boosten-runtime 0.1.0-alpha.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Boosten contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,141 @@
+# @boosten/runtime
+
+> React Native performance runtime. Zero-config in-memory mode. Optional
+> server upload. AI-readable diagnosis output.
+
+> **⚠️ USE AT YOUR OWN RISK.** Boosten is provided "as is", with all faults, and without warranty of any kind. The Publisher is not liable for any loss or damage arising from your use of Boosten. See `LICENSE` and `/TERMS.md` Section 0 for the full risk-allocation language. By installing this package you accept these terms.
+
+## No-PII guarantee (enforced by code)
+
+Boosten's privacy promise — *no personally identifying data is ever collected* — is enforced by code, not just by prose in the privacy policy.
+
+Every outgoing payload is run through `assertNoPII()`, which scans field names against a denylist of PII-shaped tokens (`email`, `userId`, `ip`, `lat`, `password`, `deviceId`, `idfa`, `address`, `phone`, etc.) and **throws** if any match. A companion test suite (`src/no-pii.test.ts`, 45 tests) fails the build if the guard ever stops catching a known forbidden field — making it impossible for a future contributor to silently introduce PII without the build going red.
+
+```ts
+import { assertNoPII, checkNoPII, PIIDetectedError } from "@boosten/runtime";
+
+// Throwing variant — recommended at transmit boundary:
+assertNoPII(sample);
+await fetch(endpoint, { body: JSON.stringify(sample) });
+
+// Non-throwing variant — useful when you'd rather log and drop:
+const err = checkNoPII(sample);
+if (err) console.warn("Boosten dropped a sample:", err.path, err.fieldName);
+```
+
+The full denylist is exported as `PII_DENYLIST` for inspection. Run the tests with `pnpm --filter @boosten/runtime test`.
+
+### One transmit boundary, by design
+
+Every outgoing payload should leave the device through one chokepoint: `safeTransmit()`. It runs `assertNoPII()` first and **only** issues the network call if the payload is clean — if a PII-shaped field is detected, `fetch` is never called.
+
+```ts
+import { safeTransmit } from "@boosten/runtime";
+
+await safeTransmit("https://your-endpoint/boosten/ingest", sample, {
+  headers: { authorization: `Bearer ${token}` },
+});
+// → throws PIIDetectedError BEFORE any network I/O if `sample` contains PII
+```
+
+Boosten's default in-memory mode never reaches this boundary. If you (or a Boosten Cloud integration) wire a server-upload code path, route it through `safeTransmit` rather than calling `fetch` directly. This means a reviewer can verify the entire privacy promise by reading **one ~30-line file** (`src/transmit.ts`).
+
+## Status
+
+**0.1.0-alpha.** The type contracts and constants in this package are stable
+and safe to depend on today. The hooks and diagnoser implementations land in
+0.1.0 (file-move release from the Rival reference codebase).
+
+## Why Boosten
+
+Most React Native perf tools either:
+
+1. Cost money, ship telemetry to a vendor, and need a PM signoff to install
+   (Sentry, Firebase Performance, Embrace), **or**
+2. Are abandoned single-purpose npm packages (`react-native-performance`,
+   `why-did-you-render` clones).
+
+Boosten is the third path: code you own, in your repo, no PII off-device, no
+monthly bill. Built around an opinionated, AI-readable diagnosis schema so an
+LLM agent (Cursor, Claude Code, Replit Agent) can read a perf report and
+propose patches automatically.
+
+## What's in the box (when 0.1.0 ships)
+
+| Module                 | What it does                                                  |
+|------------------------|---------------------------------------------------------------|
+| `usePerfTracker(name)` | Drop into every screen. Captures TTFF / TTI / paint / IM.     |
+| `markBoot(kind)`       | Boot ladder: bundleLoaded → rootRendered → firstScreen → IA.  |
+| `diagnose(events)`     | Per-screen diagnosis with score, rating, root-cause hints.    |
+| `frameSampler`         | Long-session jankFraction + p99 frame time (60-second window).|
+| Novel detectors        | Ghost-mount, thundering-herd, stranded-interval, perception.  |
+| `computeScreenScore()` | Indeed-style composite (TTFF×.25 + TTI×.45 + FID×.30).        |
+
+## Demo (before / after)
+
+> **Note:** the published 0.1.0 release will ship a `before/after.gif` in this
+> README captured from the Rival reference app. The demo flow:
+>
+> 1. `boosten init` adds the tracker to a stock Expo screen.
+> 2. Open the in-app `/dev/perf` viewer — see TTFF=380ms / TTI=720ms / score=68.
+> 3. Boosten surfaces "ghost-mount on TeamCard" + a fix template.
+> 4. Apply the suggested fix.
+> 5. Re-run, see TTFF=180ms / TTI=420ms / score=92.
+>
+> The whole loop takes under 5 minutes from `npm install` and never touches
+> a third-party server.
+
+## Install
+
+> **Pre-publish alpha — not yet on npm.** Inside this monorepo, add
+> `"@boosten/runtime": "workspace:*"` to your package's `dependencies` and
+> `pnpm install`. After 0.1.0 first publish:
+>
+> ```bash
+> npm i @boosten/runtime @boosten/checklist
+> ```
+
+## Use today (type-only)
+
+```ts
+import type { PerfEvent, PerfSample } from "@boosten/runtime";
+import { SCORE_THRESHOLDS, SCORE_WEIGHTS } from "@boosten/runtime";
+
+// Wire your own ingest endpoint against the stable PerfSample shape.
+function isValidSample(s: unknown): s is PerfSample {
+  if (!s || typeof s !== "object") return false;
+  const o = s as Record<string, unknown>;
+  return (
+    typeof o.screen === "string" &&
+    typeof o.appVersion === "string" &&
+    typeof o.score === "number" &&
+    typeof o.ts === "number"
+  );
+}
+```
+
+## Use after 0.1.0 (full hooks)
+
+```tsx
+import { usePerfTracker } from "@boosten/runtime";
+
+export default function TeamScreen() {
+  usePerfTracker("team/[id]");   // first line of every screen
+  return <TeamView />;
+}
+```
+
+## Coupling we are removing before 0.1.0
+
+The reference implementation has three known coupling points being addressed
+before the file-move release:
+
+1. `usePerfTracker` uses `@/lib/...` path aliases → being parameterized.
+2. `prodSampler` hardcodes `EXPO_PUBLIC_BOOSTEN_INGEST_URL/TOKEN` env-var
+   names → becoming `boosten.config.json`-driven.
+3. AsyncStorage refs in `perfBoot` → routed through `perfPlatform` so a Node
+   test runner can swap in a memory shim.
+
+## License
+
+MIT

