@rtorcato/js-tooling 2.14.0 → 2.16.0

package/dist/cli/commands/doctor.js

@@ -529,11 +529,27 @@ async function checkDependabot(dir) {
             };
         }
     }
+    for (const candidate of [
+        'renovate.json',
+        'renovate.json5',
+        '.github/renovate.json',
+        '.github/renovate.json5',
+        '.renovaterc',
+        '.renovaterc.json',
+    ]) {
+        if (await fs.pathExists(path.join(dir, candidate))) {
+            return {
+                check: 'Dependabot',
+                status: 'ok',
+                detail: `${candidate} found (Renovate)`,
+            };
+        }
+    }
     return {
         check: 'Dependabot',
         status: 'optional-missing',
-        detail: 'no .github/dependabot.yml',
-        hint: 'Run `npx @rtorcato/js-tooling fix dependabot` to scaffold weekly dep updates',
+        detail: 'no Dependabot or Renovate config',
+        hint: 'Run `npx @rtorcato/js-tooling fix dependabot` (or `fix renovate`) to scaffold weekly dep updates',
     };
 }
 async function checkCodeQL(dir) {
@@ -580,6 +596,48 @@ async function checkCodeQL(dir) {
         hint: 'Run `npx @rtorcato/js-tooling fix codeql` to scaffold CodeQL security scanning',
     };
 }
+function isPublishableLibrary(pkg) {
+    if (!pkg || pkg.private === true)
+        return false;
+    return !!(pkg.exports || pkg.main || pkg.module || pkg.files);
+}
+async function checkAreTheTypesWrong(_dir, pkg) {
+    if (!isPublishableLibrary(pkg)) {
+        return {
+            check: 'are-the-types-wrong',
+            status: 'ok',
+            detail: 'not applicable (private or no published exports)',
+        };
+    }
+    const deps = {
+        ...(pkg?.dependencies ?? {}),
+        ...(pkg?.devDependencies ?? {}),
+    };
+    const scripts = pkg?.scripts ?? {};
+    const hasDep = !!deps['are-the-types-wrong'];
+    const hasScript = Object.values(scripts).some((s) => /\battw\b|are-the-types-wrong/.test(s));
+    if (hasDep && hasScript) {
+        return {
+            check: 'are-the-types-wrong',
+            status: 'ok',
+            detail: 'are-the-types-wrong installed and wired into a script',
+        };
+    }
+    if (hasDep) {
+        return {
+            check: 'are-the-types-wrong',
+            status: 'drift',
+            detail: 'are-the-types-wrong installed but no script runs it',
+            hint: 'Add `"attw": "attw --pack"` to package.json scripts and call it from your verify/CI chain',
+        };
+    }
+    return {
+        check: 'are-the-types-wrong',
+        status: 'optional-missing',
+        detail: 'are-the-types-wrong not configured',
+        hint: 'Run `pnpm add -D are-the-types-wrong && attw --pack` to validate TypeScript exports before publishing',
+    };
+}
 async function checkTreeshakeSetup(dir, pkg) {
     const appCheckPath = path.join(dir, 'apps', 'treeshake-check', 'check.mjs');
     if (await fs.pathExists(appCheckPath)) {
@@ -690,6 +748,7 @@ export async function runDoctor(dir) {
     results.push(await checkCodeQL(targetDir));
     results.push(await checkGitLabCI(targetDir));
     results.push(await checkCodeowners(targetDir));
+    results.push(await checkAreTheTypesWrong(targetDir, pkg));
     results.push(await checkTreeshakeSetup(targetDir, pkg));
     // Lockfile-driven demotion: if the lock records an intentional opt-out for a
     // check that's currently optional-missing, demote it to ok with a clear detail.

