后端开发技能指南：现代技术选型、API设计、安全与性能优化最佳实践

backend-development by mrgoonie/claudekit-skills

651 周安装量

1,900 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/mrgoonie/claudekit-skills --skill backend-development

开发开发运维系统架构

🇨🇳中文介绍

后端开发技能

采用现代技术、最佳实践和成熟模式，打造生产就绪的后端系统。

使用场景

设计 RESTful、GraphQL 或 gRPC API
构建身份验证/授权系统
优化数据库查询和模式设计
实现缓存和性能优化
OWASP Top 10 安全防护
设计可扩展的微服务架构
测试策略（单元测试、集成测试、端到端测试）
CI/CD 流水线和部署
生产环境监控与调试

技术选型指南

语言： Node.js/TypeScript（全栈）、Python（数据/机器学习）、Go（高并发）、Rust（高性能） 框架： NestJS、FastAPI、Django、Express、Gin 数据库： PostgreSQL（ACID）、MongoDB（灵活模式）、Redis（缓存） API： REST（简单）、GraphQL（灵活）、gRPC（高性能）

详情比较请参阅：references/backend-technologies.md

参考导航

核心技术：

backend-technologies.md - 语言、框架、数据库、消息队列、ORM
backend-api-design.md - REST、GraphQL、gRPC 模式与最佳实践

安全与认证：

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

关键最佳实践（2025）

安全： Argon2id 密码哈希、参数化查询（减少 98% SQL 注入）、OAuth 2.1 + PKCE、速率限制、安全头部

性能： Redis 缓存（减少 90% 数据库负载）、数据库索引（减少 30% I/O）、CDN（降低 50%+ 延迟）、连接池

测试： 70-20-10 金字塔（单元-集成-端到端）、Vitest 比 Jest 快 50%、微服务契约测试、83% 的迁移因缺少测试而失败

DevOps： 蓝绿/金丝雀部署、功能开关（减少 90% 故障）、Kubernetes 采用率 84%、Prometheus/Grafana 监控、OpenTelemetry 追踪

需求	选择
快速开发	Node.js + NestJS
数据/机器学习集成	Python + FastAPI
高并发	Go + Gin
极致性能	Rust + Axum
ACID 事务	PostgreSQL
灵活模式	MongoDB
缓存	Redis
内部服务	gRPC
公开 API	GraphQL/REST
实时事件	Kafka

API： 选择风格 → 设计模式 → 验证输入 → 添加认证 → 速率限制 → 文档 → 错误处理

数据库： 选择数据库 → 设计模式 → 创建索引 → 连接池 → 迁移策略 → 备份/恢复 → 性能测试

安全： OWASP Top 10 → 参数化查询 → OAuth 2.1 + JWT → 安全头部 → 速率限制 → 输入验证 → Argon2id 密码

测试： 单元测试 70% → 集成测试 20% → 端到端测试 10% → 负载测试 → 迁移测试 → 契约测试（微服务）

部署： Docker → CI/CD → 蓝绿/金丝雀 → 功能开关 → 监控 → 日志记录 → 健康检查

2026 年 1 月 22 日

🇺🇸English

Backend Development Skill

Production-ready backend development with modern technologies, best practices, and proven patterns.

When to Use

Designing RESTful, GraphQL, or gRPC APIs
Building authentication/authorization systems
Optimizing database queries and schemas
Implementing caching and performance optimization
OWASP Top 10 security mitigation
Designing scalable microservices
Testing strategies (unit, integration, E2E)
CI/CD pipelines and deployment
Monitoring and debugging production systems

Technology Selection Guide

Languages: Node.js/TypeScript (full-stack), Python (data/ML), Go (concurrency), Rust (performance) Frameworks: NestJS, FastAPI, Django, Express, Gin Databases: PostgreSQL (ACID), MongoDB (flexible schema), Redis (caching) APIs: REST (simple), GraphQL (flexible), gRPC (performance)

See: references/backend-technologies.md for detailed comparisons

Reference Navigation

Core Technologies:

backend-technologies.md - Languages, frameworks, databases, message queues, ORMs
backend-api-design.md - REST, GraphQL, gRPC patterns and best practices

Security & Authentication:

backend-security.md - OWASP Top 10 2025, security best practices, input validation
backend-authentication.md - OAuth 2.1, JWT, RBAC, MFA, session management

Performance & Architecture:

backend-performance.md - Caching, query optimization, load balancing, scaling
backend-architecture.md - Microservices, event-driven, CQRS, saga patterns

Quality & Operations:

backend-testing.md - Testing strategies, frameworks, tools, CI/CD testing
backend-code-quality.md - SOLID principles, design patterns, clean code
backend-devops.md - Docker, Kubernetes, deployment strategies, monitoring
backend-debugging.md - Debugging strategies, profiling, logging, production debugging
backend-mindset.md - Problem-solving, architectural thinking, collaboration

Key Best Practices (2025)

Security: Argon2id passwords, parameterized queries (98% SQL injection reduction), OAuth 2.1 + PKCE, rate limiting, security headers

Performance: Redis caching (90% DB load reduction), database indexing (30% I/O reduction), CDN (50%+ latency cut), connection pooling

Testing: 70-20-10 pyramid (unit-integration-E2E), Vitest 50% faster than Jest, contract testing for microservices, 83% migrations fail without tests

DevOps: Blue-green/canary deployments, feature flags (90% fewer failures), Kubernetes 84% adoption, Prometheus/Grafana monitoring, OpenTelemetry tracing

Quick Decision Matrix

Need	Choose
Fast development	Node.js + NestJS
Data/ML integration	Python + FastAPI
High concurrency	Go + Gin
Max performance	Rust + Axum
ACID transactions	PostgreSQL
Flexible schema	MongoDB
Caching	Redis
Internal services	gRPC
Public APIs	GraphQL/REST
Real-time events	Kafka

Implementation Checklist

API: Choose style → Design schema → Validate input → Add auth → Rate limiting → Documentation → Error handling

Database: Choose DB → Design schema → Create indexes → Connection pooling → Migration strategy → Backup/restore → Test performance

Security: OWASP Top 10 → Parameterized queries → OAuth 2.1 + JWT → Security headers → Rate limiting → Input validation → Argon2id passwords

Testing: Unit 70% → Integration 20% → E2E 10% → Load tests → Migration tests → Contract tests (microservices)

Deployment: Docker → CI/CD → Blue-green/canary → Feature flags → Monitoring → Logging → Health checks

Resources

OWASP Top 10: https://owasp.org/www-project-top-ten/
OAuth 2.1: https://oauth.net/2.1/
OpenTelemetry: https://opentelemetry.io/

Weekly Installs

651

Repository

mrgoonie/claude…t-skills

GitHub Stars

1.9K

First Seen

Jan 22, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode543

gemini-cli533

codex519

github-copilot481

cursor472

claude-code434

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

103,800 周安装