package/dist/chunk-7TGINAZV.js

@@ -0,0 +1,19 @@
+import {
+  assertNoPII
+} from "./chunk-VFNN22DR.js";
+
+// src/transmit.ts
+async function safeTransmit(endpoint, payload, opts = {}) {
+  assertNoPII(payload);
+  const fetchFn = opts.fetchImpl ?? fetch;
+  return fetchFn(endpoint, {
+    method: "POST",
+    headers: { "content-type": "application/json", ...opts.headers ?? {} },
+    body: JSON.stringify(payload),
+    signal: opts.signal
+  });
+}
+
+export {
+  safeTransmit
+};

package/dist/chunk-VFNN22DR.js

@@ -0,0 +1,212 @@
+// src/no-pii.ts
+var PII_DENYLIST = Object.freeze([
+  // identity
+  "email",
+  "mail",
+  "username",
+  "userid",
+  "user_id",
+  "uid",
+  "firstname",
+  "first_name",
+  "lastname",
+  "last_name",
+  "fullname",
+  "full_name",
+  "phone",
+  "mobile",
+  "tel",
+  "ssn",
+  "nationalid",
+  "national_id",
+  "taxid",
+  "tax_id",
+  "dob",
+  "birthdate",
+  "birthday",
+  // account/auth secrets
+  "password",
+  "passwd",
+  "secret",
+  "apikey",
+  "api_key",
+  "token",
+  "auth",
+  "session",
+  "cookie",
+  "bearer",
+  "jwt",
+  "creditcard",
+  "credit_card",
+  "cardnumber",
+  "card_number",
+  "cvv",
+  "iban",
+  "swift",
+  "routingnumber",
+  "routing_number",
+  // device-as-identity
+  "deviceid",
+  "device_id",
+  "advertisingid",
+  "advertising_id",
+  "idfa",
+  "idfv",
+  "macaddress",
+  "mac_address",
+  "imei",
+  // network identity
+  "ipaddress",
+  "ip_address",
+  "ip",
+  "ipv4",
+  "ipv6",
+  "useragent",
+  "user_agent",
+  // location
+  "latitude",
+  "longitude",
+  "lat",
+  "lng",
+  "lon",
+  "geohash",
+  "address",
+  "street",
+  "city",
+  "zipcode",
+  "zip_code",
+  "postalcode",
+  "postal_code",
+  // free-form content (high-risk for incidental PII)
+  "message",
+  "content",
+  "body",
+  "text",
+  "comment",
+  "note",
+  "value",
+  "input",
+  "query",
+  "search"
+]);
+var ALLOWLIST = Object.freeze([
+  // Boosten's "screen route" is a code-defined string like "team/[id]"
+  // — never user content. Distinct from "screenName" of a person.
+  "screen",
+  "screenname",
+  "screen_name",
+  // boot/version metadata
+  "appversion",
+  "app_version",
+  "osversion",
+  "os_version",
+  "osname",
+  "os_name",
+  // performance findings
+  "findingid",
+  "finding_id",
+  "ruleid",
+  "rule_id",
+  // Boosten's score/rating values
+  "score",
+  "rating",
+  "perception"
+]);
+var PIIDetectedError = class extends Error {
+  path;
+  fieldName;
+  matchedFragment;
+  constructor(path, fieldName, matchedFragment) {
+    super(
+      `Boosten no-PII guard refused outgoing payload: field "${path}" (name "${fieldName}") matches denied fragment "${matchedFragment}". Boosten's privacy contract forbids transmitting personally identifying data. If this field is genuinely non-PII, rename it; otherwise remove it.`
+    );
+    this.name = "PIIDetectedError";
+    this.path = path;
