npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cwt-build/backfire

v1.0.5

Published

Generate production-ready Node.js backend boilerplates in seconds

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cwt-buildcwt-build

Keywords

backendboilerplategeneratorexpressnodejstypescriptapiclicwtscaffold

Readme

backfire

Backend API Creation Kit - Fast Init & Ready Environment

npm version License: MIT

Fire up production-ready Node.js backends in seconds.

Stop wasting time on boilerplate. Generate a complete, production-ready backend with authentication, validation, and best practices built in.

Features

  • Instant Setup - Get a production-ready backend in under 60 seconds
  • Authentication Ready - JWT auth, password hashing, protected routes
  • TypeScript Support - Full TypeScript or JavaScript support
  • Feature Selection - Choose exactly what you need
  • API Documentation - Auto-generated Swagger/OpenAPI docs
  • Testing Ready - Jest configuration included (optional)
  • Docker Support - Dockerfile and docker-compose included (optional)
  • Email Integration - Nodemailer or SendGrid support
  • Logging - Winston or Pino logger integration
  • Security - Helmet, rate limiting, input validation, XSS protection
  • Best Practices - Clean architecture, error handling, async patterns

Quick Start

No installation required

npx @cwt-build/backfire my-awesome-api

Follow the interactive prompts to configure your backend.

Next Steps

cd my-awesome-api
npm install
cp .env.example .env
# Edit .env with your MongoDB URI
npm run dev

Your API is now running on http://localhost:5000

Installation Options

Option 1: Use npx (Recommended)

# No installation needed
npx @cwt-build/backfire my-api

Option 2: Global Installation

# Install once
npm install -g @cwt-build/backfire

# Use anytime
backfire my-api

Command Line Options

backfire <project-name> [options]

Options:
  -l, --language <type>    Language: javascript or typescript (default: javascript)
  -p, --port <number>      Server port (default: 5000)
  -d, --database <name>    Database name
  --skip-install           Skip npm install
  --skip-git              Skip git initialization
  -y, --yes               Skip prompts, use defaults
  -h, --help              Display help
  -V, --version           Display version

Examples:
  backfire my-api
  backfire my-api --language typescript
  backfire my-api --language typescript --port 3000 --yes

Why backfire?

Backend API Creation Kit - Fast Init & Ready Environment

  • Fast - Generate backends in seconds
  • Production-Ready - Best practices built in
  • Flexible - Choose only what you need
  • Modern - Latest Node.js patterns
  • Secure - Security by default

Generated API Endpoints

POST   /api/v1/auth/register          Register new user
POST   /api/v1/auth/login             Login user
POST   /api/v1/auth/logout            Logout user
GET    /api/v1/auth/me                Get current user (protected)
PUT    /api/v1/auth/update-password   Update password (protected)
PUT    /api/v1/auth/update-profile    Update profile (protected)
GET    /api/v1/users                  Get all users (admin only)
GET    /api/v1/users/:id              Get user by ID (admin only)
DELETE /api/v1/users/:id              Delete user (admin only)
GET    /health                        Server health check

Tech Stack

  • Runtime: Node.js
  • Framework: Express.js
  • Database: MongoDB with Mongoose
  • Authentication: JWT with bcryptjs
  • Language: TypeScript or JavaScript
  • Validation: express-validator
  • Security: Helmet, CORS, rate limiting, XSS protection
  • Logging: Winston or Pino (optional)
  • Documentation: Swagger/OpenAPI (optional)
  • Containerization: Docker (optional)
  • Testing: Jest (optional)

What You Get

Core Features (Always Included)

  • Express.js server with configurable port
  • MongoDB connection with Mongoose
  • User model with password hashing
  • JWT authentication system
  • Input validation on all endpoints
  • Error handling middleware
  • Security middleware (Helmet, rate limiting, XSS protection)
  • Health check endpoint
  • Environment variable configuration
  • ESLint and Prettier setup
  • Git initialization

Optional Features (You Choose)

  • Authentication: Registration, login, logout, password reset, email verification
  • User Management: Profile management, user CRUD operations, role-based access
  • File Upload: Multer integration with file type validation
  • Pagination: Built-in pagination and search functionality
  • Email: Nodemailer or SendGrid integration
  • Logging: Winston or Pino structured logging
  • API Docs: Swagger/OpenAPI documentation
  • Testing: Jest configuration with sample tests
  • Docker: Dockerfile and docker-compose.yml

Project Structure

my-api/
├── src/
│   ├── controllers/     # Request handlers
│   ├── middleware/      # Custom middleware
│   ├── models/          # Database models
│   ├── routes/          # API routes
│   ├── utils/           # Utility functions
│   └── types/           # TypeScript types (if TypeScript)
├── server.js            # Entry point
├── .env.example         # Environment variables template
├── .gitignore
├── package.json
└── README.md

Security Features

  • Password Security: bcrypt hashing with configurable salt rounds
  • Authentication: JWT tokens with configurable expiry
  • Rate Limiting: Prevents DDoS attacks (100 req/15min default, 5 req/15min for auth)
  • Input Validation: All endpoints validated with express-validator
  • XSS Protection: Sanitizes user inputs
  • NoSQL Injection Prevention: MongoDB query sanitization
  • Security Headers: Helmet.js configuration
  • CORS: Configurable cross-origin requests
  • Error Handling: No sensitive information leaked in error responses

Environment Variables

NODE_ENV=development
PORT=5000
MONGODB_URI=mongodb://localhost:27017/mydb
JWT_SECRET=your-secret-key
JWT_EXPIRE=7d

FAQ

Q: Do I need to install backfire globally?
A: No! Use npx @cwt-build/backfire my-api to run it without installation.

Q: Can I use this for production?
A: Yes! The generated code follows production best practices. Just configure your environment variables properly.

Q: TypeScript or JavaScript?
A: Your choice! Select during setup or use --language typescript flag.

Q: Can I modify the generated code?
A: Absolutely! You own all the code. Modify anything to fit your needs.

Q: What if I don't need all features?
A: Skip the prompts with --yes flag for minimal setup, or select only features you need during interactive setup.

Contributing

Contributions are welcome! Please read CONTRIBUTING.md for details.

License

MIT License - see LICENSE for details.

Support

  • Issues: https://github.com/cwtofficial/backfire/issues
  • Email: [email protected]
  • Website: https://cwt.build

Fire up your backend development today

npx @cwt-build/backfire my-api

Created with care by CWT