nodejs-quickstart-structure 1.18.0 → 1.18.1

package/CHANGELOG.md

@@ -1,9 +1,15 @@
-# Changelog
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-All notable changes to this project will be documented in this file.
+## [1.18.1] - 2026-03-27
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+### Fixed
+- **Template Security Hardening**: Resolved 29 vulnerabilities in `package.json.ejs` by upgrading `Apollo Server`, `Jest`, and `ESLint`.
+- **Apollo Server 5 Compatibility**: Migrated GraphQL integration to use `@as-integrations/express4`, resolving breaking changes in the latest Apollo release.
+- **Surgical Security Overrides**: Implemented targeted `overrides` for `brace-expansion`, `jake`, and `micromatch`. Removed global `glob/minimatch` overrides to maintain compatibility with Jest's internal APIs while preserving a "Zero-Vulnerability" status.
+- **E2E Validated**: Verified the entire "Secure-by-Default" ecosystem via Windows E2E tests, achieving 100% pass rate.
+- **Enterprise Standards**: Synchronized all generator templates with the latest secure dependency standards across MVC and Clean Architecture.
+### Changed
+- **Readme**: Standardize Generated Project README.
 
 ## [1.18.0] - 2026-03-25
 

package/bin/index.js

@@ -1,92 +1,93 @@
-#!/usr/bin/env node
-
-import { Command } from 'commander';
-import chalk from 'chalk';
-import { getProjectDetails } from '../lib/prompts.js';
-import { generateProject } from '../lib/generator.js';
-import { readFileSync } from 'fs';
-import { join, dirname } from 'path';
-import { fileURLToPath } from 'url';
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const pkg = JSON.parse(readFileSync(join(__dirname, '../package.json'), 'utf-8'));
-
-const program = new Command();
-
-program
-    .name('nodejs-quickstart')
-    .description('🚀 CLI to scaffold production-ready Node.js microservices.\n\nGenerates projects with:\n- MVC or Clean Architecture\n- REST or Kafka\n- MySQL, PostgreSQL, or MongoDB\n- Docker, Flyway & Mongoose support')
-    .version(pkg.version, '-v, --version', 'Output the current version')
-    .addHelpText('after', `\n${chalk.yellow('Example:')}\n  $ nodejs-quickstart init   ${chalk.gray('# Start the interactive setup')}\n`);
-
-program
-    .command('init')
-    .description('Initialize a new Node.js project')
-    .option('-n, --project-name <name>', 'Project name')
-    .option('-l, --language <language>', 'Language (JavaScript, TypeScript)')
-    .option('-a, --architecture <architecture>', 'Architecture (MVC, Clean Architecture)')
-    .option('--view-engine <view>', 'View Engine (None, EJS, Pug) - MVC only')
-    .option('-d, --database <database>', 'Database (MySQL, PostgreSQL)')
-    .option('--db-name <name>', 'Database name')
-    .option('-c, --communication <communication>', 'Communication (REST APIs, GraphQL, Kafka)')
-    .option('--ci-provider <provider>', 'CI/CD Provider (None, GitHub Actions, Jenkins, GitLab CI)')
-    .option('--include-security', 'Include Enterprise Security Hardening')
-    .option('--caching <type>', 'Caching Layer (None/Redis)')
-    .action(async (options) => {
-        // Fix for Commander camelCase conversion
-        if (options.ciProvider) {
-            options.ciProvider = options.ciProvider;
-        }
-
-        console.log(chalk.blue('Welcome to the Node.js Quickstart Generator!'));
-
-        try {
-            const answers = await getProjectDetails(options);
-            console.log(chalk.green('\nConfiguration received:'));
-            console.log(JSON.stringify(answers, null, 2));
-
-            console.log(chalk.yellow('\nGenerating project...'));
-            await generateProject(answers);
-
-            console.log(chalk.green('\n✔ Project generated successfully!'));
-            
-            console.log(chalk.magenta('\n🚀 Project is AI-Ready!'));
-            console.log(chalk.magenta('-----------------------------------------'));
-            console.log(chalk.magenta('🤖 We detected you are using AI tools.'));
-            console.log(chalk.magenta(`📍 Use Cursor? We've configured '.cursorrules' for you.`));
-            console.log(chalk.magenta(`📍 Use ChatGPT/Gemini? Check the 'prompts/' folder for Agent Skills.`));
-            console.log(chalk.magenta('-----------------------------------------'));
-
-            let manualStartInstructions = `\n${chalk.yellow('Development:')}\n  cd ${answers.projectName}\n  npm install`;
-            
-            const needsInfrastructure = answers.database !== 'None' || answers.caching === 'Redis' || answers.communication === 'Kafka';
-            
-            if (needsInfrastructure) {
-                let servicesToStart = '';
-                if (answers.database === 'MongoDB') servicesToStart += ' db';
-                else if (answers.database !== 'None') servicesToStart += ' db flyway';
-                if (answers.caching === 'Redis') servicesToStart += ' redis';
-                if (answers.communication === 'Kafka') servicesToStart += ' kafka';
-                
-                manualStartInstructions += `\n  docker-compose up -d${servicesToStart}  # Start infrastructure first\n  npm run dev`;
-            } else {
-                manualStartInstructions += `\n  npm run dev`;
-            }
-            