package/dist/cli/commands/fix-targets.js

@@ -24,6 +24,7 @@ export const FIX_TARGETS = {
     'GitLab CI': 'gitlab-ci',
     lockfile: 'lockfile',
     '.js-tooling.json': 'lockfile',
+    'are-the-types-wrong': 'attw',
 };
 export function getFixTargetForCheck(checkName) {
     return FIX_TARGETS[checkName] ?? null;
@@ -110,6 +111,7 @@ export function lockfilePatchForTarget(target, lock) {
         case 'semantic-release':
             return c.semanticRelease ? null : { semanticRelease: true };
         case 'dependabot':
+        case 'renovate':
         case 'codeql':
             return c.securityAutomation ? null : { securityAutomation: true };
         case 'tsconfig':

package/dist/cli/commands/fix.js

@@ -10,7 +10,7 @@ import { generateESLintConfig, generatePrettierConfig } from '../generators/lint
 import { ensureEnginesNode, generateCodeowners, generateEditorConfig, generateKnipConfig, generateNvmrc, generateSizeLimitConfig, } from '../generators/misc.js';
 import { generateConfigs } from '../generators/index.js';
 import { composeVerifyScriptFromPkg } from '../generators/package-json.js';
-import { generateCodeQLWorkflow, generateDependabotConfig } from '../generators/security.js';
+import { generateCodeQLWorkflow, generateDependabotConfig, generateRenovateConfig, } from '../generators/security.js';
 import { generateVitestConfig } from '../generators/testing.js';
 import { generateTreeshakeCheck, inferSubpathsFromExports } from '../generators/treeshake.js';
 import { copyPreset } from '../utils/copy-preset.js';
@@ -222,6 +222,17 @@ const FIXERS = [
             return { filesWritten: ['.github/dependabot.yml'] };
         },
     },
+    {
+        target: 'renovate',
+        description: 'Scaffold renovate.json (weekly schedule; alternative to Dependabot)',
+        appliesTo: ['Dependabot'],
+        outputs: ['renovate.json'],
+        riskLevel: 'safe-add',
+        async run({ targetDir }) {
+            await generateRenovateConfig(targetDir);
+            return { filesWritten: ['renovate.json'] };
+        },
+    },
     {
         target: 'codeql',
         description: 'Scaffold .github/workflows/codeql.yml (security scanning)',
@@ -393,6 +404,18 @@ const FIXERS = [
 export function getFixers() {
     return FIXERS;
 }
+async function ownOutputsPresent(targetDir, fixer) {
+    for (const out of fixer.outputs) {
+        // Outputs that reference a package.json field (e.g. "package.json (scripts.verify)")
+        // can't be cheaply file-checked here; treat as present so we don't accidentally
+        // re-run safe-merge fixers on every targeted invocation.
+        if (out.includes('('))
+            return true;
+        if (await fs.pathExists(path.join(targetDir, out)))
+            return true;
+    }
+    return false;
+}
 function findFixer(target) {
     const normalized = target.toLowerCase();
     return FIXERS.find((f) => f.target.toLowerCase() === normalized);
@@ -587,7 +610,14 @@ export async function fixCommand(target, options = {}) {
         // fixable when the user explicitly targets it — treat it as optional-missing
         // so the override + lockfile resync paths run.
         const lockfileDemoted = lock !== null && declinedInLock(lock, result.check);
-        const effectiveResult = result.status === 'ok' && lockfileDemoted ? { ...result, status: 'optional-missing' } : result;
+        // When multiple fixers share a check (e.g. dependabot + renovate both apply to
+        // "Dependabot" deps-update coverage), the check can be `ok` from a sibling tool
+        // while this fixer's own outputs are still absent. In that case, treat as missing
+        // so the targeted scaffold runs.
+        const fixerOutputsPresent = await ownOutputsPresent(targetDir, fixer);
+        const effectiveResult = result.status === 'ok' && (lockfileDemoted || !fixerOutputsPresent)
+            ? { ...result, status: 'optional-missing' }
+            : result;
         if (effectiveResult.status === 'ok') {
             actions.push(recordFor(fixer.target, result.check, 'ok', 'already-ok', []));
             if (json)

package/dist/cli/generators/security.js

@@ -24,6 +24,28 @@ updates:
 `;
     await fs.writeFile(filepath, content);
 }
+export async function generateRenovateConfig(targetDir) {
+    const filepath = path.join(targetDir, 'renovate.json');
+    const content = `${JSON.stringify({
+        $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+        extends: ['config:recommended', ':semanticCommits', ':semanticCommitTypeAll(chore)'],
+        schedule: ['before 4am on Monday'],
+        prConcurrentLimit: 10,
+        prHourlyLimit: 0,
+        rangeStrategy: 'bump',
+        packageRules: [
+            {
+                matchManagers: ['github-actions'],
+                commitMessagePrefix: 'chore(ci):',
+            },
+            {
+                matchManagers: ['npm'],
+                commitMessagePrefix: 'chore(deps):',
+            },
+        ],
+    }, null, 2)}\n`;
+    await fs.writeFile(filepath, content);
+}
 export async function generateCodeQLWorkflow(targetDir) {
     await fs.ensureDir(path.join(targetDir, '.github', 'workflows'));
     const filepath = path.join(targetDir, '.github', 'workflows', 'codeql.yml');

