error-handling_skill

This skill helps you implement secure error handling to prevent information leakage and provide safe, environment-aware error responses.
  • JavaScript

4

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill harperaa/secure-claude-skills --skill error-handling

  • SKILL.md19.7 KB

Overview

This skill implements secure error handling for JavaScript API routes to prevent information leakage and provide appropriate HTTP responses. It delivers environment-aware responses: detailed errors in development and generic, safe messages in production. Use the provided handlers to standardize 400/401/403/404/500 responses and keep sensitive details in server logs only.

How this skill works

The handlers inspect the error type and execution context, log full details server-side, and return safe client-facing JSON. Validation, auth, forbidden, not-found, and unexpected errors each map to a specific helper that sets HTTP status codes and message shape. In production the API returns generic messages; in development it returns stack and context for debugging.

When to use it

  • Handling unexpected runtime errors in API routes (HTTP 500)
  • Returning structured validation failures to clients (HTTP 400)
  • Enforcing authentication and authorization checks (HTTP 401/403)
  • Responding to missing resources with clear 404 messages
  • Centralizing error handling to avoid leaking internal paths, DB schema, or dependency details

Best practices

  • Log full error details and context server-side, but never send stacks or secrets to clients in production
  • Return detailed field-level validation errors (400) to help users fix input without exposing internals
  • Use specific handlers for auth/authorization/not-found rather than treating everything as a 500
  • Sanitize logs: omit passwords, full card numbers, tokens, API keys, and sensitive PII
  • Include operation context and user identifiers in logs to speed debugging while keeping client responses generic

Example use cases

  • Protect payment and database operations by catching provider-specific errors and mapping them to safe client responses
  • Wrap protected routes so unauthenticated requests return 401, unauthorized actions return 403, and missing records return 404
  • Use handleValidationError to return per-field messages for form or API input errors
  • Call handleApiError in a catch-all to log full details and return a safe 500 response in production
  • Differentiate Stripe card declines from other payment failures and return user-friendly messages

FAQ

Only in development or internal staging environments. Never expose stacks in production; log them server-side instead.

What should I log vs return to the client?

Log full error details, stack, context, userId and request path for debugging. Return generic messages to clients and only include field-level validation details when helpful.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational