - Auto-generated Swagger/OpenAPI docs
  • Testing Ready - Jest configuration included (optional)
  • Docker Support - Dockerfile and docker-compose included (optional)
  • Email Integration - Nodemailer or SendGrid support
  • Logging - Winston or Pino logger integration
  • Security - Helmet, rate limiting, input validation, XSS protection
  • Best Practices - Clean architecture, error handling, async patterns

Quick Start

No installation required

npx @cwt-build/backfire my-awesome-api

Follow the interactive prompts to configure your backend.

Next Steps

cd my-awesome-api
npm install
cp .env.example .env
# Edit .env with your MongoDB URI
npm run dev

Your API is now running on http://localhost:5000

Installation Options

Option 1: Use npx (Recommended)

# No installation needed
npx @cwt-build/backfire my-api

Option 2: Global Installation

# Install once
npm install -g @cwt-build/backfire

# Use anytime
backfire my-api

Command Line Options

backfire <project-name> [options]

Options:
  -l, --language <type>    Language: javascript or typescript (default: javascript)
  -p, --port <number>      Server port (default: 5000)
  -d, --database <name>    Database name
  --skip-install           Skip npm install
  --skip-git              Skip git initialization
  -y, --yes               Skip prompts, use defaults
  -h, --help              Display help
  -V, --version           Display version

Examples:
  backfire my-api
  backfire my-api --language typescript
  backfire my-api --language typescript --port 3000 --yes

Why backfire?

Backend API Creation Kit - Fast Init & Ready Environment

  • Fast - Generate backends in seconds
  • Production-Ready - Best practices built in
  • Flexible - Choose only what you need
  • Modern - Latest Node.js patterns
  • Secure - Security by default

Generated API Endpoints

POST   /api/v1/auth/register          Register new user
POST   /api/v1/auth/login             Login user
POST   /api/v1/auth/logout            Logout user
GET    /api/v1/auth/me                Get current user (protected)
PUT    /api/v1/auth/update-password   Update password (protected)
PUT    /api/v1/auth/update-profile    Update profile (protected)
GET    /api/v1/users                  Get all users (admin only)
GET    /api/v1/users/:id              Get user by ID (admin only)
DELETE /api/v1/users/:id              Delete user (admin only)
GET    /health                        Server health check

Tech Stack

  • Runtime: Node.js
  • Framework: Express.js
  • Database: MongoDB with Mongoose
  • Authentication: JWT with bcryptjs
  • Language: TypeScript or JavaScript
  • Validation: express-validator
  • Security: Helmet, CORS, rate limiting, XSS protection
  • Logging: Winston or Pino (optional)
  • Documentation: Swagger/OpenAPI (optional)
  • Containerization: Docker (optional)
  • Testing: Jest (optional)

What You Get

Core Features (Always Included)

  • Express.js server with configurable port
  • MongoDB connection with Mongoose
  • User model with password hashing
  • JWT authentication system
  • Input validation on all endpoints
  • Error handling middleware
  • Security middleware (Helmet, rate limiting, XSS protection)
  • Health check endpoint
  • Environment variable configuration
  • ESLint and Prettier setup
  • Git initialization

Optional Features (You Choose)

  • Authentication: Registration, login, logout, password reset, email verification
  • User Management: Profile management, user CRUD operations, role-based access
  • File Upload: Multer integration with file type validation
  • Pagination: Built-in pagination and search functionality
  • Email: Nodemailer or SendGrid integration
  • Logging: Winston or Pino structured logging
  • API Docs: Swagger/OpenAPI documentation
  • Testing: Jest configuration with sample tests
  • Docker: Dockerfile and docker-compose.yml

Project Structure

my-api/
├── src/
│   ├── controllers/     # Request handlers
│   ├── middleware/      # Custom middleware
│   ├── models/          # Database models
│   ├── routes/          # API routes
│   ├── utils/           # Utility functions
│   └── types/           # TypeScript types (if TypeScript)
├── server.js            # Entry point
├── .env.example         # Environment variables template
├── .gitignore
├── package.json
└── README.md

Security Features

  • Password Security: bcrypt hashing with configurable salt rounds
  • Authentication: JWT tokens with configurable expiry
  • Rate Limiting: Prevents DDoS attacks (100 req/15min default, 5 req/15min for auth)
  • Input Validation: All endpoints validated with express-validator
  • XSS Protection: Sanitizes user inputs
  • NoSQL Injection Prevention: MongoDB query sanitization
  • Security Headers: Helmet.js configuration
  • CORS: Configurable cross-origin requests
  • Error Handling: No sensitive information leaked in error responses

Environment Variables

NODE_ENV=development
PORT=5000
MONGODB_URI=mongodb://localhost:27017/mydb
JWT_SECRET=your-secret-key
JWT_EXPIRE=7d

FAQ

Q: Do I need to install backfire globally?
A: No! Use npx @cwt-build/backfire my-api to run it without installation.

Q: Can I use this for production?
A: Yes! The generated code follows production best practices. Just configure your environment variables properly.

Q: TypeScript or JavaScript?
A: Your choice! Select during setup or use --language typescript flag.

Q: Can I modify the generated code?
A: Absolutely! You own all the code. Modify anything to fit your needs.

Q: What if I don't need all features?
A: Skip the prompts with --yes flag for minimal setup, or select only features you need during interactive setup.

Contributing

Contributions are welcome! Please read CONTRIBUTING.md for details.

License

MIT License - see LICENSE for details.

Support

Fire up your backend development today

npx @cwt-build/backfire my-api

Created with care by CWT

Keywords

backend
boilerplate
generator
express
nodejs
typescript

FAQs

Package last updated on 29 Dec 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026