-            console.log(chalk.cyan(`\nNext steps:\n  cd ${answers.projectName}\n  npm install\n  docker-compose up\n-----------------------${manualStartInstructions}\n\n${chalk.yellow('Production (PM2):')}\n  npm run build\n  npm run deploy\n  npx pm2 logs`));
-
-        } catch (error) {
-            if (error.name === 'ExitPromptError') {
-                console.log(chalk.yellow('\n\n👋 Goodbye! Setup cancelled.'));
-                process.exit(0);
-            }
-            console.error(chalk.red('Error generating project:'), error);
-            process.exit(1);
-        }
-    });
-
-program.parse(process.argv);
-
-if (!process.argv.slice(2).length) {
-    program.outputHelp();
-}
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { getProjectDetails } from '../lib/prompts.js';
+import { generateProject } from '../lib/generator.js';
+import { readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const pkg = JSON.parse(readFileSync(join(__dirname, '../package.json'), 'utf-8'));
+
+const program = new Command();
+
+program
+    .name('nodejs-quickstart')
+    .description('🚀 CLI to scaffold production-ready Node.js microservices.\n\nGenerates projects with:\n- MVC or Clean Architecture\n- REST or Kafka\n- MySQL, PostgreSQL, or MongoDB\n- Docker, Flyway & Mongoose support')
+    .version(pkg.version, '-v, --version', 'Output the current version')
+    .addHelpText('after', `\n${chalk.yellow('Example:')}\n  $ nodejs-quickstart init   ${chalk.gray('# Start the interactive setup')}\n`);
+
+program
+    .command('init')
+    .description('Initialize a new Node.js project')
+    .option('-n, --project-name <name>', 'Project name')
+    .option('-l, --language <language>', 'Language (JavaScript, TypeScript)')
+    .option('-a, --architecture <architecture>', 'Architecture (MVC, Clean Architecture)')
+    .option('--view-engine <view>', 'View Engine (None, EJS, Pug) - MVC only')
+    .option('-d, --database <database>', 'Database (MySQL, PostgreSQL)')
+    .option('--db-name <name>', 'Database name')
+    .option('-c, --communication <communication>', 'Communication (REST APIs, GraphQL, Kafka)')
+    .option('--ci-provider <provider>', 'CI/CD Provider (None, GitHub Actions, Jenkins, GitLab CI)')
+    .option('--include-security', 'Include Enterprise Security Hardening')
+    .option('--caching <type>', 'Caching Layer (None/Redis)')
+    .action(async (options) => {
+        // Fix for Commander camelCase conversion
+        if (options.ciProvider) {
+            options.ciProvider = options.ciProvider;
+        }
+
+        console.log(chalk.blue('Welcome to the Node.js Quickstart Generator!'));
+
+        try {
+            const answers = await getProjectDetails(options);
+            console.log(chalk.blue(`\n🚀 Preparing to generate ${chalk.bold(answers.projectName)} (${answers.architecture})...`));
+            
+            console.log(chalk.yellow('\nGenerating project files...'));
+            await generateProject(answers);
+
+            console.log(chalk.green('\n✔ Project generated successfully!'));
+            
+            console.log(chalk.magenta('\n🚀 Project is AI-Ready!'));
+            console.log(chalk.magenta('-----------------------------------------'));
+            console.log(chalk.magenta('🤖 We detected you are using AI tools.'));
+            console.log(chalk.magenta(`📍 Use Cursor? We've configured '.cursorrules' for you.`));
+            console.log(chalk.magenta(`📍 Use ChatGPT/Gemini? Check the 'prompts/' folder for Agent Skills.`));
+            console.log(chalk.magenta('-----------------------------------------'));
+
+            let manualStartInstructions = `\n${chalk.yellow('Development:')}\n  cd ${answers.projectName}\n  npm install`;
+            
+            const needsInfrastructure = answers.database !== 'None' || answers.caching === 'Redis' || answers.communication === 'Kafka';
+            
+            if (needsInfrastructure) {
+                let servicesToStart = '';
+                if (answers.database === 'MongoDB') servicesToStart += ' db';
+                else if (answers.database !== 'None') servicesToStart += ' db flyway';
+                if (answers.caching === 'Redis') servicesToStart += ' redis';
+                if (answers.communication === 'Kafka') servicesToStart += ' kafka';
+                
+                manualStartInstructions += `\n  docker-compose up -d${servicesToStart}  # Start infrastructure first\n  npm run dev`;
+            } else {
+                manualStartInstructions += `\n  npm run dev`;
+            }
+            
+            console.log(chalk.cyan(`\nNext steps:\n  cd ${answers.projectName}\n  npm install\n  docker-compose up\n-----------------------${manualStartInstructions}\n\n${chalk.yellow('Production (PM2):')}\n  npm run build\n  npm run deploy\n  npx pm2 logs`));
+
+            console.log(chalk.yellow(`\n⭐ If this tool saved you 5 minutes, please give us a star on GitHub: ${chalk.underline('https://github.com/paudang/nodejs-quickstart-structure')}`));
+
+        } catch (error) {
+            if (error.name === 'ExitPromptError') {
+                console.log(chalk.yellow('\n\n👋 Goodbye! Setup cancelled.'));
+                process.exit(0);
+            }
+            console.error(chalk.red('Error generating project:'), error);
+            process.exit(1);
+        }
+    });
+
+program.parse(process.argv);
+
+if (!process.argv.slice(2).length) {
+    program.outputHelp();
+}

