Bend is a production-ready backend scaffolder that creates secure, optimized backend projects with enterprise-grade features baked in from day one.
- Production-Ready Security: helmet(), cors(), rate limiting, and HPP protection out of the box
- Enterprise Logging: Winston with daily rotation, structured metadata, and HTTP request logging
- Smart Detection: Auto-detects runtime (Node.js/Bun) and package manager (npm/pnpm/yarn/bun)
- Multiple Stacks: 8 template combinations (TypeScript/JavaScript × Express/Fastify × Mongoose/Prisma)
- Zero Configuration: Works immediately, customizable when needed
- TypeScript First: Full TypeScript support with strict mode enabled
# Latest version
npm create bend@latest
# With project name
npm create bend@latest my-backend# Using pnpm
pnpm create bend
# Using yarn
yarn create bend
# Using bun
bunx create-bendEvery Bend project includes:
- helmet - Sets security HTTP headers
- cors - Configurable cross-origin resource sharing
- rate-limit - DDoS protection (100 req/15min per IP)
- hpp - HTTP parameter pollution prevention
- Body size limits - Prevents memory exhaustion (10MB default)
- Error sanitization - Hides sensitive info in production
- Compression - gzip/deflate response compression
- Winston - Enterprise-grade logging
- Daily log rotation - Automatic archival (30-day retention)
- Separate log files - error.log, combined.log, exceptions.log
- HTTP request logging - Morgan middleware integration
- Structured metadata - JSON format for easy parsing
- Production-ready - Compatible with DataDog, Splunk, ELK, CloudWatch
- Async error handling -
express-async-errorsfor cleaner code - Centralized error middleware - Single point for error handling
- Graceful shutdown - Proper cleanup on SIGTERM/SIGINT
- Unhandled rejection handlers - No silent crashes
- TypeScript strict mode - Maximum type safety
- ESLint + Prettier - Code quality and formatting
- Environment variables - .env file support with dotenv
- Project structure - Clean, scalable architecture
- Example models - User model to get started quickly
- Node.js (≥18.0.0) - Auto-detected
- Bun (≥1.0.0) - Auto-detected
- TypeScript (Recommended) - Full type safety
- JavaScript (ESM) - Modern JavaScript
- Express - Battle-tested, extensive ecosystem
- Fastify - High performance, modern
- MongoDB + Mongoose - NoSQL with schema validation
- SQL + Prisma - PostgreSQL, MySQL, SQLite support
Total: 8 template combinations
my-backend/
├── src/
│ ├── config/
│ │ ├── database.ts # Database connection with retry logic
│ │ └── logger.ts # Winston logger with daily rotation
│ ├── controllers/ # Route controllers
│ │ └── health.controller.ts
│ ├── models/ # Database models
│ │ └── User.model.ts # Example user model
│ ├── routes/ # Express/Fastify routes
│ │ └── health.routes.ts
│ ├── services/ # Business logic layer
│ ├── middlewares/ # Custom middlewares
│ ├── utils/ # Utility functions
│ ├── app.ts # App configuration + middlewares
│ └── server.ts # Server entry point + graceful shutdown
├── logs/ # Auto-generated log directory
│ ├── combined-YYYY-MM-DD.log
│ ├── error-YYYY-MM-DD.log
│ └── exceptions-YYYY-MM-DD.log
├── .env # Environment variables
├── .gitignore
├── package.json
├── tsconfig.json # TypeScript strict mode
└── README.md # Project-specific README
// src/app.ts - Security & Logging (Auto-generated)
import helmet from 'helmet';
import cors from 'cors';
import rateLimit from 'express-rate-limit';
import hpp from 'hpp';
import compression from 'compression';
import morgan from 'morgan';
import logger from './config/logger';
const app = express();
// Security
app.use(helmet()); // Security headers
app.use(cors({ /* config */ })); // CORS
app.use(hpp()); // Parameter pollution prevention
// Rate limiting
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // 100 requests per IP
});
app.use('/api/', limiter);
// Logging
app.use(morgan('combined', {
stream: { write: (msg) => logger.info(msg.trim()) }
}));
// Compression
app.use(compression());
// Your routes...// src/config/logger.ts - Winston Logger (Auto-generated)
import winston from 'winston';
import DailyRotateFile from 'winston-daily-rotate-file';
const logger = winston.createLogger({
level: 'info',
format: winston.format.json(),
transports: [
new DailyRotateFile({
filename: 'logs/error-%DATE%.log',
level: 'error',
maxFiles: '30d',
}),
new DailyRotateFile({
filename: 'logs/combined-%DATE%.log',
maxFiles: '30d',
}),
],
});Bend is published as three npm packages:
Initializer package used via npm create bend.