package/dist/cli/index.js

@@ -184,6 +184,12 @@ const TOOL_CATALOG = [
         exports: [],
         fixTarget: 'dependabot',
     },
+    {
+        name: 'Renovate',
+        description: 'Weekly automated dependency updates (alternative to Dependabot)',
+        exports: [],
+        fixTarget: 'renovate',
+    },
     {
         name: 'CodeQL',
         description: 'GitHub security scanning workflow',

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rtorcato/js-tooling",
-	"version": "2.14.0",
+	"version": "2.16.0",
 	"description": "JavaScript and TypeScript tooling for Node.js, React, Next.js, and Vitest.",
 	"type": "module",
 	"keywords": [
@@ -52,6 +52,7 @@
 		"tooling/prettier/index.mjs",
 		"tooling/prettier/index.d.mts",
 		"tooling/typescript/*.json",
+		"tooling/typescript/v1/*.json",
 		"tooling/typescript/reset.d.ts",
 		"tooling/vite/vite.config.mjs",
 		"tooling/vite/vite.config.d.mts",
@@ -113,6 +114,12 @@
 		"./typescript/react": "./tooling/typescript/tsconfig.react.json",
 		"./typescript/test": "./tooling/typescript/tsconfig.test.json",
 		"./typescript/reset": "./tooling/typescript/reset.d.ts",
+		"./typescript/base@1": "./tooling/typescript/v1/tsconfig.base.json",
+		"./typescript/next@1": "./tooling/typescript/v1/tsconfig.next.json",
+		"./typescript/express@1": "./tooling/typescript/v1/tsconfig.express.json",
+		"./typescript/node@1": "./tooling/typescript/v1/tsconfig.node.json",
+		"./typescript/react@1": "./tooling/typescript/v1/tsconfig.react.json",
+		"./typescript/test@1": "./tooling/typescript/v1/tsconfig.test.json",
 		"./vite": {
 			"types": "./tooling/vite/vite.config.d.mts",
 			"import": "./tooling/vite/vite.config.mjs"
@@ -240,7 +247,7 @@
 		"ts-jest": "^29.0.0",
 		"tsup": "^8.0.0",
 		"typescript": ">=5.0.0",
-		"typescript-eslint": "*",
+		"typescript-eslint": "^8.0.0",
 		"vitest": ">=3.0.0"
 	},
 	"peerDependenciesMeta": {

