@rtorcato/js-tooling 2.19.2 → 2.20.0

package/dist/cli/commands/doctor.js

@@ -807,6 +807,23 @@ async function checkCodeowners(dir) {
         hint: 'Run `npx @rtorcato/js-tooling fix codeowners` to scaffold .github/CODEOWNERS',
     };
 }
+async function checkCommunityHealth(dir) {
+    const anchors = ['CONTRIBUTING.md', 'SECURITY.md'];
+    const present = await Promise.all(anchors.map((f) => fs.pathExists(path.join(dir, f))));
+    if (present.every(Boolean)) {
+        return {
+            check: 'Community health',
+            status: 'ok',
+            detail: 'CONTRIBUTING.md and SECURITY.md found',
+        };
+    }
+    return {
+        check: 'Community health',
+        status: 'optional-missing',
+        detail: 'missing community-health files (CONTRIBUTING/SECURITY/templates)',
+        hint: 'Run `npx @rtorcato/js-tooling fix community-health` to scaffold them',
+    };
+}
 async function checkGitLabCI(dir) {
     for (const candidate of ['.gitlab-ci.yml', '.gitlab-ci.yaml']) {
         if (await fs.pathExists(path.join(dir, candidate))) {
@@ -850,6 +867,7 @@ export async function runDoctor(dir) {
     results.push(await checkCodeQL(targetDir));
     results.push(await checkGitLabCI(targetDir));
     results.push(await checkCodeowners(targetDir));
+    results.push(await checkCommunityHealth(targetDir));
     results.push(await checkTypedoc(targetDir, pkg));
     results.push(await checkAreTheTypesWrong(targetDir, pkg));
     results.push(await checkTreeshakeSetup(targetDir, pkg));

package/dist/cli/commands/fix.js

@@ -6,6 +6,7 @@ import fs from 'fs-extra';
 import inquirer from 'inquirer';
 import { installAgentRules } from '../generators/agent-rules.js';
 import { generateSemanticReleaseConfig } from '../generators/build.js';
+import { generateCommunityHealth } from '../generators/community-health.js';
 import { generateCommitlintConfig, generateHuskyConfig, generatePrePushHook, } from '../generators/git.js';
 import { generateGitHubActions } from '../generators/github-actions.js';
 import { generateGitLabCI } from '../generators/gitlab-ci.js';
@@ -299,6 +300,24 @@ const FIXERS = [
             return { filesWritten: [written] };
         },
     },
+    {
+        target: 'community-health',
+        description: 'Scaffold CONTRIBUTING.md, SECURITY.md, PR + issue templates',
+        appliesTo: ['Community health'],
+        outputs: [
+            'CONTRIBUTING.md',
+            'SECURITY.md',
+            '.github/PULL_REQUEST_TEMPLATE.md',
+            '.github/ISSUE_TEMPLATE/bug_report.md',
+            '.github/ISSUE_TEMPLATE/feature_request.md',
+        ],
+        riskLevel: 'safe-add',
+        canFixDrift: false,
+        async run({ targetDir }) {
+            const filesWritten = await generateCommunityHealth(targetDir);
+            return { filesWritten };
+        },
+    },
     {
         target: 'gitlab-ci',
         description: 'Scaffold .gitlab-ci.yml (lint/typecheck/test/build mirrored from GitHub Actions)',

