@rtorcato/js-tooling 2.19.0 → 2.19.2

package/dist/cli/commands/fix.js

@@ -210,17 +210,17 @@ const FIXERS = [
     },
     {
         target: 'semantic-release',
-        description: 'Scaffold release.config.mjs (skipped on private packages)',
+        description: 'Scaffold release.config.mjs + install preset plugins (skipped on private packages)',
         appliesTo: ['semantic-release'],
-        outputs: ['release.config.mjs'],
+        outputs: ['release.config.mjs', 'package.json'],
         canFixDrift: true,
         async run({ targetDir, pkg }) {
             if (pkg?.private === true) {
                 console.log(chalk.gray('   skipping — package is private'));
                 return { filesWritten: [] };
             }
-            await generateSemanticReleaseConfig(targetDir);
-            return { filesWritten: ['release.config.mjs'] };
+            const filesWritten = await generateSemanticReleaseConfig(targetDir);
+            return { filesWritten };
         },
     },
     {

package/dist/cli/generators/build.js

@@ -71,11 +71,41 @@ export default mergeConfig(preset, defineConfig({ plugins: [react()] }))
 `;
     await fs.writeFile(viteConfigPath, viteConfig);
 }
+// Plugins the github/gitlab preset activates that semantic-release core does
+// NOT bundle (core bundles only commit-analyzer, release-notes-generator, npm,
+// github). Without these in the consumer's deps, `semantic-release` crashes
+// with "Cannot find module '@semantic-release/changelog'" on first run.
+const RELEASE_PLUGIN_DEPS = {
+    '@semantic-release/changelog': '^6.0.0',
+    '@semantic-release/git': '^10.0.0',
+};
 export async function generateSemanticReleaseConfig(targetDir) {
     const releaseConfigPath = path.join(targetDir, 'release.config.mjs');
     const releaseConfig = `export { default } from '@rtorcato/js-tooling/semantic-release/github'
 `;
     await fs.writeFile(releaseConfigPath, releaseConfig);
+    const written = ['release.config.mjs'];
+    // Ensure the preset's non-bundled plugins are installed; otherwise the
+    // scaffolded release.config.mjs references modules the consumer lacks.
+    const pkgPath = path.join(targetDir, 'package.json');
+    if (await fs.pathExists(pkgPath)) {
+        const pkg = (await fs.readJson(pkgPath));
+        const devDeps = (pkg.devDependencies ?? {});
+        const deps = (pkg.dependencies ?? {});
+        let changed = false;
+        for (const [name, version] of Object.entries(RELEASE_PLUGIN_DEPS)) {
+            if (!devDeps[name] && !deps[name]) {
+                devDeps[name] = version;
+                changed = true;
+            }
+        }
+        if (changed) {
+            pkg.devDependencies = devDeps;
+            await fs.writeJson(pkgPath, pkg, { spaces: 2 });
+            written.push('package.json');
+        }
+    }
+    return written;
 }
 export async function generateChangesetsConfig(targetDir) {
     // Drop the canonical Changesets config into .changeset/config.json. The user

package/dist/cli/generators/git.js

@@ -57,19 +57,15 @@ npx --no -- commitlint --edit $1
     // lint-staged configuration in package.json
     const packageJsonPath = path.join(targetDir, 'package.json');
     const packageJson = await fs.readJson(packageJsonPath);
+    // No explicit `git add` — lint-staged stages tool output itself, and the
+    // extra add races its index lock. `--no-errors-on-unmatched` keeps biome
+    // from failing a commit when every matched file is biome-ignored.
+    const useBiome = config.linting.tool === 'biome' || config.linting.tool === 'both';
     packageJson['lint-staged'] = {
-        '*.{js,ts,jsx,tsx}': [
-            config.linting.tool === 'biome' || config.linting.tool === 'both'
-                ? 'biome check --fix'
-                : 'eslint --fix',
-            'git add',
-        ],
-        '*.{json,md,yml,yaml}': [
-            config.linting.tool === 'biome' || config.linting.tool === 'both'
-                ? 'biome format --write'
-                : 'prettier --write',
-            'git add',
-        ],
+        '*.{js,ts,jsx,tsx}': useBiome ? 'biome check --fix --no-errors-on-unmatched' : 'eslint --fix',
+        '*.{json,md,yml,yaml}': useBiome
+            ? 'biome format --write --no-errors-on-unmatched'
+            : 'prettier --write',
     };
     await fs.writeJson(packageJsonPath, packageJson, { spaces: 2 });
 }

package/dist/cli/generators/github-actions.js

@@ -48,15 +48,15 @@ jobs:
       cache-key: \${{ steps.cache-key.outputs.key }}
     steps:
       - name: 📦 Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version-file: .nvmrc
 
