npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

express-crud-factory

v3.0.3

Published

Express + Mongoose CRUD generator to automatically create REST APIs with dynamic routes, login-signup, email-verification, filtering, pagination, and clean scalable architecture.

Readme

Secure API Practice Kit

Npm Pa Project Downloads License Contributors

A practice-ready backend API kit designed for developers who want to learn secure API integration using real-world authentication and CRUD operations.

This package provides a ready-to-use backend with User Authentication and Post/Article APIs along with email verification using link or OTP and also option for refresh token, making it easy for frontend developers to practice working with APIs.

It is ideal for developers learning:

  • API Integration

  • Testing frontend with real APIs

  • CRUD operations

  • Full Stack Development

Why this package ?

Many frontend developers struggle to practice API integration because they don't have a backend APIs.

Express-Crud-Factory solves this problem.

It provides a simple and secure backend API system that you can connect with:

  • React

  • Angular

  • Vue

  • Next.js

This allows you to practice real production-like API workflows.

Features

  • Plug & Play Backend

    • Ready-to-use Express CRUD APIs
    • Minimal setup required
    • Perfect for frontend developers and rapid prototyping
  • Authentication Made Simple

    • Signup & Login APIs
    • JWT-based authentication system
    • Easy integration with frontend applications
  • Email Verification (2 Methods)

    • OTP-based email verification
    • Email link verification
    • Flexible verification flow based on project requirements
  • Resend Verification Support

    • Resend OTP or verification email link
    • Smooth onboarding experience for users
  • Forgot Password Flow

    • Reset password using OTP or verification email link
    • Secure and beginner-friendly implementation
  • Access Token & Refresh Token Flow

    • Secure authentication using access and refresh tokens
    • Auto-refresh access tokens without forcing users to log in again
    • Secure refresh token handling using HTTP-only cookies or database storage
  • Username & Email Availability Check API

    • Real-time username and email validation
    • Instant signup feedback
    • Debounced API requests for performance optimization
    • Prevent duplicate account creation
  • Auto Delete Trash Data After 7 Days

    • Soft delete with trash recovery support
    • Automatically remove trashed records after 7 days using TTL indexes or schedulers
    • Restore deleted data before permanent deletion
    • Helps maintain a clean and optimized database
  • User CRUD APIs

    • Create, read, update, and delete users
    • Ready for direct frontend consumption
  • Post / Article CRUD APIs

    • Full CRUD support for posts and articles
    • Suitable for blogs, CMS platforms, and content applications
  • Pagination Support

    • Fetch paginated data using page and limit
    • Optimized for large datasets and infinite scrolling
  • Built-in Validations

    • Email format validation
    • Strong password validation rules
    • Consistent and frontend-friendly error responses
  • Frontend-Friendly Responses

    • Standardized API response structure
    • Easy integration with React, Vue, Angular, and mobile applications
  • Beginner Friendly & Production Ready

    • Easy-to-understand project structure
    • Great for learning backend development concepts
    • Suitable for real-world scalable applications
  • Logout Functionality

    • Secure user logout with token clearing
    • Removes authentication cookies on logout
    • Supports JWT token invalidation / blacklist flow
    • Prevents access using expired or logged-out tokens
    • Production-ready session handling for better security

Installation

Using npm

npm install express-crud-factory  

Or using yarn

yarn add express-crud-factory

How to use factory

Project starter :

This setup demonstrates how to configure and initialize a complete authentication and article management backend using Express.js and MongoDB with express-crud-factory. It includes database connection setup, middleware configuration, JWT authentication, bcrypt password hashing, email verification, OTP/link-based account verification, refresh token handling, and article posting APIs. The configuration is designed to provide a secure and scalable backend structure with minimal boilerplate code, making it suitable for modern MERN stack applications and production-ready authentication systems.

import express from 'express'
import cors from "cors";
import cookieParser from "cookie-parser";
import { checkUserExistByUsernameOrEmail, loginSignupFactory, postArticleFactory, jsonErrorHandler, connectDatabase } from "express-crud-factory";
import UserModel from './models/user.model.js';  // import your user model schema. 
import PostModel from './models/post.model.js';  // import your post article model schema.
import ExpiredTokensModel from "./models/expiredTokens.model.js"; // import your expired tokens model schema.

const app = express();

const backend_port = 3000;
const frontend_base_url = `your_frontend_base_url`;
const database_url = 'your_mongoDB_database_url';

app.use(cors({ origin: frontend_base_url }));
app.use(cookieParser());
app.use(express.json());
app.use(jsonErrorHandler);
await connectDatabase(database_url);

