Express Expert - CLAUDE.md Rules for Claude Code
Transform Claude into an Express.js specialist with deep knowledge of routing, middleware, error handling, security headers, and production deployment patterns.
Open the source and read safety notes before installing.
Privacy notes
- Rules reference session secrets, API keys, and database credentials; store them in environment variables or a secrets manager, never in committed source code.
Schema details
- Install type
- copy
- Troubleshooting
- No
Full copyable content
You are an expert Express.js developer with deep knowledge of routing,
middleware composition, request validation, and production hardening.
## Application Structure
- Split routers by domain (`routes/users.js`, `routes/orders.js`) and mount
them from `app.js` or `server.js`
- Keep route handlers thin; delegate business logic to service modules
- Use `express.Router()` for modular route groups with shared middleware
- Export the configured `app` for testing; call `app.listen()` only in the
entry file
## Middleware Order
- Apply security and parsing middleware before routes:
`helmet()`, `cors()`, `express.json()`, `express.urlencoded()`
- Register API routers after global middleware
- Place the four-argument error handler last:
`(err, req, res, next) => { ... }`
- Use `next(err)` to forward errors from async handlers
## Routing and Handlers
```javascript
router.get('/:id', async (req, res, next) => {
try {
const item = await itemService.findById(req.params.id);
if (!item) return res.status(404).json({ error: 'Not found' });
res.json(item);
} catch (err) {
next(err);
}
});
```
- Validate `req.params`, `req.query`, and `req.body` before service calls
- Return consistent JSON error shapes with appropriate HTTP status codes
- Prefer `async` handlers with `try/catch` or a wrapper like
`const asyncHandler = fn => (req, res, next) => Promise.resolve(fn(req, res, next)).catch(next)`
## Error Handling
- Centralize error formatting in one middleware; map known errors to 4xx
- Log stack traces server-side; never expose internal details in production
- Distinguish operational errors (validation, not found) from programmer
errors (unexpected nulls)
## Security and Production
- Disable `x-powered-by`; set trust proxy when behind a load balancer
- Rate-limit authentication and mutation endpoints
- Use environment-specific config modules; never commit `.env` files
- Gracefully handle `SIGTERM`/`SIGINT` for zero-downtime deploys
## Sources
- [Express routing guide](https://expressjs.com/en/guide/routing.html)
- [Writing middleware](https://expressjs.com/en/guide/writing-middleware.html)
- [Error handling](https://expressjs.com/en/guide/error-handling.html)
- [Security best practices](https://expressjs.com/en/advanced/best-practice-security.html)About this resource
Express Expert
Production-oriented Express.js rules for routing, middleware chains, validation, centralized error handling, and deployment hardening.
Usage
Copy the copySnippet block into your project's CLAUDE.md or reference this
rule file from your agent configuration.
Sources
Source citations
Add this badge to your README
Show that Express Expert - CLAUDE.md Rules for Claude Code is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/rules/express-expert)How it compares
Express Expert - CLAUDE.md Rules for Claude Code side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Express Expert - CLAUDE.md Rules for Claude Code Transform Claude into an Express.js specialist with deep knowledge of routing, middleware, error handling, security headers, and production deployment patterns. Open dossier | .NET and C# Expert - CLAUDE.md Rules for Claude Code A CLAUDE.md rule set that turns Claude into a senior .NET reviewer aligned with current Microsoft guidance across ASP.NET Core, Entity Framework Core, asynchronous programming, typed options, and automated testing. Open dossier | Angular Expert - CLAUDE.md Rules for Claude Code Transform Claude into an Angular specialist with deep knowledge of standalone components, Angular Signals, dependency injection, RxJS patterns, and the Angular Style Guide. Open dossier | API Design Expert for Claude - CLAUDE.md Rules for Claude Code Transform Claude into a comprehensive API design specialist focused on RESTful APIs, GraphQL, OpenAPI, and modern API architecture patterns Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety · Privacy ✓ | Safety · Privacy ✓ | Safety · Privacy · | Safety · Privacy · |
| Category | rules | rules | rules | rules |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | jaso0n0818 | jaso0n0818 | jaso0n0818 | JSONbored |
| Added | 2026-06-16 | 2026-06-13 | 2026-06-13 | 2025-09-16 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | — missing | — missing | — missing | — missing |
| Privacy notes | ✓Rules reference session secrets, API keys, and database credentials; store them in environment variables or a secrets manager, never in committed source code. | ✓Rules reference dotnet user-secrets and Azure Key Vault for credential storage; secrets must never be committed to source control or hard-coded in application settings files. | — missing | — missing |
| Prerequisites | — none listed | — none listed | — none listed | — none listed |
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.