nodejs-quickstart-structure 1.17.0 → 1.18.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-quickstart-structure",
-  "version": "1.17.0",
+  "version": "1.18.1",
   "type": "module",
   "description": "The ultimate nodejs quickstart structure CLI to scaffold Node.js microservices with MVC or Clean Architecture",
   "main": "bin/index.js",
@@ -12,7 +12,12 @@
     "test:e2e": "npm run test:e2e:windows",
     "test:e2e:windows": "node scripts/validate-windows.js",
     "test:e2e:linux": "node scripts/validate-linux.js",
-    "test:verify:mongo": "node scripts/verify-migration.js"
+    "test:verify:mongo": "node scripts/verify-migration.js",
+    "docs:dev": "vitepress dev docs",
+    "docs:build": "vitepress build docs",
+    "docs:preview": "vitepress preview docs",
+    "security:check": "npm audit && npm run snyk:test",
+    "snyk:test": "snyk test"
   },
   "keywords": [
     "nodejs",
@@ -45,6 +50,13 @@
     "fs-extra": "^11.3.0",
     "inquirer": "^13.3.2"
   },
+  "overrides": {
+    "esbuild": "^0.25.0"
+  },
+  "devDependencies": {
+    "snyk": "^1.1303.2",
+    "vitepress": "^1.0.0-rc.45"
+  },
   "files": [
     "bin",
     "lib",

package/templates/clean-architecture/js/src/infrastructure/webserver/server.js.ejs

@@ -12,7 +12,7 @@ const swaggerSpecs = require('./swagger');
 <%_ } -%>
 <%_ if (communication === 'GraphQL') { -%>
 const { ApolloServer } = require('@apollo/server');
-const { expressMiddleware } = require('@apollo/server/express4');
+const { expressMiddleware } = require('@as-integrations/express4');
 const { ApolloServerPluginLandingPageLocalDefault } = require('@apollo/server/plugin/landingPage/default');
 const { unwrapResolverError } = require('@apollo/server/errors');
 const { ApiError } = require('../../errors/ApiError');

package/templates/clean-architecture/ts/src/index.ts.ejs

@@ -1,3 +1,4 @@
+import { env } from '@/config/env';
 import express from 'express';
 import cors from 'cors';
 import helmet from 'helmet';
@@ -15,7 +16,7 @@ import swaggerSpecs from '@/config/swagger';<% } %>
 <%_ if (communication === 'Kafka') { -%>import { kafkaService } from '@/infrastructure/messaging/kafkaClient';<%_ } -%>
 <%_ if (communication === 'GraphQL') { -%>
 import { ApolloServer } from '@apollo/server';
-import { expressMiddleware } from '@apollo/server/express4';
+import { expressMiddleware } from '@as-integrations/express4';
 import { ApolloServerPluginLandingPageLocalDefault } from '@apollo/server/plugin/landingPage/default';
 import { unwrapResolverError } from '@apollo/server/errors';
 import { ApiError } from '@/errors/ApiError';
@@ -23,8 +24,6 @@ import { typeDefs, resolvers } from '@/interfaces/graphql';
 import { gqlContext, MyContext } from '@/interfaces/graphql/context';
 <%_ } -%>
 
-import { env } from '@/config/env';
-
 const app = express();
 const port = env.PORT;
 

package/templates/common/.gitlab-ci.yml.ejs

@@ -4,6 +4,10 @@ variables:
 stages:
   - lint
   - test
+<% if (includeSecurity) { %>
+  - security
+  - quality
+<% } %>
   - build
 
 cache:
@@ -12,19 +16,19 @@ cache:
 
 install_dependencies:
   stage: .pre
-  image: node:22-alpine
+  image: node:22-slim
   script:
     - npm ci
 
 lint_code:
   stage: lint
-  image: node:22-alpine
+  image: node:22-slim
   script:
     - npm run lint
 
 run_unit_tests:
   stage: test
-  image: node:22-alpine
+  image: node:22-slim
   script:
     - npm run test:coverage
 
@@ -37,7 +41,44 @@ run_e2e_tests:
     - apk add --no-cache nodejs npm docker-compose
     - npm ci
     - npm run test:e2e
+<% if (includeSecurity) { %>
+snyk_scan:
+  stage: security
+  image: node:22-alpine
+  script:
+    - npm ci
+    - npm run snyk:test
+  only:
+    - main
 