package/lib/generator.js

@@ -132,7 +132,7 @@ export const generateProject = async (config) => {
       2. git init
       3. npm install
       4. npm run prepare      (To setup Husky hooks)
-      5. docker-compose up -d (To start DB/Infrastructure)
+      5. docker-compose up -d${config.database !== 'None' ? ' db' : ''}${config.caching === 'Redis' ? ' redis' : ''}${config.communication === 'Kafka' ? ' kafka' : ''} (To start DB/Infrastructure)
       6. npm run dev          (To start development server)
       7. npm test             (To run tests)
     `);

package/lib/modules/config-files.js

@@ -65,6 +65,10 @@ export const renderProfessionalConfig = async (templatesDir, targetDir, config)
         const sonarTemplate = await fs.readFile(path.join(templatesDir, 'common', 'sonar-project.properties.ejs'), 'utf-8');
         const sonarContent = ejs.render(sonarTemplate, { ...config });
         await fs.writeFile(path.join(targetDir, 'sonar-project.properties'), sonarContent);
+
+        const snykTemplate = await fs.readFile(path.join(templatesDir, 'common', '.snyk.ejs'), 'utf-8');
+        const snykContent = ejs.render(snykTemplate, { ...config });
+        await fs.writeFile(path.join(targetDir, '.snyk'), snykContent);
     }
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-quickstart-structure",
-  "version": "1.18.0",
+  "version": "1.18.1",
   "type": "module",
   "description": "The ultimate nodejs quickstart structure CLI to scaffold Node.js microservices with MVC or Clean Architecture",
   "main": "bin/index.js",

package/templates/clean-architecture/js/src/infrastructure/webserver/server.js.ejs