package/tooling/typescript/v1/tsconfig.base.json

@@ -0,0 +1,77 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "compilerOptions": {
+    // 🔧 Output & Module Resolution
+    "moduleResolution": "bundler",
+    "module": "esnext",
+    "target": "esnext",
+    // "module": "esnext", //
+    // "moduleResolution": "node", // Prefer "bundler" if you're using Vite, esbuild, etc.
+    // "target": "esnext", //
+    "lib": ["ES2022"], // Specify library files to be included in the compilation
+    "rootDir": "src",
+    "outDir": "dist",
+
+
+    // 🔍 JavaScript Support
+    "allowJs": true, // Allow JavaScript files to be compiled
+    "checkJs": true, // Enable type checking on JavaScript files
+    "resolveJsonModule": true,  // Allow importing JSON files
+    "isolatedModules": true, // Ensure that each file can be safely transpiled independently
+    "esModuleInterop": true, // Enables emit interoperability between CommonJS and ES Modules
+    "allowSyntheticDefaultImports": true, // recommend enabling this for smoother interop
+
+    // ⚙️ Module Detection
+    "moduleDetection": "force", // Force module detection
+
+    // 📈 Performance
+    "skipLibCheck": true, // Skip type checking of declaration files
+    "incremental": true, // Enable incremental compilation
+    "disableSourceOfProjectReferenceRedirect": true, // Disable source of project reference redirect
+
+    // 🚨 Strict Type Checking
+    "strict": true, // Enable all strict type checking options
+    "noUncheckedIndexedAccess": true, // Disallow accessing an index signature with an arbitrary key
+    "noImplicitAny": true, // Disallow implicit any type
+    "noImplicitReturns": true, // Disallow functions that do not return a value
+    "noImplicitOverride": true, // Ensure override keyword is used
+    "noImplicitThis": true, // Disallow 'this' with an implicit any type
+    "noPropertyAccessFromIndexSignature": true, // Disallow property access from index signature
+
+    // 🧹 Lint-Like Settings
+    "noUnusedLocals": true, // Disallow unused locals
+    "noUnusedParameters": true, // Disallow unused parameters
+    "noFallthroughCasesInSwitch": true, // Disallow fallthrough cases in switch statements
+
+    // 📦 Types & Declarations
+    "types": ["node", "vitest"], // Specify type declaration files to be included in the compilation
+    "declaration": false, // Do not generate .d.ts files
+    "declarationMap": false, // Do not generate sourcemaps for d.ts files
+
+    // 🛑 Emit Settings
+    "noEmit": true, // Do not emit output files
+    "sourceMap": true, // Generate sourcemaps for .ts files
+
+    "paths": { // Path mapping for module resolution
+      "~/*": ["./src/*"],
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["src/**/*", "index.d.ts"], // Include files in the src directory and index.d.ts
+  "exclude": [
+    "node_modules",
+    "build",
+    "dist",
+    ".next",
+    ".expo",
+    "OLD",
+    "**/*.test.ts",
+    "**/*.test.tsx",
+    "**/*.spec.ts",
+    "**/*.spec.tsx",
+    ".turbo",
+    "out",
+    "not-used",
+    "vitest.config.ts"
+  ] // Exclude directories from compilation
+}

package/tooling/typescript/v1/tsconfig.express.json

@@ -0,0 +1,9 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "lib": ["ES2022"], // Only include ES libs, no DOM
+    "types": ["node", "express", "vitest"], // Add express types for API development
+  },
+  "include": ["src", "index.d.ts"],
+  "exclude": ["node_modules", "dist", "build", "test", "**/*.test.ts", "**/*.spec.ts"]
+}

package/tooling/typescript/v1/tsconfig.next.json

@@ -0,0 +1,19 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "jsx": "preserve", // Let Next.js handle JSX transformation
+    "lib": ["DOM", "DOM.Iterable", "ESNext"], // Include DOM types for browser APIs
+    "module": "esnext", // Next.js expects ESNext modules
+    "moduleResolution": "bundler", // Modern module resolution for Next.js
+    "allowJs": true, // Allow JavaScript files
+    "esModuleInterop": true, // Interop for CommonJS/ESM
+    "types": ["react", "tailwindcss", "vitest"],
+    "plugins": [ { "name": "next" } ], // Next.js plugin for TypeScript
+    "paths": {
+      "~/*": ["./src/*"],
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["next-env.d.ts", "src", "pages", "app", "components", "types", "index.d.ts"],
+  "exclude": ["node_modules", "dist", ".next", "build", "out"]
+}

package/tooling/typescript/v1/tsconfig.node.json

@@ -0,0 +1,9 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "lib": ["ES2022"],
+    "types": ["node", "vitest"]
+  },
+  "include": ["src", "index.d.ts"],
+  "exclude": ["node_modules", "dist", "build", "test", "**/*.test.ts", "**/*.spec.ts"]
+}

package/tooling/typescript/v1/tsconfig.react.json

@@ -0,0 +1,14 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "jsx": "react-jsx", // Use the new JSX transform for React 17+
+    "lib": ["DOM", "DOM.Iterable", "ESNext"],// Include DOM types for browser APIs
+    "types": ["react", "react-dom", "tailwindcss", "vitest"],
+    "paths": {
+      "~/*": ["./src/*"],
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["src", "index.d.ts", "types"],
+  "exclude": ["node_modules", "dist", "build", "out", "**/*.test.ts", "**/*.spec.ts"]
+}

package/tooling/typescript/v1/tsconfig.test.json

@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig.base.json",
+  "compilerOptions": {
+    "noEmit": true,
+    "types": ["node", "vitest"]
+  },
+  "include": ["src", "tests", "**/*.test.ts", "**/*.test.tsx", "**/*.spec.ts", "**/*.spec.tsx"]
+}