npm create bend@latestWhat it does: Downloads and runs bend-core automatically.
Core library with all templates and scaffolding logic.
npx bend-coreUse case: Direct usage or programmatic access.
Global CLI wrapper (optional).
npm install -g bendjs
bendUse case: For users who prefer global installation.
- Node.js ≥18.0.0
- pnpm (recommended)
# Clone repository
git clone https://github.com/bendhq/bend.git
cd bend
# Install dependencies
pnpm install
# Build all packages
pnpm build
# Run linting
pnpm lint
# Format code
pnpm formatbend/
├── packages/
│ ├── create-bend/ # npm create initializer
│ │ ├── bin/
│ │ │ └── index.js # Delegates to bend-core
│ │ └── package.json
│ ├── bend-cli/ # Global CLI wrapper (bendjs)
│ │ ├── bin/
│ │ │ └── bend.js # Wrapper script
│ │ └── package.json
│ └── bend-core/ # Core library
│ ├── src/
│ │ ├── cli/ # CLI implementation
│ │ ├── scaffold/ # Project scaffolding
│ │ │ └── templates/ # All 8 templates
│ │ ├── types/ # TypeScript types
│ │ └── utils/ # Utilities
│ └── package.json
├── scripts/ # Build scripts
├── .github/
│ └── workflows/
│ └── ci.yml # CI/CD pipeline
├── package.json # Root package
├── pnpm-workspace.yaml # Workspace config
└── tsconfig.json # TypeScript config
# Test CLI locally
node packages/bend-core/dist/cli/index.js my-test-project
# Test with specific options
node packages/bend-core/dist/cli/index.js my-app --no-installConfigure your generated project via .env:
# Server
PORT=3000
NODE_ENV=development
# Database (MongoDB example)
MONGODB_URI=mongodb://localhost:27017/myapp
# Database (Prisma example)
DATABASE_URL="postgresql://user:password@localhost:5432/mydb"
# Security
CORS_ORIGIN=https://yourdomain.com
# Logging
LOG_LEVEL=info # error | warn | info | debug- Core CLI functionality
- Multiple runtime support (Node.js, Bun)
- Express & Fastify frameworks
- Mongoose & Prisma ORMs
- TypeScript & JavaScript
- Security middlewares (helmet, cors, rate-limit, hpp)
- Winston logging with daily rotation
- GitHub Actions CI/CD
- ESLint + Prettier
- Docker support
- Authentication templates (JWT, OAuth)
- Testing setup (Jest)
- API documentation (Swagger/OpenAPI)
- GraphQL support
- Microservices templates
We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
MIT © Bend
- GitHub: https://github.com/bendhq/bend
- npm (bend-core): https://www.npmjs.com/package/bend-core
- npm (create-bend): https://www.npmjs.com/package/create-bend
- npm (bendjs): https://www.npmjs.com/package/bendjs
- Website: https://bendhq.org
- Issues: https://github.com/bendhq/bend/issues
- Discussions: https://github.com/bendhq/bend/discussions
Built with:
Bend - Production-ready backends in seconds, not hours.