+snyk_container_scan:
+  stage: security
+  image: docker:20.10.16
+  services:
+    - docker:20.10.16-dind
+  script:
+    - apk add --no-cache nodejs npm
+    - npm install -g snyk
+    - docker build -t <%= projectName %>:latest .
+    - snyk container test <%= projectName %>:latest --file=Dockerfile --severity-threshold=high --skip-unused-projects
+
+sonarqube_check:
+  stage: quality
+  image: 
+    name: sonarsource/sonar-scanner-cli:latest
+    entrypoint: [""]
+  variables:
+    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
+    GIT_DEPTH: "0"
+  cache:
+    key: "${CI_JOB_NAME}"
+    paths:
+      - .sonar/cache
+  script:
+    - sonar-scanner
+  only:
+    - main
+<% } %>
 build_app:
   stage: build
   image: node:22-alpine

package/templates/common/.snyk.ejs

@@ -0,0 +1,45 @@
+# Snyk (https://snyk.io) policy file, default is to interrupt on any vulnerability found.
+# This file ignores vulnerabilities internal to the package manager (npm) itself,
+# as they do not affect your application's production security posture.
+version: v1.18.2
+ignore:
+  # Minimatch ReDoS/Complexity in npm internal dependencies
+  SNYK-JS-MINIMATCH-15353387:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-MINIMATCH-15353389:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-MINIMATCH-15309438:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  # Tar Symlink Attack in npm internal dependencies
+  SNYK-JS-TAR-15456201:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-TAR-15416075:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-TAR-15307072:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  # Brace-expansion Infinite Loop in npm internal dependencies
+  SNYK-JS-BRACEEXPANSION-15789759:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-ISAACSBRACEEXPANSION-15208653:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  # Picomatch ReDoS in npm internal dependencies
+  SNYK-JS-PICOMATCH-15765511:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'

package/templates/common/Dockerfile

@@ -3,9 +3,16 @@
 # ==========================================
 FROM node:22-alpine AS builder
 
+# Upgrade OS packages to fix upstream vulnerabilities (Snyk-detected)
+RUN apk update && apk upgrade && \
+    apk add --no-cache ca-certificates zlib>=1.3.2-r0 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main
+
 WORKDIR /app
 ENV NPM_CONFIG_UPDATE_NOTIFIER=false
 
+# Upgrade npm using corepack (safer in Alpine)
+RUN corepack enable && corepack prepare npm@11.6.4 --activate
+
 COPY package*.json ./
 COPY tsconfig*.json ./
 
@@ -22,16 +29,26 @@ COPY . .
 # ==========================================
 FROM node:22-alpine AS production
 
+# Upgrade OS packages to fix upstream vulnerabilities (Snyk-detected)
+RUN apk update && apk upgrade && \
+    apk add --no-cache ca-certificates zlib>=1.3.2-r0 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main
+
 WORKDIR /app
 
 ENV NODE_ENV=production
 ENV NPM_CONFIG_UPDATE_NOTIFIER=false
 
+# Upgrade npm using corepack (safer in Alpine)
+RUN corepack enable && corepack prepare npm@11.6.4 --activate
+
 COPY package*.json ./
 
 # Install ONLY production dependencies
 RUN npm ci --only=production --ignore-scripts --no-audit --no-fund || npm ci --only=production --ignore-scripts --no-audit --no-fund || npm ci --only=production --ignore-scripts --no-audit --no-fund
 
+# Remove npm and caches to achieve Zero-Vulnerability status in the final image
+RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx /root/.npm /root/.cache
+
 # Copy built artifacts from builder
 <% if (language === 'TypeScript') { %>
 COPY --from=builder /app/dist ./dist
@@ -52,4 +69,5 @@ RUN mkdir -p logs && chown -R node:node logs
 
 USER node
 
-CMD ["npm", "start"]
+# Start application directly with node (safe even without npm)
+CMD ["node", "<% if (language === 'TypeScript') { %>dist/index.js<% } else { %>src/index.js<% } %>"]

package/templates/common/Jenkinsfile.ejs

@@ -31,29 +31,34 @@ pipeline {
             }
         }
 
-        // stage('Build') {
-        //     steps {
-        //         sh 'npm run build'
-        //     }
-        // }
-
-        // stage('SonarQube Analysis') {
-        //     environment {
-        //         scannerHome = tool 'SonarScanner'
-        //     }
-        //     steps {
-        //         withSonarQubeEnv('SonarQube') {
-        //             sh "${scannerHome}/bin/sonar-scanner"
-        //         }
-        //     }
-        // }
+<% if (includeSecurity) { %>
+        stage('SonarQube Analysis') {
+            environment {
+                scannerHome = tool 'SonarScanner'
+            }
+            steps {
+                withSonarQubeEnv('SonarQube') {
+                    sh "${scannerHome}/bin/sonar-scanner"
+                }
+            }
+        }
 