       - name: 📦 Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: latest
 
@@ -65,7 +65,7 @@ jobs:
         run: echo "key=\${{ runner.os }}-pnpm-\${{ hashFiles('**/pnpm-lock.yaml') }}" >> $GITHUB_OUTPUT
 
       - name: 📦 Cache dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.pnpm-store
@@ -83,20 +83,20 @@ jobs:
     if: needs.check-skip.outputs.should-skip != 'true'
     steps:
       - name: 📦 Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version-file: .nvmrc
 
       - name: 📦 Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: latest
 
       - name: 📦 Restore dependencies cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.pnpm-store
@@ -113,20 +113,20 @@ ${hasTypeScript
     if: needs.check-skip.outputs.should-skip != 'true'
     steps:
       - name: 📦 Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version-file: .nvmrc
 
       - name: 📦 Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: latest
 
       - name: 📦 Restore dependencies cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.pnpm-store
@@ -144,20 +144,20 @@ ${hasTests
     if: needs.check-skip.outputs.should-skip != 'true'
     steps:
       - name: 📦 Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version-file: .nvmrc
 
       - name: 📦 Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: latest
 
       - name: 📦 Restore dependencies cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.pnpm-store
@@ -175,20 +175,20 @@ ${hasBuild
     if: needs.check-skip.outputs.should-skip != 'true'
     steps:
       - name: 📦 Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version-file: .nvmrc
 
       - name: 📦 Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: latest
 
       - name: 📦 Restore dependencies cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.pnpm-store
@@ -199,7 +199,7 @@ ${hasBuild
         run: pnpm build
 
       - name: 📦 Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: build-artifacts
           path: |
@@ -221,24 +221,24 @@ ${isLibrary && config.semanticRelease
       id-token: write
     steps:
       - name: 📦 Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
         with:
           fetch-depth: 0
           token: \${{ secrets.GITHUB_TOKEN }}
 
       - name: 📦 Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version-file: .nvmrc
           registry-url: 'https://registry.npmjs.org'
 
       - name: 📦 Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v6
         with:
           version: latest
 
       - name: 📦 Restore dependencies cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.pnpm-store

package/dist/cli/generators/gitlab-ci.js

@@ -59,7 +59,7 @@ function renderGitLabCI(config) {
     return `# .gitlab-ci.yml — generated by @rtorcato/js-tooling
 # Customize stages and jobs to fit your pipeline.
 
-image: node:20
+image: node:22
 
 stages:
 ${stages.map((s) => `  - ${s}`).join('\n')}

package/dist/cli/generators/linting.js

@@ -27,13 +27,13 @@ export async function generateOxlintConfig(targetDir) {
 }
 export async function generateBiomeConfig(targetDir) {
     const biomeConfigPath = path.join(targetDir, 'biome.jsonc');
+    // Biome 2.x schema + shape. The base preset (extends) already defines the
+    // file globs via `files.includes`; emitting the old 1.x `include`/`ignore`
+    // keys here forced consumers to run `biome migrate` before `biome check`
+    // would run at all.
     const biomeConfig = {
-        $schema: 'https://biomejs.dev/schemas/1.9.4/schema.json',
+        $schema: 'https://biomejs.dev/schemas/2.5.0/schema.json',
         extends: ['@rtorcato/js-tooling/biome'],
-        files: {
-            include: ['src/**/*', '*.ts', '*.js', '*.tsx', '*.jsx'],
-            ignore: ['node_modules', 'dist', 'build', '.next'],
-        },
     };
     await fs.writeJson(biomeConfigPath, biomeConfig, { spaces: 2 });
 }