+    this.fieldName = fieldName;
+    this.matchedFragment = matchedFragment;
+  }
+};
+// Value-based PII patterns — catch sensitive data hiding in allowlisted or neutral field names.
+var _EMAIL_RE = /[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/;
+var _IPV4_RE = /\b(?:\d{1,3}\.){3}\d{1,3}\b/;
+var _IPV6_RE = /(?:[0-9a-f]{1,4}:){2,7}[0-9a-f]{0,4}|(?:[0-9a-f]{1,4}:)*:[0-9a-f]{1,4}/i;
+var _JWT_RE = /^eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+$/;
+var _BEARER_RE = /^bearer\s+\S{8,}/i;
+var _PHONE_RE = /(?:\+\d{1,3}[\s\-.]?)?\(?\d{3}\)?[\s\-.]?\d{3}[\s\-.]?\d{4}/;
+function findDeniedValueFragment(val) {
+  if (typeof val !== "string" || val.length < 5) return null;
+  if (_EMAIL_RE.test(val)) return "~email";
+  if (_JWT_RE.test(val)) return "~jwt";
+  if (_BEARER_RE.test(val)) return "~bearer";
+  if (_IPV4_RE.test(val)) return "~ipv4";
+  if (_IPV6_RE.test(val)) return "~ipv6";
+  if (_PHONE_RE.test(val)) return "~phone";
+  return null;
+}
+function normalize(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]/g, "");
+}
+function tokenize(name) {
+  return name.replace(/([a-z0-9])([A-Z])/g, "$1 $2").replace(/([A-Z]+)([A-Z][a-z])/g, "$1 $2").split(/[^a-zA-Z0-9]+/).filter(Boolean).map((t) => t.toLowerCase());
+}
+function isAllowed(normalized) {
+  for (const allowed of ALLOWLIST) {
+    if (normalized === allowed) return true;
+  }
+  return false;
+}
+function findDeniedFragment(name) {
+  const normalized = normalize(name);
+  if (isAllowed(normalized)) return null;
+  const tokens = tokenize(name);
+  for (const denied of PII_DENYLIST) {
+    const d = normalize(denied);
+    if (normalized === d) return denied;
+    for (const t of tokens) {
+      if (t === d) return denied;
+    }
+  }
+  return null;
+}
+function walk(value, path, seen) {
+  if (value === null || value === void 0) return;
+  if (typeof value === "string") {
+    const denied = findDeniedValueFragment(value);
+    if (denied) throw new PIIDetectedError(path, path.split(".").pop() || path, denied);
+    return;
+  }
+  if (typeof value !== "object") return;
+  if (seen.has(value)) return;
+  seen.add(value);
+  if (Array.isArray(value)) {
+    for (let i = 0; i < value.length; i++) {
+      walk(value[i], `${path}[${i}]`, seen);
+    }
+    return;
+  }
+  for (const key of Object.keys(value)) {
+    const matched = findDeniedFragment(key);
+    const childPath = path ? `${path}.${key}` : key;
+    if (matched) throw new PIIDetectedError(childPath, key, matched);
+    walk(value[key], childPath, seen);
+  }
+}
+function assertNoPII(payload) {
+  walk(payload, "", /* @__PURE__ */ new WeakSet());
+}
+function checkNoPII(payload) {
+  try {
+    assertNoPII(payload);
+    return null;
+  } catch (err) {
+    if (err instanceof PIIDetectedError) return err;
+    throw err;
+  }
+}
+
+export {
+  PII_DENYLIST,
+  PIIDetectedError,
+  assertNoPII,
+  checkNoPII
+};

