Packages
nestarc publishes independent NestJS packages for production SaaS backends. Install only the modules that solve the problem in front of you, then add the next layer when the product needs it.
Current scope
There are 13 SaaS backend packages under the @nestarc npm scope. Developer tools such as @nestarc/mcp-guard live under Tooling instead of this package adoption path.
Status model
| Status | Meaning |
|---|---|
| Core | Mature package docs and generated API reference are available. |
| Beta | Published package with production-oriented docs; full generated API reference is being expanded. |
| Labs | Experimental or developer tooling outside the SaaS backend package lineup. |
Recommended adoption path
| Step | Add this layer | Packages | Use when |
|---|---|---|---|
| 1 | SaaS API foundation | tenancy, safe-response, pagination | You are building tenant-scoped HTTP APIs and want consistent response and list behavior. |
| 2 | Data safety | soft-delete, idempotency | Deletes, retries, payments, imports, or external callbacks can corrupt state if handled ad hoc. |
| 3 | Operations and auth | audit-log, api-keys, feature-flag, rbac | Teams need traceability, scoped machine access, controlled rollout, or tenant-aware authorization. |
| 4 | Async and integration | outbox, jobs, webhook | Writes need reliable event fan-out, background work, or outbound delivery. |
| 5 | Privacy and compliance | data-subject | Export, erase, retention, and legal basis workflows need consistent policy handling. |
See the Adoption Roadmap for the detailed sequence.
Package matrix
Foundation
| Package | Status | Version | Solves | Start here |
|---|---|---|---|---|
@nestarc/tenancy | Core | 0.12.0 | Tenant context, PostgreSQL RLS, Prisma query isolation. | You need tenant data isolation enforced below application code. |
@nestarc/safe-response | Core | 0.14.0 | Consistent API envelopes, errors, pagination, Swagger helpers. | Frontend teams need predictable responses across controllers. |
@nestarc/pagination | Core | 0.1.0 | Cursor and offset pagination with filters, sorting, and Swagger. | List endpoints are gaining custom query parsing and repeated DTOs. |
Data safety
| Package | Status | Version | Solves | Start here |
|---|---|---|---|---|
@nestarc/soft-delete | Core | 0.4.0 | Prisma soft delete, cascade, restore, purge, event hooks. | Deleting records must preserve auditability and avoid accidental reads. |
@nestarc/idempotency | Beta | 0.3.0 | IETF-style Idempotency-Key, fingerprinting, response replay. | Retries can duplicate payments, orders, imports, or webhook receivers. |
Operations and auth
| Package | Status | Version | Solves | Start here |
|---|---|---|---|---|
@nestarc/audit-log | Core | 0.1.0 | Prisma CUD auto-tracking, before/after diff, actor metadata. | You need to answer who changed what, when, and from where. |
@nestarc/api-keys | Beta | 0.1.0 | Tenant-scoped API keys, hashing, peppers, environments, scopes. | Customers or integrations need scoped machine access. |
@nestarc/feature-flag | Core | 0.3.0 | DB-backed flags, cache adapters, rollout, tenant overrides, Admin API. | You want gradual rollout without external flag-service dependency. |
@nestarc/rbac | Beta | 0.1.0 | Tenant-aware roles, permissions, guards, resource scopes, Prisma storage. | Controllers and services have ad hoc role checks that are starting to drift. |
Async and integration
| Package | Status | Version | Solves | Start here |
|---|---|---|---|---|
@nestarc/outbox | Beta | 0.1.0 | Transactional outbox, polling, SKIP LOCKED, retry, event decorators. | Database writes and event emission must succeed or recover together. |
@nestarc/jobs | Beta | 0.1.0 | Tenant-fair jobs, in-memory scheduler, BullMQ backend, context propagation. | One tenant's backlog should not starve everyone else's work. |
@nestarc/webhook | Beta | 0.12.1 | HMAC-signed webhook delivery, retries, circuit breaker, delivery logs. | Your app sends events to customer endpoints. |
Privacy and compliance
| Package | Status | Version | Solves | Start here |
|---|---|---|---|---|
@nestarc/data-subject | Beta | 0.1.0 | GDPR/CCPA export and erase policies, retention, anonymization, outbox fan-out. | Privacy requests touch invoices, audit logs, tax records, and tenant data. |
Tooling
| Tool | Status | Version | Purpose |
|---|---|---|---|
@nestarc/mcp-guard | Labs | 0.2.0 | Static scanning for MCP servers and MCP client configuration files. |
Install pattern
Each package can be installed by name:
bash
npm install @nestarc/tenancyReplace tenancy with the package you want to adopt. Package-specific peer dependencies and setup steps are listed in each package's Installation page.