Skills cc-skill-backend-patterns
📦

cc-skill-backend-patterns

Low Risk 🔑 Env variables

Build Scalable Backend Systems

Backend applications often suffer from poor architecture, scalability issues, and security vulnerabilities. This skill provides proven patterns for API design, database optimization, caching, authentication, and error handling.

Supports: Claude Codex Code(CC)
⚠️ 66 Poor
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "cc-skill-backend-patterns". Show me how to design a RESTful API for a products resource

Expected outcome:

GET /api/products - List all products
GET /api/products/:id - Get single product
POST /api/products - Create product
PUT /api/products/:id - Replace product
PATCH /api/products/:id - Update product
DELETE /api/products/:id - Delete product

Query params: ?status=active&sort=price&limit=20&offset=0

Using "cc-skill-backend-patterns". How do I prevent N+1 queries when fetching orders with customers?

Expected outcome:

Instead of:
for (const order of orders) {
order.customer = await getCustomer(order.customerId)
}

Use:
const customerIds = orders.map(o => o.customerId)
const customers = await getCustomers(customerIds)
const customerMap = new Map(customers.map(c => [c.id, c]))
orders.forEach(o => o.customer = customerMap.get(o.customerId))

Using "cc-skill-backend-patterns". Create a JWT authentication middleware

Expected outcome:

export function verifyToken(token: string) {
try {
return jwt.verify(token, process.env.JWT_SECRET!)
} catch (error) {
throw new ApiError(401, 'Invalid token')
}
}

export async function requireAuth(request: Request) {
const token = request.headers.get('authorization')?.replace('Bearer ', '')
if (!token) throw new ApiError(401, 'Missing token')
return verifyToken(token)
}

Security Audit

Low Risk
v1 • 2/25/2026

Educational backend development patterns skill. Static analyzer flagged numerous false positives due to misidentification of code comments as shell commands, environment variable access as sensitive data exposure, and URL paths as reconnaissance. True positive finding: JWT secret accessed via process.env - standard secure practice. No malicious behavior detected.

1
Files scanned
590
Lines analyzed
2
findings
1
Total audits
Low Risk Issues (1)
SKILL.md:354
Environment Variable Access
Code accesses process.env.JWT_SECRET for JWT token verification. This is a standard secure practice for configuration management and does not expose secrets.

Risk Factors

🔑 Env variables (1)
SKILL.md:354

Detected Patterns

False Positive: Shell Command DetectionFalse Positive: Python HTTP Library DetectionFalse Positive: System Reconnaissance DetectionFalse Positive: Weak Cryptographic Algorithm
Audited by: claude

Quality Score

38
Architecture
90
Maintainability
87
Content
22
Community
88
Security
87
Spec Compliance

What You Can Build

Design New API Endpoints

Architects and developers building new REST APIs can apply the resource-based URL patterns and middleware approaches for consistent, maintainable API design.

Optimize Slow Database Queries

Developers experiencing performance issues can identify and fix N+1 query problems using batch fetching and query optimization patterns.

Implement Secure Authentication

Developers adding authentication to their applications can implement JWT validation and role-based access control following security best practices.

Try These Prompts

Design API Structure 
Design a RESTful API structure for a [resource] resource. Include endpoints for listing, getting by ID, creating, updating, and deleting. Show query parameter examples for filtering and pagination.
Optimize Database Query 
I have a function that fetches a list of orders and then loops through each to get customer details. This is causing slow performance. Show me how to refactor this using the batch fetch pattern to avoid N+1 queries.
Add JWT Authentication 
Show me how to implement JWT token validation and a requireAuth middleware for protecting API routes. Include error handling for invalid tokens.
Implement Caching Layer 
Create a cache-aside pattern implementation using Redis for a getUser function. Include cache hit/miss logic and cache invalidation.

Best Practices

  • Separate concerns using repository, service, and controller layers for maintainable code
  • Always validate input using schema validation libraries like Zod before processing
  • Implement caching strategically - cache expensive operations but invalidate properly

Avoid

  • Do not select all columns with SELECT * - specify only needed fields for better performance
  • Avoid nesting database calls in loops - use batch fetches instead
  • Do not expose raw database errors to clients - use centralized error handling

Frequently Asked Questions

What languages and frameworks does this skill cover?
This skill covers TypeScript patterns for Node.js, Express, and Next.js API routes. The concepts apply to other frameworks but code examples are specific to these technologies.
How do I choose between PUT and PATCH?
Use PUT for complete resource replacement - the client sends all fields. Use PATCH for partial updates - the client sends only the fields to change.
When should I use Redis vs in-memory caching?
Use Redis for distributed caching across multiple servers. Use in-memory caching for single-server applications or when sharing cache is not required.
How do I handle authentication in serverless functions?
Validate JWT tokens at the function entry point using middleware. Extract user information from the token and attach to the request context.
What is the recommended way to structure a backend project?
Organize by feature or layer. Common approach: routes/controllers handle HTTP, services contain business logic, repositories handle data access. Keep related code together.
How do I implement rate limiting properly?
Use a distributed rate limiter like Redis for production. Track requests by IP or user ID. Set appropriate limits based on your API requirements and monitor for abuse.

Developer Details

Author

affaan-m

License

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/cc-skill-backend-patterns

Ref

main

File structure

📄 SKILL.md