u/Due_Length_2169 — reddlx

▲ 27 r/node

I was looking for something like FastAPI's automatic /docs for Express — zero setup, zero annotations, just run your server and your entire API is documented. Nothing existed same as what I wanted.

So I built nodox-cli, an Express middleware that automatically documents every route in your app the moment your server starts. No annotations, no YAML, no JSDoc, no changes to your existing handlers.

Just this:

npm install nodox-cli

In code : app.use(nodox(app))

Then visit /__nodox — every route you've already written is there with schemas detected.

Yes, with schemas detected automatically from zod, joi, yup and express validator

Works on existing Express apps with zero changes. Tested with Express 4 and 5, JavaScript and TypeScript, ESM and CommonJS.

Would love feedback — especially from anyone who's dealt with the swagger-jsdoc annotation hell on a large codebase.

npm: https://www.npmjs.com/package/nodox-cli

GitHub: https://github.com/dhruv-bhalodia/nodox-cli

Full writeup (Medium): https://medium.com/@dhruvbhalodia0204/how-to-add-api-documentation-to-an-express-app-without-writing-a-single-annotation-1d725d539b29

reddit.com

u/Due_Length_2169 — 16 days ago

▲ 2 r/SaaS

For our B2B SaaS, SOC2 Type 1 was enough early on but when prospects started requiring Type 2, the costs were huge. Evidence collection alone runs into thousands of dollars before you even get to audit fees.

Looked around for compliance tools but mostly ran into "DM me" replies which honestly don't inspire confidence.

Vanta feels like overkill for a small SaaS team paying for a ton of features we never touch.

Anyone else gone through this as a SaaS founder? Is there a simpler tool that just gets the job done without the enterprise price tag?

reddit.com

u/Due_Length_2169 — 16 days ago

▲ 7 r/node

I've always hated that every API documentation tool makes you do extra work before you get anything useful. Annotation-based tools like swagger-jsdoc start with a completely blank UI you have to go annotate every route before you see a single endpoint. Traffic-based tools show routes but leave them schema-less until you manually hit each one. Either way, documentation becomes a separate project you maintain alongside your actual code.

So I built nodox-cli. Add one line and your entire existing API is already documented schemas included.

npm install nodox-cli
app.use(nodox(app))

That's it. No annotations, no YAML, no code generators, no changes to your existing handlers.

How does it actually detect schemas without annotations?

It runs a 5-layer pipeline:

Layer 1 — reads any schema you explicitly attach via the optional validate() wrapper
Layer 2 — statically scans your route handler source for Zod / Joi / yup / express-validator references and extracts field names and types
Layer 3 — dry-runs your handler with a mock request in a sandbox (no DB calls, no network, no filesystem writes) and observes what it reads
Layer 4 — loads shapes recorded from your real test suite via .apicache.json
Layer 5 — intercepts live res.json() responses as they flow through in development

Higher-confidence layers always win. Real traffic never overwrites a statically-detected schema.

Features:

Zero-annotation route discovery — every Express route appears in the UI automatically on first server start
Interactive playground — send live requests from the browser; path params render as inline inputs, body fields pre-filled from detected schema
Chain builder — wire routes together on a canvas, pass response fields between steps using {{step0.id}} interpolation, simulate full multi-step flows without leaving the docs
Response diff — save a baseline response and compare against future calls to catch regressions
Environment switcher — swap base URL between local, staging, and production without leaving the UI
Test suite integration — npx nodox init hooks into Jest or Vitest and starts recording real request/response shapes automatically, no test code changes needed
express-validator support — check(), body(), param() chains detected automatically, field types inferred from validator names like isEmail, isInt, isUUID
validate() wrapper (optional) — attach Zod, Joi, yup, or plain JSON Schema to a route for confirmed schemas + runtime 400 validation; strictly optional, the other 4 layers run regardless
Production safe — complete no-op when NODE_ENV=production by default
TypeScript first — ESM with CJS fallback, types included, Zod v3 and v4 both supported

Think FastAPI's /docs, but for Node.js — except the first time you open it, your whole API is already there.

Would love feedback — especially from anyone who's tried similar tools and hit the same friction. What's missing? What would make this actually fit into your workflow?

Github : https://github.com/dhruv-bhalodia/nodox-cli/
npm : https://libraries.io/npm/nodox-cli

u/Due_Length_2169 — 17 days ago