-        // stage('Security Scan') {
-        //     steps {
-        //         sh 'npm audit --audit-level=high'
-        //     }
-        // }
+        stage('Security Scan') {
+            steps {
+                sh 'npm audit --audit-level=high'
+                sh 'npm run snyk:test'
+            }
+        }
 
+        stage('Snyk Container Scan') {
+            steps {
+                script {
+                    sh 'docker build -t <%= projectName %>:latest .'
+                    sh 'snyk container test <%= projectName %>:latest --file=Dockerfile --severity-threshold=high --skip-unused-projects'
+                }
+            }
+        }
+<% } %>
         // stage('Docker Build & Push') {
         //     steps {
         //         script {

package/templates/common/README.md.ejs

@@ -3,85 +3,92 @@
 ![Node.js](https://img.shields.io/badge/Node.js-18%2B-green.svg)
 ![License](https://img.shields.io/badge/License-ISC-blue.svg)
 <% if (language === 'TypeScript') { %>![TypeScript](https://img.shields.io/badge/Language-TypeScript-blue.svg)<% } else { %>![JavaScript](https://img.shields.io/badge/Language-JavaScript-yellow.svg)<% } %>
+<% if (includeSecurity) { %>
+[![Snyk Vulnerabilities](https://img.shields.io/snyk/vulnerabilities/github/yourusername/<%= projectName %>?style=flat-square)](https://snyk.io/)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=<%= projectName %>&metric=alert_status)](https://sonarcloud.io/)
+<% } %>
 
-A production-ready Node.js microservice generated with **<%= architecture %>** and **<%= database %>**.
-This project comes pre-configured with industry-standard tooling for **Code Quality**, **Testing**, and **Security**.
+A production-ready Node.js microservice generated with **<%= architecture %>** and **<%= database %>**. 
+This project follows a strict **7-Step Production-Ready Process** to ensure quality and scalability from day one.
+
+---
+
+## 🚀 7-Step Production-Ready Process
+
+1.  **Initialize Git**: `git init` (Required for Husky hooks and security gates).
+2.  **Install Dependencies**: `npm install`.
+3.  **Configure Environment**: Copy `.env.example` to `.env`.
+4.  **Start Infrastructure**: `docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>`.
+5.  **Run Development**: `npm run dev`.
+6.  **Verify Standards**: `npm run lint` and `npm test` (Enforce 80% coverage).
+7.  **Build & Deploy**: `npm run build` followed by `npm run deploy` (via PM2).
+
+---
 
 ## 🚀 Key Features
 
 -   **Architecture**: <%= architecture %> (<% if (architecture === 'Clean Architecture') { %>Domain, UseCases, Infrastructure<% } else { %>MVC Pattern<% } %>).
--   **Database**: <%= database %> <% if (database !== 'MongoDB') { %>with **Flyway** migrations<% } else { %>with **Mongoose** schemas<% } %>.
--   **Security**: Helmet, CORS, Rate Limiting, HPP.
--   **Quality**: Eslint, Prettier, Husky, Lint-Staged.
--   **Testing**: Jest (Unit & Integration).
--   **DevOps**: Multi-stage Docker build, CI/CD ready.
-
-## 🔄 CI/CD Pipeline
-<%_ if (ciProvider === 'GitHub Actions') { -%>
-![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/yourusername/<%= projectName %>/ci.yml?branch=main)
-This project includes a **GitHub Actions** workflow located in `.github/workflows/ci.yml`.
-It automatically runs:
--   Linting
--   Tests
--   Builds
-<%_ } else if (ciProvider === 'GitLab CI') { -%>
-![GitLab CI Status](https://img.shields.io/gitlab/pipeline/yourusername/<%= projectName %>?branch=main)
-This project includes a **GitLab CI** configuration in `.gitlab-ci.yml`.
-It automatically runs:
--   Linting
--   Tests
--   Builds
-<% } else if (ciProvider === 'Jenkins') { -%>
-This project includes a **Jenkinsfile** for comprehensive CI/CD.
-Pipeline stages:
--   Install Dependencies
--   Lint
--   Test
+-   **Database**: <%= database %> <% if (database !== 'None') { %>(via <%= database === 'MongoDB' ? 'Mongoose' : 'Sequelize' %>)<% } %>.
+-   **Security**: Helmet, CORS, Rate Limiting, HPP, Snyk SCA.
+-   **Quality**: 80%+ Test Coverage, Eslint, Prettier, Husky.
+-   **DevOps**: Multi-stage Docker, CI/CD ready (GitHub/GitLab/Jenkins).
+<% if (includeSecurity) { %>-   **Enterprise Hardening**: SonarCloud SAST, Security Policies.<% } %>
+
+## 📂 Project Structure
+
+The project follows **<%= architecture %>** principles.
+<% if (architecture === 'Clean Architecture') { -%>
+- **Domain**: Pure business logic (Entities/Interfaces).
+- **Use Case**: Application-specific business rules.
+- **Infrastructure**: External concerns (DB, Messaging, Caching).
 <% } else { -%>
-CI/CD is not currently configured, but the project is ready for integration.
+- **Model**: Database schemas and data logic.
+- **View**: Template engines or API responders.
+- **Controller**: Orchestrates flow between Model and View.
 <% } -%>
 