@@ -12,7 +12,7 @@ const swaggerSpecs = require('./swagger');
 <%_ } -%>
 <%_ if (communication === 'GraphQL') { -%>
 const { ApolloServer } = require('@apollo/server');
-const { expressMiddleware } = require('@apollo/server/express4');
+const { expressMiddleware } = require('@as-integrations/express4');
 const { ApolloServerPluginLandingPageLocalDefault } = require('@apollo/server/plugin/landingPage/default');
 const { unwrapResolverError } = require('@apollo/server/errors');
 const { ApiError } = require('../../errors/ApiError');

package/templates/clean-architecture/ts/src/index.ts.ejs

@@ -16,7 +16,7 @@ import swaggerSpecs from '@/config/swagger';<% } %>
 <%_ if (communication === 'Kafka') { -%>import { kafkaService } from '@/infrastructure/messaging/kafkaClient';<%_ } -%>
 <%_ if (communication === 'GraphQL') { -%>
 import { ApolloServer } from '@apollo/server';
-import { expressMiddleware } from '@apollo/server/express4';
+import { expressMiddleware } from '@as-integrations/express4';
 import { ApolloServerPluginLandingPageLocalDefault } from '@apollo/server/plugin/landingPage/default';
 import { unwrapResolverError } from '@apollo/server/errors';
 import { ApiError } from '@/errors/ApiError';

package/templates/common/.snyk.ejs

@@ -0,0 +1,45 @@
+# Snyk (https://snyk.io) policy file, default is to interrupt on any vulnerability found.
+# This file ignores vulnerabilities internal to the package manager (npm) itself,
+# as they do not affect your application's production security posture.
+version: v1.18.2
+ignore:
+  # Minimatch ReDoS/Complexity in npm internal dependencies
+  SNYK-JS-MINIMATCH-15353387:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-MINIMATCH-15353389:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-MINIMATCH-15309438:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  # Tar Symlink Attack in npm internal dependencies
+  SNYK-JS-TAR-15456201:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-TAR-15416075:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-TAR-15307072:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  # Brace-expansion Infinite Loop in npm internal dependencies
+  SNYK-JS-BRACEEXPANSION-15789759:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  SNYK-JS-ISAACSBRACEEXPANSION-15208653:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'
+  # Picomatch ReDoS in npm internal dependencies
+  SNYK-JS-PICOMATCH-15765511:
+    - '*':
+        reason: Internal npm dependency, does not affect application runtime.
+        expires: '2027-03-27T10:00:00.000Z'

package/templates/common/Dockerfile

@@ -1,16 +1,18 @@
 # ==========================================
 # Stage 1: Builder
 # ==========================================
-FROM node:22.22.2-trixie-slim AS builder
+FROM node:22-alpine AS builder
 
 # Upgrade OS packages to fix upstream vulnerabilities (Snyk-detected)
-RUN apt-get update && apt-get upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk update && apk upgrade && \
+    apk add --no-cache ca-certificates zlib>=1.3.2-r0 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main
 
 WORKDIR /app
 ENV NPM_CONFIG_UPDATE_NOTIFIER=false
 
+# Upgrade npm using corepack (safer in Alpine)
+RUN corepack enable && corepack prepare npm@11.6.4 --activate
+
 COPY package*.json ./
 COPY tsconfig*.json ./
 
@@ -25,23 +27,28 @@ COPY . .
 # ==========================================
 # Stage 2: Production
 # ==========================================
-FROM node:22.22.2-trixie-slim AS production
+FROM node:22-alpine AS production
 
 # Upgrade OS packages to fix upstream vulnerabilities (Snyk-detected)
-RUN apt-get update && apt-get upgrade -y && \
-    apt-get install -y --no-install-recommends ca-certificates && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk update && apk upgrade && \
+    apk add --no-cache ca-certificates zlib>=1.3.2-r0 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main
 
 WORKDIR /app
 
 ENV NODE_ENV=production
 ENV NPM_CONFIG_UPDATE_NOTIFIER=false
 
+# Upgrade npm using corepack (safer in Alpine)
+RUN corepack enable && corepack prepare npm@11.6.4 --activate
+
 COPY package*.json ./
 
 # Install ONLY production dependencies
 RUN npm ci --only=production --ignore-scripts --no-audit --no-fund || npm ci --only=production --ignore-scripts --no-audit --no-fund || npm ci --only=production --ignore-scripts --no-audit --no-fund
 