package/dist/index.d.ts

@@ -0,0 +1,34 @@
+export { BoostenPhase, BootKind, PerfEvent, PerfSample, ScreenScoreBreakdown } from './types.js';
+export { PIIDetectedError, PII_DENYLIST, assertNoPII, checkNoPII } from './no-pii.js';
+export { SafeTransmitOptions, safeTransmit } from './transmit.js';
+export { BOOSTEN_CHECKLIST, BoostenChecklistEntry, CHECKLIST_COUNT, CHECKLIST_VERSION, getChecklistEntry, listChecklistIds } from 'boosten-checklist';
+
+/** Indeed-derived mobile thresholds. ~6× stricter than Core Web Vitals. */
+declare const SCORE_THRESHOLDS: {
+    readonly ttff: {
+        readonly good: 300;
+        readonly poor: 800;
+    };
+    readonly tti: {
+        readonly good: 500;
+        readonly poor: 1500;
+    };
+    readonly fid: {
+        readonly good: 50;
+        readonly poor: 150;
+    };
+};
+/** Lighthouse-style weights for the composite score. */
+declare const SCORE_WEIGHTS: {
+    readonly ttff: 0.25;
+    readonly tti: 0.45;
+    readonly fid: 0.3;
+};
+/** Score → rating cutoffs. */
+declare const RATING_CUTOFFS: {
+    readonly good: 85;
+    readonly needsWork: 60;
+};
+declare const RUNTIME_VERSION = "0.1.0-alpha.1";
+
+export { RATING_CUTOFFS, RUNTIME_VERSION, SCORE_THRESHOLDS, SCORE_WEIGHTS };