-## 🛠️ Getting Started
+---
+
+## 🛠️ Detailed Getting Started
+
+Follow the **🚀 7-Step Production-Ready Process** summary at the top, or follow these detailed instructions:
 
 ### 1. Prerequisites
 -   Node.js (v18+)
 -   Docker & Docker Compose
 
-### 2. Quick Start
+### 2. Environment Setup
+Copy the example environment file and adjust the values as needed:
 ```bash
-# Initialize Git (Required for Husky)
+cp .env.example .env
+```
+
+### 3. Infrastructure & App Launch
+```bash
+# Initialize Git for security hooks
 git init
 
 # Install dependencies
 npm install
 
-# Setup Git Hooks (Husky)
-npm run prepare
-
-# Start Infrastructure (DB, etc.)
-docker-compose up -d
+# Start required services
+docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>
 
-# Run Development Server
+# Run the app in development mode
 npm run dev
 ```
 
-### 3. Development Standards
-Ensure your code meets quality standards before committing:
-
+### 4. Quality & Standards
 ```bash
-# Run Linter
+# Lint & Format
 npm run lint
+npm run format
 
-# Run Tests
+# Run Unit/Integration Tests
 npm test
-
-# Format Code
-npm run format
+npm run test:coverage
 ```
 
-## 📂 Project Structure
-
-The project follows **<%= architecture %>** principles.
 <% if (communication === 'Kafka') { -%>
 Microservices communication handled via **Kafka**.
 <% } else if (communication === 'GraphQL') { -%>
@@ -138,6 +145,13 @@ This project demonstrates a production-ready Kafka flow:
    [Kafka] Consumer: Received USER_CREATED. 
    [Kafka] Consumer: 📧 Sending welcome email to 'kafka@example.com'... Done!
    ```
+
+### 🛠️ Kafka Troubleshooting
+If the connection or events are failing:
+1. **Check Docker**: Ensure Kafka container is running (`docker ps`).
+2. **Verify Broker**: `KAFKA_BROKER` in `.env` must match your host/port (standard: 9093).
+3. **Advertised Listeners**: If using Windows/WSL, check `docker-compose.yml` advertisers are correct.
+4. **Logs**: Check `docker compose logs -f kafka` for start-up errors.
 <% } -%>
 