package/dist/cli/generators/package-json.js

@@ -26,16 +26,22 @@ export async function generatePackageJson(config, targetDir) {
             ...existingPackageJson?.devDependencies,
         },
     };
-    // Add additional package.json fields based on project type
+    // Add additional package.json fields based on project type.
+    // Exports must match tsup's output for a "type": "module" package with
+    // format: ['cjs','esm']: ESM → index.js, CJS → index.cjs, types →
+    // index.d.ts (ESM) / index.d.cts (CJS).
     if (config.projectType === 'library') {
-        packageJson.main = './dist/index.js';
-        packageJson.module = './dist/index.mjs';
+        packageJson.main = './dist/index.cjs';
+        packageJson.module = './dist/index.js';
         packageJson.types = './dist/index.d.ts';
         packageJson.exports = {
             '.': {
-                import: './dist/index.mjs',
-                require: './dist/index.js',
-                types: './dist/index.d.ts',
+                types: {
+                    import: './dist/index.d.ts',
+                    require: './dist/index.d.cts',
+                },
+                import: './dist/index.js',
+                require: './dist/index.cjs',
             },
         };
         packageJson.files = ['dist'];
@@ -43,6 +49,15 @@ export async function generatePackageJson(config, targetDir) {
             access: 'public',
         };
     }
+    // pnpm 11 refuses to run a dependency's build script unless it's approved.
+    // esbuild (pulled in by tsup/esbuild/vite) has one, so `pnpm install` exits
+    // 1 with ERR_PNPM_IGNORED_BUILDS until it's whitelisted here.
+    if (config.bundler === 'tsup' || config.bundler === 'esbuild' || config.bundler === 'vite') {
+        packageJson.pnpm = {
+            ...packageJson.pnpm,
+            onlyBuiltDependencies: ['esbuild'],
+        };
+    }
     await fs.writeJson(packageJsonPath, packageJson, { spaces: 2 });
 }
 function getScripts(config, opts = {}) {
@@ -213,10 +228,14 @@ function getDependencies(config) {
         deps['@commitlint/cli'] = '^20.0.0';
         deps['@commitlint/config-conventional'] = '^20.0.0';
     }
-    // Semantic release
+    // Semantic release. The shipped github preset activates the changelog and
+    // git plugins (and @semantic-release/github), so they must be installed too
+    // or `semantic-release` crashes with "Cannot find module".
     if (config.semanticRelease) {
         deps['semantic-release'] = '^25.0.0';
         deps['@semantic-release/github'] = '^12.0.0';
+        deps['@semantic-release/changelog'] = '^6.0.0';
+        deps['@semantic-release/git'] = '^10.0.0';
     }
     return deps;
 }

package/dist/cli/generators/security.js

@@ -75,7 +75,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3

package/dist/cli/generators/typedoc.js

@@ -10,9 +10,9 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v7
+      - uses: pnpm/action-setup@v6
+      - uses: actions/setup-node@v6
         with:
           node-version: 22
           cache: pnpm

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rtorcato/js-tooling",
-	"version": "2.19.0",
+	"version": "2.19.2",
 	"description": "JavaScript and TypeScript tooling for Node.js, React, Next.js, and Vitest.",
 	"type": "module",
 	"keywords": [
@@ -71,7 +71,8 @@
 		"tooling/tests/exports-resolution.d.mts",
 		"tooling/tests/ssr-safety.mjs",
 		"tooling/tests/ssr-safety.d.mts",
-		"tooling/tsup/index.ts",
+		"tooling/tsup/index.mjs",
+		"tooling/tsup/index.d.mts",
 		"tooling/biome/biome.json",
 		"tooling/changesets/config.json",
 		"tooling/oxlint/oxlintrc.json",
@@ -147,7 +148,10 @@
 			"types": "./tooling/vitest/jsdom-shims.d.mts",
 			"import": "./tooling/vitest/jsdom-shims.mjs"
 		},
-		"./tsup": "./tooling/tsup/index.ts",
+		"./tsup": {
+			"types": "./tooling/tsup/index.d.mts",
+			"import": "./tooling/tsup/index.mjs"
+		},
 		"./biome": "./tooling/biome/biome.json",
 		"./changesets": "./tooling/changesets/config.json",
 		"./oxlint": "./tooling/oxlint/oxlintrc.json",
@@ -171,7 +175,8 @@
 		"./tests/ssr-safety": {
 			"types": "./tooling/tests/ssr-safety.d.mts",
 			"import": "./tooling/tests/ssr-safety.mjs"
-		}
+		},
+		"./package.json": "./package.json"
 	},
 	"dependencies": {
 		"chalk": "^5.6.2",

package/tooling/biome/biome.json

@@ -1,5 +1,5 @@
 {
-	"$schema": "https://biomejs.dev/schemas/2.3.0/schema.json",
+	"$schema": "https://biomejs.dev/schemas/2.5.0/schema.json",
 	"vcs": {
 		"enabled": false,
 		"clientKind": "git",
@@ -27,7 +27,7 @@
 	"linter": {
 		"enabled": true,
 		"rules": {
-			"recommended": true,
+			"preset": "recommended",
 			"style": {
 				"noInferrableTypes": "off"
 			},

package/tooling/semantic-release/github.mjs

@@ -51,8 +51,11 @@ export default {
 				changelogFile: 'CHANGELOG.md',
 			},
 		],
-		['@semantic-release/npm', { npmPublish: true, pkgRoot: '.' }],
-		// NPM plugin to publish the package
+		// npm publishing is opt-in via NPM_TOKEN: a repo that provides the token
+		// (e.g. js-tooling's own CI) publishes; one that doesn't (GitHub-releases
+		// only) gets a green release instead of an EINVALIDNPMTOKEN failure. The
+		// version in package.json is still bumped either way.
+		['@semantic-release/npm', { npmPublish: Boolean(process.env.NPM_TOKEN), pkgRoot: '.' }],
 		[
 			'@semantic-release/git',
 			{

