by @deckardger
TanStack Start best practices for full-stack React applications. Server functions, middleware, SSR, authentication, and deployment patterns. Activate when building full-stack apps with TanStack Start.
Comprehensive guidelines for implementing TanStack Start patterns in full-stack React applications. These rules cover server functions, middleware, SSR, authentication, and deployment.
| Priority | Category | Rules | Impact |
|---|---|---|---|
| CRITICAL | Server Functions | 5 rules | Core data mutation patterns |
| CRITICAL | Security | 4 rules | Prevents vulnerabilities |
| HIGH | Middleware | 4 rules | Request/response handling |
| HIGH | Authentication | 4 rules | Secure user sessions |
| MEDIUM | API Routes | 1 rule | External endpoint patterns |
| MEDIUM | SSR | 6 rules | Server rendering patterns |
| MEDIUM | Error Handling | 3 rules | Graceful failure handling |
| MEDIUM | Environment | 1 rule | Configuration management |
| LOW | File Organization | 3 rules | Maintainable code structure |
| LOW | Deployment | 2 rules | Production readiness |
sf-)sf-create-server-fn — Use createServerFn for server-side logicsf-input-validation — Always validate server function inputssf-method-selection — Choose appropriate HTTP methodsf-error-handling — Handle errors in server functionssf-response-headers — Customize response headers when neededsec-)sec-validate-inputs — Validate all user inputs with schemassec-auth-middleware — Protect routes with auth middlewaresec-sensitive-data — Keep secrets server-side onlysec-csrf-protection — Implement CSRF protection for mutationsmw-)mw-request-middleware — Use request middleware for cross-cutting concerns