npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@pks1988/apirouteforge

v1.0.0

Published

APIRouteForge automatically generates secure, dynamic, optimized REST APIs from allowed database modules.

Readme

APIRouteForge

APIRouteForge automatically generates secure, dynamic, optimized REST APIs from explicitly allowed database modules.

Tagline: APIRouteForge - Automatically generate secure, dynamic, and optimized APIs from your database modules.

Developer: Pradeep Kumar Sheoran (Developer)
Company: BSG Technologies
Contact / WhatsApp: +91-8595147850
Donation: UPI on mobile number +91-8595147850

Keywords And Hashtags

apirouteforge, api-route-forge, apiforge, auto-api, dynamic-api, rest-api, postgres, express, nestjs, typescript, crud, backend-library, bsg-technologies

#APIRouteForge #AutoAPI #NodeJS #TypeScript #PostgreSQL #ExpressJS #NestJS #BackendLibrary #CRUDAPI #BSGTechnologies

Why APIRouteForge

APIRouteForge helps backend teams expose database-backed CRUD APIs without writing repetitive controllers for every table. It is config-first and security-first: no table is exposed unless you explicitly allow it, every column is checked against allowlists, hidden fields are never returned, and all SQL is parameterized.

Features

  • Config-based module exposure
  • PostgreSQL adapter
  • Express adapter
  • Optional API endpoint UI for browsing generated endpoints
  • NestJS module/controller/service
  • Universal query endpoint
  • REST CRUD endpoints
  • Safe query builder with parameterized SQL
  • Filters, search, sorting, pagination
  • Field selection and hidden field protection
  • Read-only fields and required fields
  • Custom validation rules and validators
  • Role/module/field permission hooks
  • Before/after create, update, delete hooks
  • Soft delete support
  • Audit log support
  • Relation loading when requested
  • Bulk create, bulk update, bulk delete
  • Export operation hook shape
  • Module discovery from database schema
  • Standard success and error JSON responses
  • Database-adapter friendly architecture for MySQL, MongoDB, and MSSQL later

Installation

npm install @pks1988/apirouteforge pg

Express and NestJS are optional peers:

npm install express
npm install @nestjs/common

Express Setup

import express from "express";
import { createAPIRouteForge } from "@pks1988/apirouteforge";

const app = express();

const apiRouteForge = createAPIRouteForge({
  database: {
    type: "postgres",
    connectionString: process.env.DATABASE_URL
  },
  basePath: "/api/route-forge",
  ui: {
    enabled: true,
    path: "/",
    title: "APIRouteForge Endpoint UI",
    description: "Browse generated modules, endpoints, filters, and query examples."
  },
  modules: {
    users: {
      table: "users",
      primaryKey: "id",
      allowedOperations: ["list", "read", "create", "update"],
      selectableFields: ["id", "name", "email", "status", "created_at"],
      searchableFields: ["name", "email"],
      filterableFields: ["status", "created_at"],
      sortableFields: ["id", "name", "created_at"],
      hiddenFields: ["password", "refresh_token"],
      readOnlyFields: ["id", "created_at"],
      requiredFields: ["name", "email"],
      validation: {
        email: { type: "email", required: true }
      }
    }
  },
  auth: {
    enabled: true,
    getUser: async (req) => (req as any).user
  },
  permissions: {
    enabled: true,
    canAccessModule: async ({ user, module, operation }) => {
      return Boolean((user as any)?.permissions?.includes(`${module}:${operation}`));
    }
  }
});

app.use("/api/route-forge", apiRouteForge.router());
app.listen(3000);

Open the built-in UI at:

http://localhost:3000/api/route-forge

NestJS Setup

import { Module } from "@nestjs/common";
import { APIRouteForgeModule } from "@pks1988/apirouteforge/nest";

@Module({
  imports: [
    APIRouteForgeModule.forRoot({
      database: {
        type: "postgres",
        connectionString: process.env.DATABASE_URL
      },
      basePath: "/api/route-forge",
      modules: {
        users: {
          table: "users",
          primaryKey: "id",
          allowedOperations: ["list", "read"],
          selectableFields: ["id", "name", "email"],
          searchableFields: ["name", "email"],
          hiddenFields: ["password"]
        }
      }
    })
  ]
})
export class AppModule {}

REST Endpoints

Mount the Express router at /api/route-forge to get:

GET    /api/route-forge/modules
GET    /api/route-forge/:module
GET    /api/route-forge/:module/:id
POST   /api/route-forge/:module
PATCH  /api/route-forge/:module/:id
DELETE /api/route-forge/:module/:id
POST   /api/route-forge/:module/search
POST   /api/route-forge/:module/export
GET    /api/route-forge/:module/schema
GET    /api/route-forge/:module/relations
POST   /api/route-forge/query

Built-In API Endpoint UI

APIRouteForge can provide a simple UI with all generated module endpoints, allowed operations, filter/search/sort fields, schema links, and a universal query JSON example.