 <% if (caching === 'Redis') { -%>
@@ -205,7 +219,6 @@ docker build -t <%= projectName %> .
 docker run -p 3000:3000 <%= projectName %>
 ```
 <% } -%>
-
 ## 🚀 PM2 Deployment (VPS/EC2)
 This project is pre-configured for direct deployment to a VPS/EC2 instance using **PM2** (via `ecosystem.config.js`).
 1. Install dependencies
@@ -241,8 +254,13 @@ docker-compose down
 -   **CORS**: Configured for cross-origin requests.
 -   **Rate Limiting**: Protects against DDoS / Brute-force.
 -   **HPP**: Prevents HTTP Parameter Pollution attacks.
-
-
+<% if (includeSecurity) { %>
+### 🛡️ Enterprise Hardening (Big Tech Standard)
+-   **Snyk SCA**: Run `npm run snyk:test` for dependency scanning.
+-   **SonarCloud**: Automated SAST on every Push/PR.
+-   **Digital Guardians**: Recommended Gitleaks integration for secret protection.
+-   **Security Policy**: Standard `SECURITY.md` for vulnerability reporting.
+<% } %>
 ## 🤖 AI-Native Development
 
 This project is "AI-Ready" out of the box. We have pre-configured industry-leading AI context files to bridge the gap between "Generated Code" and "AI-Assisted Development."
@@ -250,4 +268,4 @@ This project is "AI-Ready" out of the box. We have pre-configured industry-leadi
 - **Magic Defaults**: We've automatically tailored your AI context to focus on **<%= projectName %>** and its specific architectural stack (<%= architecture %>, <%= database %>, etc.).
 - **Use Cursor?** We've configured **`.cursorrules`** at the root. It enforces project standards (80% coverage, MVC/Clean) directly within the editor. 
   - *Pro-tip*: You can customize the `Project Goal` placeholder in `.cursorrules` to help the AI understand your specific business logic!
-- **Use ChatGPT/Gemini/Claude?** Check the **`prompts/`** directory. It contains highly-specialized Agent Skill templates. You can copy-paste these into any LLM to give it a "Senior Developer" understanding of your codebase immediately.
+- **Use ChatGPT/Gemini/Claude?** Check the **`prompts/`** directory. It contains highly-specialized Agent Skill templates. You can copy-paste these into any LLM to give it a "Senior Developer" understanding of your codebase immediately.

package/templates/common/SECURITY.md

@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest `main` branch is supported for security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of this project seriously. If you believe you have found a security vulnerability, please report it following these steps:
+
+1. **Do not open a public issue.**
+2. Send an email to the project maintainers (see `package.json`).
+3. Provide a detailed description of the vulnerability, including steps to reproduce.
+
+We will acknowledge your report within 48 hours and work on a fix as soon as possible.

package/templates/common/_github/workflows/{ci.yml → ci.yml.ejs}

@@ -14,17 +14,13 @@ jobs:
 
     runs-on: ubuntu-latest
 
-    strategy:
-      matrix:
-        node-version: [20.x, 22.x]
-
     steps:
     - uses: actions/checkout@v4
     
-    - name: Use Node.js ${{ matrix.node-version }}
+    - name: Use Node.js 22.x
       uses: actions/setup-node@v4
       with:
-        node-version: ${{ matrix.node-version }}
+        node-version: 22.x
         cache: 'npm'
         
     - name: Install Dependencies
@@ -41,3 +37,10 @@ jobs:
       
     - name: Build
       run: npm run build --if-present
+<% if (includeSecurity) { %>
+    - name: SonarQube Scan
+      uses: SonarSource/sonarqube-scan-action@master
+      env:
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+<% } %>

package/templates/common/_github/workflows/security.yml.ejs

@@ -0,0 +1,36 @@
+name: Enterprise Security Scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 0 * * 1' # Weekly scan
+
+jobs:
+  node-security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high
+
+  container-security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker image
+        run: docker build -t <%= projectName %>:latest .
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: <%= projectName %>:latest
+          args: --file=Dockerfile --severity-threshold=high --skip-unused-projects

package/templates/common/_husky/pre-commit

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx lint-staged

package/templates/common/docker-compose.yml.ejs

@@ -99,7 +99,7 @@ services:
       - mongodb_data:/data/db
 
   mongo-migrate:
-    image: node:22-alpine
+    image: node:22-slim
     working_dir: /app
     volumes:
       - .:/app

package/templates/common/kafka/js/config/kafka.js

@@ -1,8 +1,9 @@
 const { Kafka } = require('kafkajs');
+const { env } = require('./env');
 
 const kafka = new Kafka({
     clientId: 'nodejs-service',
-    brokers: [process.env.KAFKA_BROKER || 'localhost:9092']
+    brokers: [env.KAFKA_BROKER]
 });
 
 module.exports = { kafka };

package/templates/common/kafka/js/config/kafka.spec.js.ejs

@@ -9,6 +9,12 @@ jest.mock('kafkajs', () => {
     };
 });
 
+jest.mock('<% if (architecture === "MVC") { %>@/config/env<% } else { %>@/infrastructure/config/env<% } %>', () => ({
+    env: {
+        KAFKA_BROKER: 'localhost:9092'
+    }
+}));
+
 describe('Kafka Configuration', () => {
     beforeEach(() => {
         jest.clearAllMocks();

package/templates/common/kafka/ts/config/kafka.spec.ts.ejs

@@ -9,6 +9,12 @@ jest.mock('kafkajs', () => {
     };
 });
 
+jest.mock('@/config/env', () => ({
+    env: {
+        KAFKA_BROKER: 'localhost:9092'
+    }
+}));
+
 describe('Kafka Configuration', () => {
     beforeEach(() => {
         jest.clearAllMocks();

package/templates/common/kafka/ts/config/kafka.ts

@@ -1,6 +1,7 @@
 import { Kafka } from 'kafkajs';
+import { env } from '@/config/env';
 
 export const kafka = new Kafka({
     clientId: 'nodejs-service',
-    brokers: [process.env.KAFKA_BROKER || 'localhost:9092']
+    brokers: [env.KAFKA_BROKER]
 });