package/dist/cli/generators/community-health.js

@@ -0,0 +1,145 @@
+import path from 'node:path';
+import fs from 'fs-extra';
+const CONTRIBUTING = `# Contributing
+
+Thanks for your interest in contributing!
+
+## Local setup
+
+\`\`\`bash
+pnpm install
+pnpm build
+pnpm test
+\`\`\`
+
+## Commit messages
+
+This project uses [Conventional Commits](https://www.conventionalcommits.org/).
+Format: \`type(scope): summary\` — e.g. \`fix(api): handle empty payload\`.
+Common types: \`feat\`, \`fix\`, \`docs\`, \`refactor\`, \`test\`, \`chore\`.
+If commitizen is set up, run \`pnpm commit\` to be guided through it.
+
+## Pull requests
+
+- Keep PRs focused and small where possible.
+- Make sure \`pnpm test\` and \`pnpm check\` (lint) pass.
+- Add tests for new behaviour.
+- Describe what changed and why in the PR description.
+`;
+// Relative advisory link works from a repo-root SECURITY.md on GitHub, so the
+// template stays repo-agnostic (no hardcoded owner/name). Fill in the contact.
+const SECURITY = `# Security Policy
+
+## Supported versions
+
+Only the latest major version receives security fixes.
+
+## Reporting a vulnerability
+
+Do **not** open a public GitHub issue for security vulnerabilities.
+
+Instead, use [GitHub's private vulnerability reporting](../../security/advisories/new)
+or email **<security-contact@example.com>** with:
+
+- A description of the vulnerability
+- Steps to reproduce
+- Potential impact
+
+You'll receive a response within 5 business days.
+`;
+const PULL_REQUEST_TEMPLATE = `## Summary
+
+<!-- 1-3 bullet points describing what changed and why -->
+-
+
+## Type of change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Refactor / cleanup
+- [ ] Documentation
+- [ ] CI / tooling
+
+## Test plan
+
+- [ ] Existing tests pass (\`pnpm test\`)
+- [ ] New tests added for new behaviour
+
+## Checklist
+
+- [ ] No debug logging left in production code
+- [ ] No breaking changes (or BREAKING CHANGE footer added to commit)
+- [ ] Lint passes (\`pnpm check\` / \`pnpm lint\`)
+`;
+const BUG_REPORT = `---
+name: Bug report
+about: Something isn't working as expected
+labels: bug
+---
+
+## Describe the bug
+
+<!-- A clear and concise description of what the bug is -->
+
+## Steps to reproduce
+
+1.
+2.
+3.
+
+## Expected behaviour
+
+## Actual behaviour
+
+<!-- Paste any error output here -->
+
+\`\`\`
+\`\`\`
+
+## Environment
+
+- Package version:
+- Node version (\`node -v\`):
+- Package manager + version:
+- OS:
+`;
+const FEATURE_REQUEST = `---
+name: Feature request
+about: Suggest an idea or improvement
+labels: enhancement
+---
+
+## Problem
+
+<!-- What are you trying to do that you can't do today? -->
+
+## Proposed solution
+
+## Alternatives considered
+
+## Additional context
+`;
+const FILES = [
+    { rel: 'CONTRIBUTING.md', content: CONTRIBUTING },
+    { rel: 'SECURITY.md', content: SECURITY },
+    { rel: '.github/PULL_REQUEST_TEMPLATE.md', content: PULL_REQUEST_TEMPLATE },
+    { rel: '.github/ISSUE_TEMPLATE/bug_report.md', content: BUG_REPORT },
+    { rel: '.github/ISSUE_TEMPLATE/feature_request.md', content: FEATURE_REQUEST },
+];
+/**
+ * Scaffold GitHub community-health files. Safe-add: existing files are left
+ * untouched (the user owns them once written). Returns the list of files
+ * actually created.
+ */
+export async function generateCommunityHealth(targetDir) {
+    const written = [];
+    for (const { rel, content } of FILES) {
+        const filepath = path.join(targetDir, rel);
+        if (await fs.pathExists(filepath))
+            continue;
+        await fs.ensureDir(path.dirname(filepath));
+        await fs.writeFile(filepath, content);
+        written.push(rel);
+    }
+    return written;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rtorcato/js-tooling",
-	"version": "2.19.2",
+	"version": "2.20.0",
 	"description": "JavaScript and TypeScript tooling for Node.js, React, Next.js, and Vitest.",
 	"type": "module",
 	"keywords": [