Antigravity-awesome-skills hono
Build ultra-fast web APIs and full-stack apps with Hono — runs on Cloudflare Workers, Deno, Bun, Node.js, and any WinterCG-compatible runtime.
install
source · Clone the upstream repo
git clone https://github.com/sickn33/antigravity-awesome-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sickn33/antigravity-awesome-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/antigravity-awesome-skills-claude/skills/hono" ~/.claude/skills/sickn33-antigravity-awesome-skills-hono && rm -rf "$T"
manifest:
plugins/antigravity-awesome-skills-claude/skills/hono/SKILL.mdsafety · automated scan (low risk)
This is a pattern-based risk scan, not a security review. Our crawler flagged:
- references .env files
Always read a skill's source content before installing. Patterns alone don't mean the skill is malicious — but they warrant attention.
source content
Hono Web Framework
Overview
Hono (炎, "flame" in Japanese) is a small, ultrafast web framework built on Web Standards (
RequestResponsefetchWhen to Use This Skill
- Use when building a REST or RPC API for edge deployment (Cloudflare Workers, Deno Deploy)
- Use when you need a minimal but type-safe server framework for Bun or Node.js
- Use when building a Backend for Frontend (BFF) layer with low latency requirements
- Use when migrating from Express but wanting better TypeScript support and edge compatibility
- Use when the user asks about Hono routing, middleware,
,c.req
, orc.json
RPC clienthc()
How It Works
Step 1: Project Setup
Cloudflare Workers (recommended for edge):
npm create hono@latest my-api # Select: cloudflare-workers cd my-api npm install npm run dev # Wrangler local dev npm run deploy # Deploy to Cloudflare
Bun / Node.js:
mkdir my-api && cd my-api bun init bun add hono
// src/index.ts (Bun) import { Hono } from 'hono'; const app = new Hono(); app.get('/', c => c.text('Hello Hono!')); export default { port: 3000, fetch: app.fetch, };
Step 2: Routing
import { Hono } from 'hono'; const app = new Hono(); // Basic methods app.get('/posts', c => c.json({ posts: [] })); app.post('/posts', c => c.json({ created: true }, 201)); app.put('/posts/:id', c => c.json({ updated: true })); app.delete('/posts/:id', c => c.json({ deleted: true })); // Route params and query strings app.get('/posts/:id', async c => { const id = c.req.param('id'); const format = c.req.query('format') ?? 'json'; return c.json({ id, format }); }); // Wildcard app.get('/static/*', c => c.text('static file')); export default app;
Chained routing:
app .get('/users', listUsers) .post('/users', createUser) .get('/users/:id', getUser) .patch('/users/:id', updateUser) .delete('/users/:id', deleteUser);
Step 3: Middleware
Hono middleware works exactly like
fetchimport { Hono } from 'hono'; import { logger } from 'hono/logger'; import { cors } from 'hono/cors'; import { bearerAuth } from 'hono/bearer-auth'; const app = new Hono(); // Built-in middleware app.use('*', logger()); app.use('/api/*', cors({ origin: 'https://myapp.com' })); app.use('/api/admin/*', bearerAuth({ token: process.env.API_TOKEN! })); // Custom middleware app.use('*', async (c, next) => { c.set('requestId', crypto.randomUUID()); await next(); c.header('X-Request-Id', c.get('requestId')); });
Available built-in middleware:
loggercorscsrfetagcachebasicAuthbearerAuthjwtcompressbodyLimittimeoutprettyJSONsecureHeadersStep 4: Request and Response Helpers
app.post('/submit', async c => { // Parse body const body = await c.req.json<{ name: string; email: string }>(); const form = await c.req.formData(); const text = await c.req.text(); // Headers and cookies const auth = c.req.header('authorization'); const token = getCookie(c, 'session'); // Responses return c.json({ ok: true }); // JSON return c.text('hello'); // plain text return c.html('<h1>Hello</h1>'); // HTML return c.redirect('/dashboard', 302); // redirect return new Response(stream, { status: 200 }); // raw Response });
Step 5: Zod Validator Middleware
import { zValidator } from '@hono/zod-validator'; import { z } from 'zod'; const createPostSchema = z.object({ title: z.string().min(1).max(200), body: z.string().min(1), tags: z.array(z.string()).default([]), }); app.post( '/posts', zValidator('json', createPostSchema), async c => { const data = c.req.valid('json'); // fully typed const post = await db.post.create({ data }); return c.json(post, 201); } );
Step 6: Route Groups and App Composition
// src/routes/posts.ts import { Hono } from 'hono'; const posts = new Hono(); posts.get('/', async c => { /* list posts */ }); posts.post('/', async c => { /* create post */ }); posts.get('/:id', async c => { /* get post */ }); export default posts;
// src/index.ts import { Hono } from 'hono'; import posts from './routes/posts'; import users from './routes/users'; const app = new Hono().basePath('/api'); app.route('/posts', posts); app.route('/users', users); export default app;
