🇺🇸English
NestJS Best Practices
Overview
This skill provides a curated set of best practices for building production-grade NestJS applications. All guidelines are grounded in the Official NestJS Documentation and enforce consistent, maintainable, and scalable patterns.
When to Use
- Designing or refactoring NestJS module architecture
- Implementing dependency injection with custom or scoped providers
- Creating exception filters and standardizing error responses
- Validating DTOs with
class-validator and ValidationPipe
- Integrating Drizzle ORM within NestJS providers
- Reviewing NestJS code for architectural anti-patterns
- Onboarding new developers to a NestJS codebase
Instructions
1. Modular Architecture
Follow strict module encapsulation. Each domain feature should be its own @Module():
- Export only what other modules need — keep internal providers private
- Use
forwardRef() only as a last resort for circular dependencies; prefer restructuring
- Group related controllers, services, and repositories within the same module
- Use a
SharedModule for cross-cutting concerns (logging, configuration, caching)
See references/arch-module-boundaries.md for enforcement rules.
2. Dependency Injection
Choose the correct provider scope based on use case:
| Scope | Lifecycle | Use Case |
|---|
DEFAULT | Singleton (shared) | Stateless services, repositories |
REQUEST | Per-request instance | Request-scoped data (tenant, user context) |
TRANSIENT | New instance per injection | Stateful utilities, per-consumer caches |
- Default to
DEFAULT scope — only use REQUEST or TRANSIENT when justified
- Use constructor injection exclusively — avoid property injection
- Register custom providers with
useClass, useValue, useFactory, or useExisting
See references/di-provider-scoping.md for enforcement rules.
3. Request Lifecycle
Understand and respect the NestJS request processing pipeline:
Middleware → Guards → Interceptors (before) → Pipes → Route Handler → Interceptors (after) → Exception Filters
- Middleware : Cross-cutting concerns (logging, CORS, body parsing)
- Guards : Authorization and authentication checks (return
true/false)
- Interceptors : Transform response data, add caching, measure timing
- Pipes : Validate and transform input parameters
- Exception Filters : Catch and format error responses
4. Error Handling
Standardize error responses across the application:
- Extend
HttpException for HTTP-specific errors
- Create domain-specific exception classes (e.g.,
OrderNotFoundException)
- Implement a global
ExceptionFilter for consistent error formatting
- Use the Result pattern for expected business logic failures
- Never silently swallow exceptions
See references/error-exception-filters.md for enforcement rules.
5. Validation
Enforce input validation at the API boundary:
- Enable
ValidationPipe globally with transform: true and whitelist: true
- Decorate all DTO properties with
class-validator decorators
- Use
class-transformer for type coercion (@Type(), @Transform())
- Create separate DTOs for Create, Update, and Response operations
- Never trust raw user input — validate everything
See references/api-validation-dto.md for enforcement rules.
6. Database Patterns (Drizzle ORM)
Integrate Drizzle ORM following NestJS provider conventions:
- Wrap the Drizzle client in an injectable provider
- Use the Repository pattern for data access encapsulation
- Define schemas in dedicated schema files per domain module
- Use transactions for multi-step operations
- Keep database logic out of controllers
See references/db-drizzle-patterns.md for enforcement rules.
Best Practices
| Area | Do | Don't |
|---|
| Modules | One module per domain feature | Dump everything in AppModule |
| DI Scoping | Default to singleton scope | Use REQUEST scope without justification |
| Error Handling | Custom exception filters + domain errors | Bare try/catch with console.log |
| Validation | Global ValidationPipe + DTO decorators | Manual if checks in controllers |
Examples
Example 1: Creating a New Domain Module
When building a new "Product" feature:
// product/product.module.ts
@Module({
imports: [DatabaseModule],
controllers: [ProductController],
providers: [ProductService, ProductRepository],
exports: [ProductService],
})
export class ProductModule {}
Example 2: DTO with Full Validation
// product/dto/create-product.dto.ts
import { IsString, IsNumber, IsPositive, MaxLength } from 'class-validator';
export class CreateProductDto {
@IsString()
@MaxLength(255)
readonly name: string;
@IsNumber()
@IsPositive()
readonly price: number;
}
Example 3: Service with Proper Error Handling
@Injectable()
export class ProductService {
constructor(private readonly productRepository: ProductRepository) {}
async findById(id: string): Promise<Product> {
const product = await this.productRepository.findById(id);
if (product === null) {
throw new ProductNotFoundException(id);
}
return product;
}
}
Constraints and Warnings
- Do not mix scopes without justification —
REQUEST-scoped providers cascade to all dependents
- Never access database directly from controllers — always go through service and repository layers
- Avoid
forwardRef() — restructure modules to eliminate circular dependencies
- Do not skip
ValidationPipe — always validate at the API boundary with DTOs
- Never hardcode secrets — use
@nestjs/config with environment variables
- Keep modules focused — one domain feature per module, avoid "god modules"
References
references/architecture.md — Deep-dive into NestJS architectural patternsreferences/ — Individual enforcement rules with correct/incorrect examplesassets/templates/ — Starter templates for common NestJS components
Weekly Installs
127
Repository
giuseppe-trisci…oper-kit
GitHub Stars
173
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
Installed on
gemini-cli113
codex112
github-copilot109
kimi-cli107
amp107
cline107
