đź‘‹ Hey there,
Muneeb here. After losing one too many afternoons to:
- “Where did I put that route?”
- “Why is OpenAPI docs out of sync again?”
- “Who broke the build by pushing
anyto prod?”
…I quietly built the backend I wish the Node ecosystem already had.
Today it’s open-source and ready for prime-time.
👉 Repo: https://github.com/muneebhashone/typescript-backend-toolkit
👉 Web: https://tstoolkit.themuneebh.com
What it is (in one breath)
A plugin-based, type-safe Express boilerplate that ships with:
- MagicRouter – writes OpenAPI specs & Swagger UI for you from Zod schemas
-
Artisan-like CLI –
pnpm tbk generate:module usersscaffolds model → DTO → service → controller → router in 2 s -
Auto-generated TS SDK –
pnpm gen-sdkspits out a fully-typed client for your front-end -
Built-in admin panel – Django-style CRUD at
/admin(zero config) - Queue dashboard, email preview, Socket.IO tester, Prometheus metrics – all mounted and protected
- Formidable uploads, BullMQ jobs, Redis/Mongo sessions, S3/R2/local storage – plug & play via env vars
…and enough guardrails that even the intern can’t push broken code.
30-second spin-up
pnpm dlx create-tbk-app
cd <project-name>
pnpm dev
Need a users module?
pnpm tbk generate:module user
CLI drops 6 files.
Add your fields, run pnpm dev, refresh /docs - spec is live.
The “MagicRouter” pitch
Never write another route definition by hand:
// user.router.ts
router.post(
'/register',
{
requestType: { body: registerSchema },
responses: { 201: userOutSchema },
},
canAccess(), // optional auth middleware
handleRegister, // controller
);
That single object literal becomes:
- Runtime validation (Zod)
- OpenAPI JSON & Swagger UI
- TypeScript types for both request and response
- A typed SDK method when you run
pnpm tbk docs:sdk
Change the schema → spec & SDK regenerate themselves.
Plain Express routers are banned – the CLI won’t even generate them.
Plugin buffet (all warmed up)
| Plugin | What you get out of the box |
|---|---|
| logger | Pino + request-id + child logger everywhere |
| security | Helmet, CORS, rate-limit, powered by env |
| cache | Redis or memory, decorator-style helpers |
| auth | JWT + session (Mongo or Redis) with rotation |
| admin | Auto-generated CRUD UI, protected |
| realtime | Socket.IO namespaces + test UI at /realtime
|
| queue | BullMQ + dashboard at /queues
|
| magic | MagicRouter, response builders, OpenAPI gen |
Register only what you need – each plugin is a single line in src/app/app.ts.
CLI cheatsheet (copy-paste ready)
pnpm tbk generate:module posts --path /api/v1
pnpm tbk generate:plugin stripe
pnpm tbk generate:middleware throttle
pnpm tbk generate:factory product
pnpm tbk seed
pnpm tbk docs:openapi && pnpm tbk docs:sdk
Why we chose (and sometimes banned) things
- Zod over Joi/Yup - same parser for validation, types, and OpenAPI
-
Formidable over Multer - streaming parser that lands files in
req.body(noreq.filechaos) - Mongoose schemas stripped of validators - all validation lives in Zod DTOs; DB layer stays lean
-
Never
process.envdirectly - singlesrc/config/env.tsvalidated at boot, autocomplete everywhere - pnpm (recommended) - workspace scripts, fast installs, locked versions
Production checklist (all green)
- âś… Graceful shutdown handled
- âś… Request/response validation toggle (
RESPONSE_VALIDATION=strict) - âś… Prometheus metrics exposed (
/metrics) - âś… Health, ready, live probes (
/health,/ready)
Roadmap (contributions welcome)
- Prisma adapter alongside Mongoose
- tRPC plugin for folks who want RPC flavour
- GraphQL plugin (via Mercurius)
- Deno / Bun compatibility passes
Drop an issue or PR – the codebase is aggressively documented.
Grab it & ship
pnpm dlx create-tbk-app
cd <project-name>
pnpm dev
Star the repo if it saves you even an hour - that’s one more hour for memes.
Questions? Open a discussion, I hang out there nightly.
Happy shipping! 🛳️
Top comments (0)