Stop reinventing the wheel. Meet Core-X: A Secure Node.js & Supabase Boilerplate

Source: Dev.to

Introduction

Hi everyone,

I’m excited to share a project I’ve been working on: Core‑X.

As backend developers, we often spend the first few days of any project setting up the same repetitive structure: security headers, auth middleware, logging, and input validation. Core‑X is designed to solve this pain point.

It is a production‑ready Node.js + Express + Supabase boilerplate that comes pre‑configured with industry‑standard security practices, allowing you to focus immediately on building your APIs and database schemas.

Key Features

• Stateless CSRF Protection – Implements the Double Submit Cookie pattern (no legacy/deprecated libraries).
• Supabase Integration – Optimized middleware for auth & token management.
• Built‑in WAF Lite – Auto‑detects and blocks malicious payloads (SQLi, XSS) via a custom security validator.
• Advanced Logging – Centralized logging system using Winston with daily rotation.
• Type‑Safe Validation – Full Zod integration for request validation.
• Status – The project is currently under active development.

I would love to get your feedback on the architecture and security implementation. Contributions and code reviews are highly welcome!

Repository

🔗 https://github.com/Ymzerotwo/Core-X

If you find it useful, please consider giving it a Star ⭐️ on GitHub!

Screenshots