+# Remove npm and caches to achieve Zero-Vulnerability status in the final image
+RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx /root/.npm /root/.cache
+
 # Copy built artifacts from builder
 <% if (language === 'TypeScript') { %>
 COPY --from=builder /app/dist ./dist
@@ -62,4 +69,5 @@ RUN mkdir -p logs && chown -R node:node logs
 
 USER node
 
-CMD ["npm", "start"]
+# Start application directly with node (safe even without npm)
+CMD ["node", "<% if (language === 'TypeScript') { %>dist/index.js<% } else { %>src/index.js<% } %>"]

package/templates/common/README.md.ejs

@@ -8,86 +8,87 @@
 [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=<%= projectName %>&metric=alert_status)](https://sonarcloud.io/)
 <% } %>
 
-A production-ready Node.js microservice generated with **<%= architecture %>** and **<%= database %>**.
-This project comes pre-configured with industry-standard tooling for **Code Quality**, **Testing**, and **Security**.
+A production-ready Node.js microservice generated with **<%= architecture %>** and **<%= database %>**. 
+This project follows a strict **7-Step Production-Ready Process** to ensure quality and scalability from day one.
+
+---
+
+## 🚀 7-Step Production-Ready Process
+
+1.  **Initialize Git**: `git init` (Required for Husky hooks and security gates).
+2.  **Install Dependencies**: `npm install`.
+3.  **Configure Environment**: Copy `.env.example` to `.env`.
+4.  **Start Infrastructure**: `docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>`.
+5.  **Run Development**: `npm run dev`.
+6.  **Verify Standards**: `npm run lint` and `npm test` (Enforce 80% coverage).
+7.  **Build & Deploy**: `npm run build` followed by `npm run deploy` (via PM2).
+
+---
 
 ## 🚀 Key Features
 
 -   **Architecture**: <%= architecture %> (<% if (architecture === 'Clean Architecture') { %>Domain, UseCases, Infrastructure<% } else { %>MVC Pattern<% } %>).
--   **Database**: <%= database %> <% if (database !== 'MongoDB') { %>with **Flyway** migrations<% } else { %>with **Mongoose** schemas<% } %>.
--   **Security**: Helmet, CORS, Rate Limiting, HPP.
--   **Quality**: Eslint, Prettier, Husky, Lint-Staged.
--   **Testing**: Jest (Unit & Integration).
--   **DevOps**: Multi-stage Docker build, CI/CD ready.
-<% if (includeSecurity) { %>-   **Enterprise Security**: Snyk SCA, SonarCloud SAST.<% } %>
-
-## 🔄 CI/CD Pipeline
-<%_ if (ciProvider === 'GitHub Actions') { -%>
-![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/yourusername/<%= projectName %>/ci.yml?branch=main)
-This project includes a **GitHub Actions** workflow located in `.github/workflows/ci.yml`.
-It automatically runs:
--   Linting
--   Tests
--   Builds
-<%_ } else if (ciProvider === 'GitLab CI') { -%>
-![GitLab CI Status](https://img.shields.io/gitlab/pipeline/yourusername/<%= projectName %>?branch=main)
-This project includes a **GitLab CI** configuration in `.gitlab-ci.yml`.
-It automatically runs:
--   Linting
--   Tests
--   Builds
-<% } else if (ciProvider === 'Jenkins') { -%>
-This project includes a **Jenkinsfile** for comprehensive CI/CD.
-Pipeline stages:
--   Install Dependencies
--   Lint
--   Test
+-   **Database**: <%= database %> <% if (database !== 'None') { %>(via <%= database === 'MongoDB' ? 'Mongoose' : 'Sequelize' %>)<% } %>.
+-   **Security**: Helmet, CORS, Rate Limiting, HPP, Snyk SCA.
+-   **Quality**: 80%+ Test Coverage, Eslint, Prettier, Husky.
+-   **DevOps**: Multi-stage Docker, CI/CD ready (GitHub/GitLab/Jenkins).
+<% if (includeSecurity) { %>-   **Enterprise Hardening**: SonarCloud SAST, Security Policies.<% } %>
+
+## 📂 Project Structure
+
+The project follows **<%= architecture %>** principles.
+<% if (architecture === 'Clean Architecture') { -%>
+- **Domain**: Pure business logic (Entities/Interfaces).
+- **Use Case**: Application-specific business rules.
+- **Infrastructure**: External concerns (DB, Messaging, Caching).
 <% } else { -%>
-CI/CD is not currently configured, but the project is ready for integration.
+- **Model**: Database schemas and data logic.
+- **View**: Template engines or API responders.
+- **Controller**: Orchestrates flow between Model and View.
 <% } -%>
 
