A tool for backend developers and teams who ship software with complex business logic under tight deadlines
Installation • Documentation • Website • Tutorial • GitHub • Blog • Npm
pnpm create arkos@latest my-projectYour new project already has JWT auth, customizable CRUD routes, Swagger docs at /api/docs, file uploads, validation, and a full security middleware stack. Understand the generated Project Structure.
// src/app.ts
import arkos from "arkos";
import postRouter from "@/src/modules/post/post.router"; // custom router
const app = arkos();
app.use(postRouter);
app.listen();Arkos replaces the Express app — but it is Express under the hood. You can still use app.use(), custom middleware, and raw Express code wherever you need it.
// src/modules/post/post.router.ts
import { ArkosRouter } from "arkos";
import CreatePostSchema from "@/src/modules/post/schemas/create-post.schema";
import postService from "@/src/modules/post/post.service";
import postPolicy from "@/src/modules/post/post.policy"; // Authorization component
const postRouter = ArkosRouter({ prefix: "/api/posts" });
postRouter.post(
{
path: "/", // auto registered into openapi
authentication: postPolicy.Create, // Authentication and authorization with RBAC
validation: { body: CreatePostSchema }, // auto documented into openapi requestBody
},
async (req, res) => {
const post = await postService.createOne(req.body); // no error handling need, arkos already handles it
res.json({ data: post });
}
);
export default postRouter;See more about the enhaced express-based router (ArkosRouter) at ArkosRouter Guide.
// src/modules/post/post.policy.ts
import { ArkosPolicy } from "arkos";
const postPolicy: ArkosPolicy<"post"> = ArkosPolicy("post");
postPolicy.rule("Create", ["Writer", "Admin"]);
postPolicy.rule("View", ["Writer", "Admin", "User"]);
export default postPolicy;Define who can do what, once, per resource. Arkos enforces it across every route that references the policy — no scattered middleware, no repeated role checks.
Define The Prisma model:
model Post {
id String @id @default(uuid())
title String
content String
authorId String
author User @relation(fields: [authorId], references: [id])
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}Get a full REST API — instantly:
POST /api/posts Create a post
GET /api/posts List all posts
GET /api/posts/:id Get a post
PATCH /api/posts/:id Update a post
DELETE /api/posts/:id Delete a post
Authenticated, validated, and documented. Zero boilerplate.
Customize just like normal router:
// src/modules/post/post.router.ts
import { ArkosRouter, RouteHook } from "arkos";
import postPolicy from "@/src/modules/post/post.policy";
import UpdatePostSchema from "@/src/modules/post/post.schema";
export const hook: RouteHook<"prisma"> = {
findMany: { authentication: false }, // Making GET /api/posts public
createOne: { authentication: postPolicy.Create },
updateOne: {
authentication: postPolicy.Update,
validation: { body: UpdatePostSchema },
},
deleteOne: { authentication: postPolicy.Delete },
};
const postRouter = ArkosRouter({ prefix: "/api/posts" });
export default postRouter;Your auto-generated CRUD routes accept the same config as any ArkosRouter route — authentication, validation, rate limiting, all in one place.
Add business logic exactly where you need it:
// src/modules/post/post.interceptor.ts
import { ArkosRequest, ArkosResponse, ArkosNextFunction } from "arkos";
import { BadRequestError } from "arkos/error-handler";
export const beforeCreateOne = [
async (req: ArkosRequest, res: ArkosResponse, next: ArkosNextFunction) => {
if (req.body.title.length < 5)
throw new BadRequestError("Title is too short", "TitleTooShort");
req.body.slug = req.body.title.toLowerCase().replace(/\s/g, "-");
req.body.authorId = req.user.id;
next();
},
];Name the file, export the hook, and Arkos picks it up automatically. No registration needed.
| What you'd normally write | What Arkos gives you |
|---|---|
| JWT setup, refresh tokens, bcrypt | ✅ Built-in auth system |
| 5 route handlers per Prisma model | ✅ Auto-generated CRUD |
| Zod/CV schemas per endpoint | ✅ Auto generate from your models |
| Swagger config + schema upkeep | ✅ Auto-generated OpenAPI docs |
| Multer setup + file type validation | ✅ File upload system |
| Rate limiting, CORS, Helmet, compression | ✅ Pre-configured security stack |
| Total setup time | ~5 minutes vs ~8–12 hours |
For comprehensive guides, API reference, and examples, visit our official documentation.
Quick Links:
You can get the latest features we're testing before releasing them:
pnpm create arkos@next my-projectArkos.js is built on top of industry-leading tools:
- Express - Fast, unopinionated, minimalist web framework for Node.js
- Prisma - Next-generation ORM for Node.js and TypeScript
- Node.js - JavaScript runtime built on Chrome's V8 engine
- Documentation: arkosjs.com/docs
- Bug Reports: GitHub Issues
- Feature Requests: Open a GitHub issue
- Contact: uanelaluiswayne@gmail.com
Contributions are welcome! We appreciate all contributions, from bug fixes to new features.
"Arkos.js changed how I work on the backend: with a Prisma model I already get CRUD routes, auth, and validation out-of-the-box — I saved a lot of time and could focus on business logic."
— Gelson Matavela, Founder / Grupo Vergui
"It removes boilerplate and provides a clean structure to build products. Built-in auth is powerful and ready. Automatic CRUD and docs save time, while interceptors allow flexible business logic."
— Augusto Domingos, Tech Lead / DSAI For Moz
"With Arkos.js, I can build backends in just a few minutes. It removes the boilerplate and lets me focus entirely on the core logic. Fast, simple, and incredibly productive."
— Niuro Langa, Software Developer / SparkTech
Arkos sits between minimal frameworks like Express/Fastify and opinionated ones like NestJS/AdonisJS. It doesn't ask you to learn a new paradigm — it enhances the one most Node.js developers already use, by automating everything that's standardized and staying out of the way everywhere else.
Inspired by how Django and Laravel work in their ecosystems: batteries included, nothing forced on you.
The name "Arkos" comes from the Greek word ἀρχή (Arkhē), meaning "beginning" or "foundation".
This project is licensed under the MIT License - see the LICENSE file for details.
Installation • Documentation • Website • Tutorial • GitHub • Blog • Npm
Built with ❤️ by Uanela Como and contributors
The name "Arkos" comes from the Greek word "ἀρχή" (Arkhē), meaning "beginning" or "foundation", reflecting our goal of providing a solid foundation for backend development.