nestarc

English

한국어

English

한국어

Appearance

nestarcProduction-ready NestJS modules for SaaS backends

Multi-tenancy, audit logs, feature flags, and more — built on Prisma & PostgreSQL

Get Started
View on GitHub

tenancy

PostgreSQL RLS + Prisma multi-tenancy. Row-level isolation out of the box.

v0.8.0

safe-response

API response wrapper with Swagger integration, pagination, and i18n support.

v0.13.1

audit-log

Prisma CUD auto-tracking with before/after diff. Know who changed what.

v0.1.0

feature-flag

DB-based feature flags with pluggable cache, Admin API, and tenant overrides.

v0.2.0

soft-delete

Prisma soft-delete extension with cascade delete and restore support.

v0.2.0

pagination

Cursor + offset pagination with 12 filter operators. Works with Swagger.

v0.1.0

idempotency

IETF-draft idempotency with pluggable storage and response replay.

v0.1.3

outbox

Prisma-native transactional outbox with polling, retry, and @OnOutboxEvent() decorator.

v0.1.0

webhook

Outbound webhook delivery with HMAC signing, circuit breaker, retry, and delivery logs.

v0.2.0

api-keys

Tenant-scoped API keys — Stripe-style format, SHA-256 + versioned peppers, live/test isolation, scope guards.

v0.1.0

data-subject

GDPR/CCPA export & erase toolkit — entity policies with delete/anonymize/retain, legal retention, outbox fan-out.

v0.1.0

jobs

Tenant-fair background jobs — weighted in-memory scheduler, BullMQ backend, ALS context propagation, outbox bridge.

v0.1.0

Why nestarc?

Every multi-tenant SaaS backend needs the same operational building blocks. Building them from scratch takes weeks and introduces subtle bugs. nestarc solves them once, correctly.

Tenant Isolation
One misconfigured query leaks customer data across tenants.
PostgreSQL RLS enforces isolation at the database level.
Audit Trail
Manually logging every write is tedious and easy to forget.
Prisma extension auto-tracks CUD with before/after diffs.
Feature Flags
External flag services add latency, cost, and a new dependency.
DB-backed flags with tenant overrides and percentage rollouts.
Soft Delete
deletedAt alone breaks unique constraints and leaks deleted records.
Prisma extension with cascade, restore, and query filtering.
Pagination
Implementing cursor + offset with filters is boilerplate-heavy.
12 filter operators, sorting, and Swagger docs out of the box.
Response Format
Inconsistent API envelopes across endpoints frustrate frontend teams.
Auto-wrapped responses with error codes, pagination, and i18n.
Idempotency
Network retries cause double charges, duplicate orders, and corrupt state.
IETF-standard Idempotency-Key header with response replay.
Transactional Outbox
DB writes and event emission can get out of sync, causing lost or duplicate events.
Prisma-native outbox with polling, SKIP LOCKED, and retry with backoff.
Webhook Delivery
Reliable outbound webhooks require retry, signing, circuit breaking, and audit trails.
HMAC-signed delivery with exponential backoff, circuit breaker, and full delivery logs.
API Keys
Rolling your own key hashing, prefixing, and rotation is one bug away from a credential leak.
SHA-256 + versioned peppers, Stripe-style prefixes, and test/live environment isolation.
Data Subject Rights
GDPR/CCPA export and erase requests collide with legal retention on invoices, audits, and tax records.
Per-entity policies with delete/anonymize/retain, legal basis tracking, and outbox fan-out.
Background Jobs
One noisy tenant's backlog starves every other tenant's jobs in a plain FIFO queue.
Weighted tenant-fair scheduler with minimum share, plus BullMQ backend for production.

Without nestarc

typescript
// Scattered across 50+ services, easy to forget, hard to audit
async updateUser(id: string, dto: UpdateUserDto) {
  const before = await this.prisma.user.findUnique({ where: { id } });
  await this.prisma.$executeRaw`SELECT set_config('app.current_tenant', ${tenantId}, true)`;
  const after = await this.prisma.user.update({ where: { id, deletedAt: null }, data: dto });
  await this.auditService.log({ action: 'user.update', before, after });
  return { success: true, data: after, timestamp: new Date() };
}

With nestarc

typescript
// Tenant isolation, audit logging, soft-delete filtering, and response wrapping
// are all handled automatically by Prisma extensions and NestJS interceptors.
async updateUser(id: string, dto: UpdateUserDto) {
  return this.prisma.user.update({ where: { id }, data: dto });
}

Near-zero overhead

Every module is benchmarked. Most add less than 1ms — some make queries faster.

tenancy
-24%
RLS filters rows, fewer returned
safe-response
< 0.2ms
Response wrapping overhead
audit-log
+1ms
Per write with diff tracking
feature-flag
0.04ms
Flag evaluation (cache hit)
soft-delete
0ms
Zero overhead — actually faster
pagination
~1ms
Per page with filters & sort
idempotency
0.04ms
First-request overhead (MemoryStorage)
outbox
< 0.1ms
Emit overhead per event in transaction
webhook
< 1ms
Event persist + fan-out creation overhead
api-keys
~5µs
verify() per request (timing-safe)
data-subject
~0.5ms
erase() 1000 rows (library overhead)
jobs
~2µs
Enqueue overhead per call

Build a complete multi-tenant API in 30 minutes.

Full TutorialQuick Start (5 min)

Released under the MIT License.

Copyright © 2026 nestarc