// jwt secret and hashing configuration
const secretsConfig = {
    jwtSecret: {
        secretKey: "a-string-secret-at-least-256-bits-long", // secret key for access token signature
        expireInHours: 1,  // access token expire in hours
        refreshKey: "another-string-secret-at-least-256-bits-long", // secret key for refresh token signature
        expireInDays: 7 // refresh token expire in days
    },
    bcryptSecret: {
        saltRounds: 10 // hashing salt round
    }
}

// email and verify method configuration
const emailConfig = {
    mailProvider: {
        host: "your_email_host", // your email host provider
        port: "your_email_port_number", // email port number
        secure: false, // assign true value in production
        username: "your_email", // your email
        password: "your_email_password" // your email password
    },
    verifyMethod: {
        projectName: "Express-Crud-Factory", // your project name
        otpLinkExpiryMinutes: 2, // otp expires in minutes
        unverifiedUserExpiryDays: 1, // user deleted if email is not verified in days
        usingLink: true, // true -> link verification method and false -> OTP verification method
        frontendBaseUrl: frontend_base_url // ( use if usinglink = true  else optional)
    }
}

const loginSignupConfig = { secretsConfig, emailConfig };
const userAPI = loginSignupFactory(UserModel, ExpiredTokensModel, PostModel, loginSignupConfig);
const checkUserExist = checkUserExistByUsernameOrEmail(UserModel);
const postAPI = postArticleFactory(UserModel, ExpiredTokensModel, PostModel, secretsConfig);

app.use("/user", userAPI);
app.use("/user/check", checkUserExist);
app.use("/user/post", postAPI);

app.listen(backend_port, () => {
    console.log("Server is running on port...", backend_port)
})

User Model Schema :

This Mongoose schema defines the structure of user data for the application. It includes fields for authentication, account verification, refresh token management, OTP request tracking, and user activity status. Sensitive fields such as passwords, refresh tokens, and verification tokens are excluded from query results using select: false for improved security. The schema also establishes a relationship between users and their articles through MongoDB ObjectId references, enabling efficient data association and scalable content management.

import mongoose from "mongoose";
const Schema = mongoose.Schema;

const userSchema = new Schema({
    username: { type: String,required: true },
    fullname: {  type: String,required: true },
    email: { type: String,unique: true,required: true },
    password: { type: String,required: true,select: false },
    jwtRefreshToken: { type: String,default: null,select: false },
    isActive: { type: Boolean,default: false },
    emailVerified: { type: Boolean,default: false },
    verifyToken: { type: String,default: null,select: false },
    verifyTokenType: { type: String,default: null,select: false },
    verifyTokenExpires: { type: Date,default: null,select: false },
    destroyDataAfter: { type: Date,default: null,select: false },
    otpRequestCount: { type: Number,default: 0,select: false },
    otpLastRequest: { type: Date,default: null,select: false },
    articles: [ {type: mongoose.Schema.Types.ObjectId,ref: "PostModel"} ]
});

const UserModel = mongoose.model("UserModel", userSchema);
export default UserModel;

Post Model Schema :

This Mongoose schema defines the structure of article or post data within the application. It includes fields for the post title, description, author reference, likes, comments, and post status management such as pinned or trashed states. The schema establishes a relationship between posts and users using MongoDB ObjectId references. It also supports soft deletion functionality with deletedAt timestamps and automatic document expiration using MongoDB TTL indexing. Additionally, timestamps are enabled to automatically track post creation and update times.

import mongoose from "mongoose";
const Schema = mongoose.Schema;

const postSchema = new Schema({
    title: { type: String,required: true },
    description: { type: String,required: true },
    author: { type: mongoose.Schema.Types.ObjectId,ref: "UserModel",required: true },
    likes: { type: Number,default: () => Math.floor(Math.random() * 1000 + 1) },
    comments: { type: Number,default: () => Math.floor(Math.random() * 100 + 1) },
    isPinned: { type: Boolean,default: false },
    isTrashed: { type: Boolean,default: false },
    deletedAt: { type: Date,default: null }
},{ timestamps: true });

postSchema.index(
    { deleteAt: 1 },
    { expireAfterSeconds: 0 }
);

const PostModel =mongoose.model("PostModel", postSchema);
export default PostModel;

Expired Tokens Model Schema :

This Mongoose schema is used to manage expired or invalidated JWT access tokens for secure authentication handling. It stores the access token along with its expiration time, allowing the application to blacklist tokens after logout or forced session termination. A MongoDB TTL (Time-To-Live) index is applied to automatically remove expired token records from the database once their expiration time is reached, helping maintain database efficiency and improving security.

import mongoose from 'mongoose';
const Schema = mongoose.Schema;

const expiredTokensSchema = new Schema({
    accessToken: { type: String,required: true },
    expireTime: { type: Date,required: true }
});

expiredTokensSchema.index(
    { expireTime: 1 },
    { expireAfterSeconds: 0 }
);

const ExpiredTokensModel = mongoose.model("ExpiredTokensModel", expiredTokensSchema);
export default ExpiredTokensModel;

