npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

restforgejs

v2.5.5

Published

Declarative backend engine that transforms JSON configuration into production-ready REST API server. Supports PostgreSQL, Oracle, and MySQL.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

restforge357restforge357

Keywords

rest-apiapi-generatorexpresspostgresqloraclemysqlrestforgemodule-generatorclirestcruddatabase

Readme

RESTForge

npm version Node.js Version License Access

Schema-Driven Platform for Full-Stack Applications

RESTForge is the schema-driven platform for building full-stack applications from a single source of truth. As an umbrella brand, RESTForge brings together complementary products: RESTForge Server for backend REST API generation and execution, RESTForge Apps for frontend application generation, and RESTForge Studio as the visual editor for authoring configuration on both sides.

This package (restforgejs) is the runtime engine for RESTForge Server. It executes the JavaScript modules produced from schema configuration, providing routing, validation, caching, distributed locking, idempotency, and other reliability primitives required by production-grade REST APIs.

Access & Availability

RESTForge is currently in closed evaluation with a select group of early adopters. The platform is production-ready and actively used in real-world applications.

Access requires a valid license key:

  • Early Access Program — Limited slots for volunteer evaluators providing structured feedback. Apply at restforge.dev
  • Commercial Trial — Coming soon. Register interest at restforge.dev to be notified when trial licenses open to the public.
  • Commercial License — Available upon general release.

Note: Installing this package without a valid license key will not grant runtime access. The package is published on npm to simplify distribution for authorized evaluators.

Three Product Pillars

| Pillar | Meaning | |--------|---------| | Pragmatic | Real solutions to real problems engineering teams face every day | | Efficient | Minimal effort, maximum output, from schema to production application in minutes | | Reliable | Production-ready, with built-in reliability primitives for real-world scenarios |

Why RESTForge

RESTForge is built for engineering teams that value time and want full control over generated code. Unlike ORMs that hide SQL or low-code platforms that constrain flexibility, RESTForge generates standard JavaScript that can be read, debugged, and extended with familiar Node.js tooling. Generated code runs on the RESTForge runtime — an intentional infrastructure component rather than an abstraction that obscures how the application works.

  • Auto-generated endpoints from schema configuration handle CRUD scaffolding, letting teams focus on business rules
  • Equal multi-database support across PostgreSQL, MySQL, and Oracle with no vendor lock-in
  • Consistent API standard through a universal URL pattern and unified response envelope
  • Production-grade primitives for cache, distributed lock, idempotency, and rate limiting
  • Readable generated code that works with standard debuggers, profilers, and linters

Key Capabilities

Automatic API Generation

Endpoints are generated from schema configuration per business entity, including standard CRUD operations plus advanced actions such as composite master-detail, workflow transitions, and import/export.

Action-Based Endpoints

All operations follow a universal pattern POST /api/{project}/{endpoint}/{action}. This design supports complex filters, large payloads, and nested conditions without URL length limitations.

Declarative Validation

Field validation is defined in the schema, keeping rules centralized and easy to maintain. Supports rich data types, flexible constraints, automatic sanitization, custom error messages, and integrity helpers such as bcrypt password hashing and UUID auto-generation.

Built-in Reliability Primitives

Redis-backed components integrated at the framework level: automatic caching with invalidation, per-record distributed locks, idempotency protection on mutations, configurable rate limiting, and unique ID generation with a reservation lifecycle. The fieldPolicy mechanism adds row-locking and audit logging for critical columns through declarative configuration.

Background Jobs & Data Transfer

Job scheduler based on BullMQ for cron and manual triggers, Excel export as async jobs, and three-step Excel import (upload, preview, commit) with lookup resolution and upsert strategies.

Advanced Operations

Atomic master-detail transactions, workflow state machine with rule-validated transitions, and automatic scope filters for multi-tenant or business-context isolation.

Security & Access Control

Built-in row-level security via Request Scope, applying per-request filters derived from JWT context (such as app_id, branch_id, or company_id) for multi-tenant, multi-branch, and multi-company scenarios. HTTP security headers (Helmet integration) are available without external dependencies. Enforcement happens at the backend, is consistent across endpoints, and cannot be bypassed by clients.

Real-time Data Synchronization

Live Sync broadcasts data-change notifications over WebSocket pub/sub on every successful CREATE, UPDATE, or DELETE operation. Subscribed clients receive notifications automatically without polling. The dedicated Live Sync process runs separately from the REST API, is cluster-ready via Redis pub/sub, and requires API Key authentication for connection.

Design Philosophy

Code Generation, Not Runtime Interpretation

Schema configuration is translated into JavaScript source code at build time. The runtime executes already-prepared code, avoiding parsing overhead on every request and keeping stack traces readable in the team's own modules.

Action-Based Endpoint Pattern

Action-based endpoints replace the traditional HTTP-verb dispatch. This trade-off is deliberate: the practical needs of engineering teams take precedence over strict REST conformity, especially for complex queries, large payloads, and composite operations.

Equal Multi-Database Support

Each supported database has its own template generator and dialect adapter. Teams get SQL optimized for their database of choice (PostgreSQL, MySQL, Oracle) rather than a lowest-common-denominator abstraction.

Scalability & High Availability

RESTForge is designed stateless, so horizontal scaling is the primary path for capacity growth. A layered HA strategy is applied, where each layer can stand on its own and subsequent layers add resilience incrementally: cluster mode, process management, zero-downtime deploy, reverse proxy, graceful shutdown, multi-server, database HA, and Redis HA.

Extensibility

| Extension Point | Purpose | |-----------------|---------| | Component Engine | Lifecycle hooks before and after CRUD operations for validation, audit logging, and event publishing | | Custom Processor | Free-form endpoints outside the standard CRUD pattern, declarative SQL or JavaScript | | Server Plugin | Server-level extensions for middleware, background jobs, and global initialization | | Service Injection | Access to db, logger, redis, cache, and other services without hardcoded paths |

Out of Scope

Understanding the platform's boundaries is as important as understanding its capabilities. The following are intentionally not part of RESTForge and should be provided separately: database schema design, schema migration tools, OAuth or OIDC identity provider, GraphQL endpoints, and service mesh or API gateway functionality.

License

RESTForge is proprietary commercial software.

  • Trial / Evaluation — permitted for non-commercial evaluation, learning, and proof-of-concept purposes.
  • Commercial Use — production deployment, revenue-generating applications, and internal business use require a valid commercial license.

Redistribution, reverse engineering, and removal of copyright notices are prohibited.

For licensing inquiries, visit restforge.dev/licensing.html.

See the LICENSE.md file included in this package for the full license agreement.

Copyright © 2026 RESTForge Development Team. All rights reserved.

Security Notice

RESTForge is a commercial framework. Automated supply-chain scanners (Socket.dev, Snyk, and similar tools) may flag characteristics that are intentional design decisions, including obfuscated code, a preinstall script, network access, and dynamic code execution patterns produced by the obfuscator.

See SECURITY.md for the full security policy, including:

  • Supported versions and update channels
  • Vulnerability reporting procedure and response timeline
  • Detailed explanation of each scanner finding and why it is not a vulnerability
  • Package integrity verification procedure
  • Runtime security characteristics

Independent scanner scores (Socket.dev, as of publish):

| Metric | Score | |--------|-------| | Vulnerability | 100 / 100 | | Quality | 99 / 100 | | Maintenance | 95 / 100 |

No known CVEs or runtime vulnerabilities are present in this package. For security disclosures, please contact the team via restforge.dev or refer to SECURITY.md.