Step 7: RPC Client (End-to-End Type Safety)
Hono's RPC mode exports route types that the
hc// server: src/routes/posts.ts import { Hono } from 'hono'; import { zValidator } from '@hono/zod-validator'; import { z } from 'zod'; const posts = new Hono() .get('/', c => c.json({ posts: [{ id: '1', title: 'Hello' }] })) .post( '/', zValidator('json', z.object({ title: z.string() })), async c => { const { title } = c.req.valid('json'); return c.json({ id: '2', title }, 201); } ); export default posts; export type PostsType = typeof posts;
// client: src/client.ts import { hc } from 'hono/client'; import type { PostsType } from '../server/routes/posts'; const client = hc<PostsType>('/api/posts'); // Fully typed — autocomplete on routes, params, and responses const { posts } = await client.$get().json(); const newPost = await client.$post({ json: { title: 'New Post' } }).json();
Examples
Example 1: JWT Auth Middleware
import { Hono } from 'hono'; import { jwt, sign } from 'hono/jwt'; const app = new Hono(); const SECRET = process.env.JWT_SECRET!; app.post('/login', async c => { const { email, password } = await c.req.json(); const user = await validateUser(email, password); if (!user) return c.json({ error: 'Invalid credentials' }, 401); const token = await sign({ sub: user.id, exp: Math.floor(Date.now() / 1000) + 3600 }, SECRET); return c.json({ token }); }); app.use('/api/*', jwt({ secret: SECRET })); app.get('/api/me', async c => { const payload = c.get('jwtPayload'); const user = await getUserById(payload.sub); return c.json(user); }); export default app;
Example 2: Cloudflare Workers with D1 Database
// src/index.ts import { Hono } from 'hono'; type Bindings = { DB: D1Database; API_TOKEN: string; }; const app = new Hono<{ Bindings: Bindings }>(); app.get('/users', async c => { const { results } = await c.env.DB.prepare('SELECT * FROM users LIMIT 50').all(); return c.json(results); }); app.post('/users', async c => { const { name, email } = await c.req.json(); await c.env.DB.prepare('INSERT INTO users (name, email) VALUES (?, ?)') .bind(name, email) .run(); return c.json({ created: true }, 201); }); export default app;
Example 3: Streaming Response
import { stream, streamText } from 'hono/streaming'; app.get('/stream', c => streamText(c, async stream => { for (const chunk of ['Hello', ' ', 'World']) { await stream.write(chunk); await stream.sleep(100); } }) );
Best Practices
- ✅ Use route groups (sub-apps) to keep handlers in separate files —
app.route('/users', usersRouter) - ✅ Use
for all request body, query, and param validationzValidator - ✅ Type Cloudflare Workers bindings with the
generic:Bindingsnew Hono<{ Bindings: Env }>() - ✅ Use the RPC client (
) when your frontend and backend share the same repohc - ✅ Prefer returning
/c.json()
overc.text()
for cleaner codenew Response() - ❌ Don't use Node.js-specific APIs (
,fs
,path
) if you want edge portabilityprocess - ❌ Don't add heavy dependencies — Hono's value is its tiny footprint on edge runtimes
- ❌ Don't skip middleware typing — use generics (
,Variables
) to keepBindings
type-safec.get()
Security & Safety Notes
- Always validate input with
before using data from requests.zValidator - Use Hono's built-in
middleware on mutation endpoints when serving HTML/forms.csrf - For Cloudflare Workers, store secrets in
wrangler.toml
(non-secret) or[vars]
(secret) — never hardcode them in source.wrangler secret put - When using
orbearerAuth
, ensure tokens are validated server-side — do not trust client-provided user IDs.jwt - Rate-limit sensitive endpoints (auth, password reset) with Cloudflare Rate Limiting or a custom middleware.
Common Pitfalls
-
Problem: Handler returns
— response is empty Solution: Alwaysundefined
a response from handlers:return
not justreturn c.json(...)
.c.json(...) -
Problem: Middleware runs after the response is sent Solution: Call
before post-response logic; Hono runs code afterawait next()
as the response travels back up the chain.next() -
Problem:
is undefined on Node.js Solution: Cloudflarec.env
bindings only exist in Workers. Useenv
on Node.js.process.env -
Problem: Route not matching — gets a 404 Solution: Check that
uses the same prefix your client calls. Sub-routers should not repeat the prefix in their own routes.app.route('/prefix', subRouter)
Related Skills
— Deep dive into Cloudflare Workers platform specifics@cloudflare-workers-expert
— Alternative RPC approach for TypeScript full-stack apps@trpc-fullstack
— Detailed Zod schema patterns used with@zod-validation-expert@hono/zod-validator
— When you need a Node.js-specific backend (not edge)@nodejs-backend-patterns
Limitations
- Use this skill only when the task clearly matches the scope described above.
- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.