package/dist/index.js

@@ -0,0 +1,50 @@
+import {
+  safeTransmit
+} from "./chunk-7TGINAZV.js";
+import {
+  PIIDetectedError,
+  PII_DENYLIST,
+  assertNoPII,
+  checkNoPII
+} from "./chunk-VFNN22DR.js";
+import "./chunk-6F4PWJZI.js";
+
+// src/index.ts
+import {
+  BOOSTEN_CHECKLIST,
+  CHECKLIST_COUNT,
+  CHECKLIST_VERSION,
+  getChecklistEntry,
+  listChecklistIds
+} from "boosten-checklist";
+var SCORE_THRESHOLDS = {
+  ttff: { good: 300, poor: 800 },
+  tti: { good: 500, poor: 1500 },
+  fid: { good: 50, poor: 150 }
+};
+var SCORE_WEIGHTS = {
+  ttff: 0.25,
+  tti: 0.45,
+  fid: 0.3
+};
+var RATING_CUTOFFS = {
+  good: 85,
+  needsWork: 60
+};
+var RUNTIME_VERSION = "0.1.0-alpha.1";
+export {
+  BOOSTEN_CHECKLIST,
+  CHECKLIST_COUNT,
+  CHECKLIST_VERSION,
+  PIIDetectedError,
+  PII_DENYLIST,
+  RATING_CUTOFFS,
+  RUNTIME_VERSION,
+  SCORE_THRESHOLDS,
+  SCORE_WEIGHTS,
+  assertNoPII,
+  checkNoPII,
+  getChecklistEntry,
+  listChecklistIds,
+  safeTransmit
+};

package/dist/no-pii.d.ts

@@ -0,0 +1,29 @@
+/** Field-name fragments that are presumed to identify a person, account,
+ *  device-as-identity, location, or secret. Matching is case-insensitive
+ *  and substring-based. */
+declare const PII_DENYLIST: readonly ["email", "mail", "username", "userid", "user_id", "uid", "firstname", "first_name", "lastname", "last_name", "fullname", "full_name", "phone", "mobile", "tel", "ssn", "nationalid", "national_id", "taxid", "tax_id", "dob", "birthdate", "birthday", "password", "passwd", "secret", "apikey", "api_key", "token", "auth", "session", "cookie", "bearer", "jwt", "creditcard", "credit_card", "cardnumber", "card_number", "cvv", "iban", "swift", "routingnumber", "routing_number", "deviceid", "device_id", "advertisingid", "advertising_id", "idfa", "idfv", "macaddress", "mac_address", "imei", "ipaddress", "ip_address", "ip", "ipv4", "ipv6", "useragent", "user_agent", "latitude", "longitude", "lat", "lng", "lon", "geohash", "address", "street", "city", "zipcode", "zip_code", "postalcode", "postal_code", "message", "content", "body", "text", "comment", "note", "value", "input", "query", "search"];
+declare class PIIDetectedError extends Error {
+    readonly path: string;
+    readonly fieldName: string;
+    readonly matchedFragment: string;
+    constructor(path: string, fieldName: string, matchedFragment: string);
+}
+/**
+ * Throws `PIIDetectedError` if `payload` (or any nested object) contains
+ * a field whose name matches a known PII fragment. Call this on every
+ * outgoing PerfSample before transmitting or persisting off-device.
+ *
+ * @example
+ *   const sample: PerfSample = collect();
+ *   assertNoPII(sample);          // throws if a contributor added e.g. `userEmail`
+ *   await fetch(endpoint, { body: JSON.stringify(sample) });
+ */
+declare function assertNoPII(payload: unknown): void;
+/**
+ * Non-throwing variant. Returns null if clean, or the offending error
+ * object if PII was detected. Useful in places where you want to log
+ * and drop the sample rather than crash the host app.
+ */
+declare function checkNoPII(payload: unknown): PIIDetectedError | null;
+
+export { PIIDetectedError, PII_DENYLIST, assertNoPII, checkNoPII };

package/dist/no-pii.js

@@ -0,0 +1,12 @@
+import {
+  PIIDetectedError,
+  PII_DENYLIST,
+  assertNoPII,
+  checkNoPII
+} from "./chunk-VFNN22DR.js";
+export {
+  PIIDetectedError,
+  PII_DENYLIST,
+  assertNoPII,
+  checkNoPII
+};