package/tooling/semantic-release/index.mjs

@@ -52,8 +52,11 @@ export default {
 				changelogFile: 'CHANGELOG.md',
 			},
 		],
-		['@semantic-release/npm', { npmPublish: true, pkgRoot: '.' }],
-		// NPM plugin to publish the package
+		// npm publishing is opt-in via NPM_TOKEN: a repo that provides the token
+		// publishes; one that doesn't (GitLab releases only) gets a green release
+		// instead of an EINVALIDNPMTOKEN failure. The version in package.json is
+		// still bumped either way.
+		['@semantic-release/npm', { npmPublish: Boolean(process.env.NPM_TOKEN), pkgRoot: '.' }],
 		[
 			'@semantic-release/git',
 			{

package/tooling/tsup/index.d.mts

@@ -0,0 +1,8 @@
+import type { Options } from 'tsup'
+import type { defineConfig } from 'tsup'
+
+export type DefineConfig = ReturnType<typeof defineConfig>
+
+export declare const getConfig: (customOptions: Options, env: string) => DefineConfig
+
+export declare const baseOptions: (options: Options, env: string) => Options

package/tooling/tsup/index.mjs

@@ -0,0 +1,23 @@
+import { defineConfig } from 'tsup'
+
+export const getConfig = (customOptions, env) => {
+	return defineConfig((options = customOptions) => {
+		return baseOptions(options, env)
+	})
+}
+
+export const baseOptions = (options, env) => {
+	const opts = {
+		treeshake: true,
+		splitting: true,
+		format: ['cjs', 'esm'], // generate cjs and esm files
+		entry: ['src/**/*.ts'],
+		skipNodeModulesBundle: true, // Skips building dependencies for node modules
+		minify: !options.watch && env === 'production',
+		bundle: false,
+		clean: true, // clean up the dist folder
+		dts: true, // generate dts file for main module
+		...options,
+	}
+	return opts
+}

package/tooling/typescript/tsconfig.base.json

@@ -27,6 +27,10 @@
     // 📈 Performance
     "skipLibCheck": true, // Skip type checking of declaration files
     "incremental": true, // Enable incremental compilation
+    // Pin the build-info location so downstream emit tools (e.g. tsup's `dts`
+    // build) don't hit TS5074 from inheriting `incremental` without a file.
+    // ${configDir} resolves to the consuming project's dir (TS 5.5+).
+    "tsBuildInfoFile": "${configDir}/node_modules/.cache/tsconfig.tsbuildinfo",
     "disableSourceOfProjectReferenceRedirect": true, // Disable source of project reference redirect
 
     // 🚨 Strict Type Checking

package/tooling/tsup/index.ts

@@ -1,50 +0,0 @@
-import type { Options } from 'tsup'
-import { defineConfig } from 'tsup'
-
-export type DefineConfig = ReturnType<typeof defineConfig>
-
-export const getConfig: (customOptions: Options, env: string) => DefineConfig = (
-	customOptions: Options,
-	env: string
-): DefineConfig => {
-	return defineConfig((options: Options = customOptions) => {
-		return baseOptions(options, env)
-	})
-}
-
-export const baseOptions = (options: Options, env: string): Options => {
-	const opts: Options = {
-		treeshake: true,
-		splitting: true,
-		// target: 'es2020',
-		// target: 'nodeNext',
-		format: ['cjs', 'esm'], // generate cjs and esm files
-		entry: [
-			// './src/index.ts',
-			'src/**/*.ts',
-			// './src/**/*!(index).ts?(x)',
-			// '!./src/**/*.spec.*',
-			// '!./src/**/*.stories.*',
-		],
-		skipNodeModulesBundle: true, // Skips building dependencies for node modules
-		minify: !options.watch && env === 'production',
-		bundle: false, //env === 'production',
-		clean: true, // clean up the dist folder
-		dts: true, // generate dts file for main module
-		// sourcemap: env === 'production', // source map is only available in prod
-		// sourcemap: true,
-		// outDir: env === 'production' ? 'dist' : 'lib',
-		// outDir: 'dist',
-		// tsconfig: path.resolve(__dirname, './tsconfig.build.json'),
-		// esbuildOptions(options, context) {
-		//   options.outbase = './'
-		// },
-		// external: ['react'],
-		...options,
-		// banner: {js: '"use client";'},
-		// dts: {
-		//   footer: "declare module 'knex/types/tables';"
-		// },
-	}
-	return opts
-}