Enable it in config:

const apiRouteForge = createAPIRouteForge({
  database: {
    type: "postgres",
    connectionString: process.env.DATABASE_URL
  },
  basePath: "/api/route-forge",
  ui: {
    enabled: true,
    path: "/",
    title: "APIRouteForge Endpoint UI",
    description: "Browse generated API endpoints and module schemas."
  },
  modules: {
    users: {
      table: "users",
      allowedOperations: ["list", "read"],
      selectableFields: ["id", "name", "email"],
      filterableFields: ["status"],
      sortableFields: ["id"]
    }
  }
});

app.use("/api/route-forge", apiRouteForge.router());

Now visit:

GET /api/route-forge

You will also have JSON endpoints:

GET /api/route-forge/modules
GET /api/route-forge/users/schema
GET /api/route-forge/users
POST /api/route-forge/query

Delete, export, and bulk operations are disabled unless included in allowedOperations.

Universal Query Endpoint

{
  "module": "visaApplications",
  "operation": "list",
  "filters": {
    "status": "PENDING",
    "country_id": 96
  },
  "search": "ABC123",
  "sort": {
    "field": "created_at",
    "direction": "desc"
  },
  "pagination": {
    "page": 1,
    "limit": 20
  },
  "include": ["statusUpdates"]
}

Filters

{
  "filters": {
    "status": "ACTIVE",
    "country_id": 96,
    "created_at": {
      "from": "2026-01-01",
      "to": "2026-12-31"
    },
    "amount": {
      "gte": 1000,
      "lte": 5000
    }
  }
}

Supported operators: eq, ne, contains, startsWith, endsWith, in, notIn, gt, gte, lt, lte, between, isNull, isNotNull, from, to.

Standard Success Response

{
  "success": true,
  "module": "users",
  "operation": "list",
  "data": [],
  "meta": {
    "page": 1,
    "limit": 20,
    "total": 100,
    "totalPages": 5
  },
  "message": "Data fetched successfully",
  "timestamp": "2026-07-01T13:30:00.000Z"
}

Standard Error Response

{
  "success": false,
  "module": "users",
  "operation": "list",
  "error": {
    "code": "FORBIDDEN",
    "message": "You do not have permission to access this module",
    "details": {}
  },
  "timestamp": "2026-07-01T13:30:00.000Z"
}

Module Discovery

Discovery suggests available tables and relations. It does not expose them automatically.

const discovered = await apiRouteForge.discoverModules();
console.log(discovered.modules);

You must copy selected modules into config before APIRouteForge will expose them.

Permissions

permissions: {
  enabled: true,
  canAccessModule: async ({ user, module, operation }) => {
    return (user as any).permissions.includes(`${module}:${operation}`);
  },
  canAccessField: async ({ field }) => {
    return !field.includes("secret");
  }
}

Hooks

users: {
  table: "users",
  hooks: {
    beforeCreate: async ({ data, user }) => {
      data.created_by = (user as any).id;
      return data;
    },
    afterUpdate: async ({ id }) => {
      console.log("Updated user", id);
    }
  }
}

Audit Log

audit: {
  enabled: true,
  table: "audit_logs",
  actorField: "user_id"
}

Security Checklist

  • Expose only modules listed in modules
  • Put all returned fields in selectableFields
  • Put secrets in hiddenFields
  • Put generated fields in readOnlyFields
  • Keep delete and bulk operations disabled unless required
  • Use permission hooks in authenticated systems
  • Never accept raw SQL from request bodies
  • Keep filterableFields and sortableFields narrow
  • Use validation for create/update payloads

Performance Checklist

  • Avoid SELECT *; APIRouteForge selects allowlisted fields
  • Keep maxPageSize conservative
  • Add database indexes for filter/search/sort fields
  • Load relations only through include
  • Use searchableFields sparingly
  • Prefer cursor pagination for very large future workloads
  • Add a Redis cache adapter later for shared production cache

Implementation Guide

  1. Install @pks1988/apirouteforge and pg.
  2. Create a PostgreSQL connection string.
  3. Run discoverModules() locally to inspect tables.
  4. Add only safe modules to modules.
  5. Configure selectableFields, hiddenFields, filterableFields, and sortableFields.
  6. Enable auth and permissions.
  7. Mount apiRouteForge.router() in Express or import APIRouteForgeModule in NestJS.
  8. Add validation and hooks for business rules.
  9. Add audit logging for sensitive modules.
  10. Deploy behind your normal auth, rate limiting, logging, and monitoring stack.

Examples

See:

  • examples/express.example.ts
  • examples/nestjs.example.ts
  • examples/postgres.example.ts
  • examples/bls-style-modules.example.ts