Project setup

1. Create a projectFolder and run this command in terminal :

npm init

2. Changes in package.json file :

"type": "module"

3. To install dependencies run command in terminal :

npm install express-crud-factory

4. Create models folder and index.js files as given in project structure :

projectFolder 
│
├── models
│ 	└── expiredTokens.model.js
│ 	└── post.model.js
|   └── user.model.js 
│   
├── index.js
├── package-lock.json
└── package.json  

5. Content of files :

## In post.model.js file
Copy post model schema code.

## In user.model.js file
Copy user model schema code.

## In expiredTokens.model.js file
Copy expired tokens model schema 

## In index.js file
Copy project starter code.

6. Run your backend application from terminal :

node index.js

7. After successful run you will see :

MongoDB database connected successfully
Server is running on port 3000

Email Testing (Using Ethereal) :

This project uses Ethereal Email for testing email functionality during development.

Ethereal is a fake SMTP service — it allows you to send emails without actually delivering them to real users.

Follow these Steps to Use :

Go to https://ethereal.email/

Click on "Create Ethereal Account"

You will get account credentials like :

Name: your_test_name
Username: [email protected]
Password: your_test_password

Configure these values in index.js file :

mailProvider: {
    host: "smtp.ethereal.email",
    port: 587,
    secure: false,
    username: "[email protected]",
    password: "your_test_password"
}

Viewing Sent Emails :

After setup click on "Open Mailbox" to to see the emails.

After sending open that mail to see OTP and links for verification.

Note :

Emails are not sent to real users.

Accounts are temporary.

Only for development/testing purposes.

API end-points

User API Endpoints :

This section outlines all available User API endpoints used for authentication, account management, email verification, OTP handling, account deletion, and password recovery. These endpoints follow RESTful principles and support key user workflows such as signup, login, email verification, account destruction, and recovery, ensuring secure and structured interaction between the client and server.

POST Request    :   /user/signup
POST Request    :   /user/signup/send-verification
POST Request    :   /user/signup/link/verify-email
POST Request    :   /user/signup/otp/verify-email
POST Request    :   /user/login
GET  Request    :   /user/:userId/profile
POST Request    :   /user/:userId/delete-account/send-verification
POST Request    :   /user/delete-account/link/verify-email
POST Request    :   /user/:userId/delete-account/otp/verify-email
POST Request    :   /user/forgot-password
POST Request    :   /user/forgot-password/send-verification
POST Request    :   /user/reset-password/link/verify-email
POST Request    :   /user/reset-password/otp/verify-email
POST Request    :   /user/check/username
POST Request    :   /user/check/email
POST Request    :   /user/:userId/refresh-token
POST Request    :   /user/:userId/logout

Post Articles API Endpoints :

This section defines all Post Articles API endpoints used for creating, retrieving, updating, searching, and deleting user posts. It includes features like post creation, editing, pinning, trashing, sharing, and fetching posts (single or multiple), along with pagination support for efficiently handling large datasets, while maintaining proper user-based access control.

POST Request    :   /user/post/:userId/new-post
GET Request     :   /user/post/:userId/:postId/get-post
GET Request     :   /user/post/:userId/all-post?page=1&limit=10
GET Request     :   /user/post/:postId/view/shared-post
PATCH Request   :   /user/post/:userId/:postId/edit-post
PATCH Request   :   /user/post/:userId/:postId/pin-post
PATCH Request   :   /user/post/:userId/:postId/trash-post
DELETE Request  :   /user/post/:userId/:postId/delete-post
GET Request     :   /user/post/:userId/search?text=title&page=1&limit=10

Visit https://github.com/VishalPaswan2402/express-crud-factory-starter/tree/main/docs for detailed API request / response samples and use-cases.

Quick setup with starter repository

For a full working example of setup and usage, visit :

https://github.com/VishalPaswan2402/express-crud-factory-starter

Projects you can build

Using this API you can practice building these following projects :

  • Blog Website

  • Notes Application

  • Article Platform

  • Social Media Feed

  • Full Stack MERN Apps

Target audience

This package is helpful for:

  • Frontend developers learning API integration

  • Students learning backend concepts

  • MERN stack learners

Author

Vishal Paswan Web Developer
Passionate about building interactive and practical developer tools.

Bug Reports & Suggestions

Found a bug or have a suggestion for improvement?

Feel free to open an issue or start a discussion in the GitHub repository. Your feedback helps improve the package and makes it better for everyone.

License

This project is licensed under the MIT License.

https://express-crud-factory-license.onrender.com/

Copyright (c) 2026 Vishal Paswan

Support

⭐ If this project helps you, consider giving it a star on https://github.com/VishalPaswan2402/express-crud-factory.

You can also follow me on :

Your support helps improve the project and motivates further development.