package/dist/transmit.d.ts

@@ -0,0 +1,24 @@
+interface SafeTransmitOptions {
+    /** Optional fetch implementation (use the default global fetch
+     *  unless your runtime injects a polyfill or test double). */
+    fetchImpl?: typeof fetch;
+    /** Extra HTTP headers (do not include authentication secrets here
+     *  — Boosten's guard does not authorize them; pass via your own
+     *  signed token in `headers` deliberately). */
+    headers?: Record<string, string>;
+    /** Optional AbortSignal for cancellation. */
+    signal?: AbortSignal;
+}
+/**
+ * Send a Boosten payload to a server endpoint, AFTER verifying it
+ * contains no PII-shaped fields. Throws `PIIDetectedError` (from
+ * `./no-pii`) if the payload would leak personal data; the network
+ * call is then NEVER made.
+ *
+ * @example
+ *   import { safeTransmit } from "boosten-runtime";
+ *   await safeTransmit("https://your-endpoint/boosten/ingest", sample);
+ */
+declare function safeTransmit(endpoint: string, payload: unknown, opts?: SafeTransmitOptions): Promise<Response>;
+
+export { type SafeTransmitOptions, safeTransmit };

package/dist/transmit.js

@@ -0,0 +1,7 @@
+import {
+  safeTransmit
+} from "./chunk-7TGINAZV.js";
+import "./chunk-VFNN22DR.js";
+export {
+  safeTransmit
+};

package/dist/types.d.ts

@@ -0,0 +1,39 @@
+export { BoostenChecklistEntry } from 'boosten-checklist';
+
+type BoostenPhase = "mounted" | "afterCommit" | "afterPaint" | "afterIM" | "interactive";
+type BootKind = "cold" | "warm" | "hot" | "first" | "unknown";
+interface PerfEvent {
+    /** Unique screen route name — e.g. "team/[id]". */
+    screen: string;
+    phase: BoostenPhase;
+    /** Monotonic ms since boot (use performance.now() or equivalent). */
+    t: number;
+    /** Optional cause hint — e.g. "press:openProfile". */
+    cause?: string;
+    /** Optional payload (cell counts, image counts, etc.). */
+    meta?: Record<string, number | string | boolean>;
+}
+interface ScreenScoreBreakdown {
+    ttffMs: number | null;
+    ttiMs: number | null;
+    fidMs: number | null;
+    ttffScore: number;
+    ttiScore: number;
+    fidScore: number;
+    composite: number;
+    rating: "good" | "needs-work" | "poor";
+}
+interface PerfSample {
+    /** Anonymous device class — never user-identifying. */
+    appVersion: string;
+    screen: string;
+    ts: number;
+    bootKind: BootKind;
+    score: number;
+    perception?: number;
+    ttiMs?: number;
+    ttffMs?: number;
+    fidMs?: number;
+}
+
+export type { BoostenPhase, BootKind, PerfEvent, PerfSample, ScreenScoreBreakdown };

package/dist/types.js

@@ -0,0 +1 @@
+import "./chunk-6F4PWJZI.js";

package/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "boosten-runtime",
+  "version": "0.1.0-alpha.1",
+  "private": false,
+  "type": "module",
+  "description": "React Native performance runtime: tracker hook, frame sampler, boot ladder, novel detectors, score formula. Zero-config, in-memory by default.",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./types": {
+      "types": "./dist/types.d.ts",
+      "default": "./dist/types.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "peerDependencies": {
+    "react": ">=18",
+    "react-native": ">=0.74"
+  },
+  "peerDependenciesMeta": {
+    "@react-native-async-storage/async-storage": {
+      "optional": true
+    }
+  },
+  "dependencies": {
+    "boosten-checklist": "^0.1.0"
+  },
+  "devDependencies": {
+    "tsup": "^8.5.0"
+  },
+  "keywords": [
+    "react-native",
+    "performance",
+    "monitoring",
+    "boosten",
+    "tti",
+    "ttff"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/boosten/boosten.git",
+    "directory": "lib/boosten-runtime"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts src/types.ts src/no-pii.ts src/transmit.ts --format esm --dts --clean --out-dir dist --tsconfig tsconfig.build.json",
+    "test": "node --test src/no-pii.test.ts src/transmit.test.ts"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bugs": {
+    "url": "https://github.com/boosten/boosten/issues"
+  },
+  "homepage": "https://github.com/boosten/boosten#readme"
+}