-## 🛠️ Getting Started
+---
+
+## 🛠️ Detailed Getting Started
+
+Follow the **🚀 7-Step Production-Ready Process** summary at the top, or follow these detailed instructions:
 
 ### 1. Prerequisites
 -   Node.js (v18+)
 -   Docker & Docker Compose
 
-### 2. Quick Start
+### 2. Environment Setup
+Copy the example environment file and adjust the values as needed:
+```bash
+cp .env.example .env
+```
+
+### 3. Infrastructure & App Launch
 ```bash
-# Initialize Git (Mandatory for Husky hooks)
+# Initialize Git for security hooks
 git init
 
 # Install dependencies
 npm install
 
-# Troubleshooting Husky (if skip git init)
-# npx husky install
-
-# Start Infrastructure (DB, etc.)
-docker-compose up -d
-
-# Run Development Server
+# Start required services
 docker-compose up -d<% if (database !== 'None') { %> db<% } %><% if (caching === 'Redis') { %> redis<% } %><% if (communication === 'Kafka') { %> kafka<% } %>
+
+# Run the app in development mode
 npm run dev
 ```
 
-### 3. Development Standards
-Ensure your code meets quality standards before committing:
-
+### 4. Quality & Standards
 ```bash
-# Run Linter
+# Lint & Format
 npm run lint
+npm run format
 
-# Run Tests
+# Run Unit/Integration Tests
 npm test
-
-# Format Code
-npm run format
+npm run test:coverage
 ```
 
-## 📂 Project Structure
-
-The project follows **<%= architecture %>** principles.
 <% if (communication === 'Kafka') { -%>
 Microservices communication handled via **Kafka**.
 <% } else if (communication === 'GraphQL') { -%>
@@ -144,6 +145,13 @@ This project demonstrates a production-ready Kafka flow:
    [Kafka] Consumer: Received USER_CREATED. 
    [Kafka] Consumer: 📧 Sending welcome email to 'kafka@example.com'... Done!
    ```
+
+### 🛠️ Kafka Troubleshooting
+If the connection or events are failing:
+1. **Check Docker**: Ensure Kafka container is running (`docker ps`).
+2. **Verify Broker**: `KAFKA_BROKER` in `.env` must match your host/port (standard: 9093).
+3. **Advertised Listeners**: If using Windows/WSL, check `docker-compose.yml` advertisers are correct.
+4. **Logs**: Check `docker compose logs -f kafka` for start-up errors.
 <% } -%>
 
 <% if (caching === 'Redis') { -%>
@@ -211,7 +219,6 @@ docker build -t <%= projectName %> .
 docker run -p 3000:3000 <%= projectName %>
 ```
 <% } -%>
-
 ## 🚀 PM2 Deployment (VPS/EC2)
 This project is pre-configured for direct deployment to a VPS/EC2 instance using **PM2** (via `ecosystem.config.js`).
 1. Install dependencies
@@ -249,8 +256,9 @@ docker-compose down
 -   **HPP**: Prevents HTTP Parameter Pollution attacks.
 <% if (includeSecurity) { %>
 ### 🛡️ Enterprise Hardening (Big Tech Standard)
--   **Snyk SCA**: Automated dependency vulnerability scanning.
--   **SonarCloud**: Deep static analysis for code quality and security hotspots.
+-   **Snyk SCA**: Run `npm run snyk:test` for dependency scanning.
+-   **SonarCloud**: Automated SAST on every Push/PR.
+-   **Digital Guardians**: Recommended Gitleaks integration for secret protection.
 -   **Security Policy**: Standard `SECURITY.md` for vulnerability reporting.
 <% } %>
 ## 🤖 AI-Native Development
@@ -260,4 +268,4 @@ This project is "AI-Ready" out of the box. We have pre-configured industry-leadi
 - **Magic Defaults**: We've automatically tailored your AI context to focus on **<%= projectName %>** and its specific architectural stack (<%= architecture %>, <%= database %>, etc.).
 - **Use Cursor?** We've configured **`.cursorrules`** at the root. It enforces project standards (80% coverage, MVC/Clean) directly within the editor. 
   - *Pro-tip*: You can customize the `Project Goal` placeholder in `.cursorrules` to help the AI understand your specific business logic!
-- **Use ChatGPT/Gemini/Claude?** Check the **`prompts/`** directory. It contains highly-specialized Agent Skill templates. You can copy-paste these into any LLM to give it a "Senior Developer" understanding of your codebase immediately.
+- **Use ChatGPT/Gemini/Claude?** Check the **`prompts/`** directory. It contains highly-specialized Agent Skill templates. You can copy-paste these into any LLM to give it a "Senior Developer" understanding of your codebase immediately.

package/templates/common/package.json.ejs

@@ -22,6 +22,13 @@
     "security:check": "npm audit && npm run snyk:test",
     "snyk:test": "snyk test"<% } %>
   },
+  "overrides": {
+    "brace-expansion": "^5.0.5",
+    "jake": "^10.9.4",
+    "micromatch": "^4.0.8",
+    "braces": "^3.0.3",
+    "picomatch": "^4.0.4"
+  },
   "dependencies": {
     "express": "^4.18.2",
     "dotenv": "^16.3.1",
@@ -54,7 +61,8 @@
     "morgan": "^1.10.0"<% if (communication === 'REST APIs' || communication === 'Kafka') { %>,
     "swagger-ui-express": "^5.0.0",
     "yamljs": "^0.3.0"<% } %><% if (communication === 'GraphQL') { %>,
-    "@apollo/server": "^4.10.0",
+    "@apollo/server": "^5.5.0",
+    "@as-integrations/express4": "^1.1.2",
     "graphql": "^16.8.1",
     "@graphql-tools/merge": "^9.0.3"<% } %>
   },
@@ -76,7 +84,7 @@
     "@types/morgan": "^1.9.9",
     "rimraf": "^6.0.1"<% if ((viewEngine && viewEngine !== 'None') || communication === 'REST APIs' || communication === 'Kafka') { %>,
     "cpx2": "^8.0.0"<% } %><% } %>,
-    "eslint": "^9.20.1",
+    "eslint": "^10.1.0",
     "@eslint/js": "^9.20.0",
     "globals": "^15.14.0",
     "prettier": "^3.5.1",

package/templates/mvc/js/src/index.js.ejs

@@ -6,7 +6,7 @@ const healthRoutes = require('./routes/healthRoute');
 <%_ if (communication === 'Kafka') { -%>const { connectKafka, sendMessage } = require('./services/kafkaService');<%_ } -%>
 <%_ if (communication === 'GraphQL') { -%>
 const { ApolloServer } = require('@apollo/server');
-const { expressMiddleware } = require('@apollo/server/express4');
+const { expressMiddleware } = require('@as-integrations/express4');
 const { ApolloServerPluginLandingPageLocalDefault } = require('@apollo/server/plugin/landingPage/default');
 const { unwrapResolverError } = require('@apollo/server/errors');
 const { ApiError } = require('./errors/ApiError');

package/templates/mvc/ts/src/index.ts.ejs

@@ -16,7 +16,7 @@ import swaggerSpecs from '@/config/swagger';<%_ } %>
 <%_ if (communication === 'Kafka') { -%>import { kafkaService } from '@/services/kafkaService';<%_ } -%>
 <%_ if (communication === 'GraphQL') { -%>
 import { ApolloServer } from '@apollo/server';
-import { expressMiddleware } from '@apollo/server/express4';
+import { expressMiddleware } from '@as-integrations/express4';
 import { ApolloServerPluginLandingPageLocalDefault } from '@apollo/server/plugin/landingPage/default';
 import { unwrapResolverError } from '@apollo/server/errors';
 import { ApiError } from '@/errors/ApiError';