npm - claudex-setup - Versions diffs - 1.4.0 → 1.6.0 - Mend

claudex-setup 1.4.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claudex-setup",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "Audit and optimize any project for Claude Code. Powered by 1107 verified techniques.",
   "main": "src/index.js",
   "bin": {

package/src/setup.js CHANGED Viewed

@@ -95,6 +95,17 @@ function detectDependencies(ctx) {
     guidelines.push('- Use Playwright for E2E tests. Keep tests in tests/ or e2e/');
   }
+  // Testing tools
+  if (allDeps['msw']) {
+    guidelines.push('- Use MSW (Mock Service Worker) for API mocking in tests. Define handlers in __mocks__/');
+  }
+  if (allDeps['@testing-library/react']) {
+    guidelines.push('- Use Testing Library for component tests. Prefer userEvent over fireEvent, query by role/label');
+  }
+  if (allDeps['@vitest/coverage-v8'] || allDeps['@vitest/coverage-istanbul']) {
+    guidelines.push('- Coverage configured. Maintain coverage thresholds. Check reports before merging');
+  }
   // tRPC
   if (allDeps['@trpc/server'] || allDeps['@trpc/client']) {
     guidelines.push('- Use tRPC for type-safe API calls. Define routers in server, use client hooks in components');
@@ -197,6 +208,39 @@ function detectDependencies(ctx) {
     guidelines.push('- AWS CDK available. Define stacks in lib/, constructs as separate classes');
   }
+  // Security middleware
+  if (allDeps['express-rate-limit']) {
+    guidelines.push('- Rate limiting configured. Apply to auth endpoints. Set appropriate windowMs and max values');
+  }
+  if (allDeps['hpp']) {
+    guidelines.push('- HPP (HTTP Parameter Pollution) protection enabled');
+  }
+  if (allDeps['csurf']) {
+    guidelines.push('- CSRF protection enabled. Ensure tokens are included in all state-changing requests');
+  }
+  // AWS Lambda
+  if (allDeps['@aws-sdk/client-lambda'] || allDeps['@aws-cdk/aws-lambda'] || allDeps['aws-cdk-lib']) {
+    guidelines.push('- Lambda handlers: keep cold start fast, use layers for deps, set appropriate memory/timeout');
+  }
+  // Deprecated dependency warnings
+  if (allDeps['moment']) {
+    guidelines.push('- ⚠️ moment.js is deprecated and heavy (330KB). Migrate to date-fns or dayjs');
+  }
+  if (allDeps['request']) {
+    guidelines.push('- ⚠️ request is deprecated. Use fetch (native) or axios instead');
+  }
+  if (allDeps['lodash'] && !allDeps['lodash-es']) {
+    guidelines.push('- Consider replacing lodash with native JS methods or lodash-es for tree-shaking');
+  }
+  if (allDeps['node-sass']) {
+    guidelines.push('- ⚠️ node-sass is deprecated. Migrate to sass (dart-sass)');
+  }
+  if (allDeps['tslint']) {
+    guidelines.push('- ⚠️ TSLint is deprecated. Migrate to ESLint with @typescript-eslint');
+  }
   return guidelines;
 }
@@ -371,7 +415,14 @@ function getFrameworkInstructions(stacks) {
 - Prefer Server Components by default; add 'use client' only when needed
 - Use next/image for images, next/link for navigation
 - API routes go in app/api/ (App Router) or pages/api/ (Pages Router)
-- Use loading.tsx, error.tsx, and not-found.tsx for route-level UX`);
+- Use loading.tsx, error.tsx, and not-found.tsx for route-level UX
+### Next.js App Router
+- Default to Server Components. Add 'use client' only when needed (hooks, events, browser APIs)
+- Use Server Actions for mutations. Validate with Zod, call revalidatePath after writes
+- Route handlers in app/api/ export named functions: GET, POST, PUT, DELETE
+- Use loading.tsx, error.tsx, not-found.tsx for route-level UI states
+- Middleware in middleware.ts for auth checks, redirects, headers`);
   } else if (stackKeys.includes('react')) {
     sections.push(`### React
 - Use functional components with hooks exclusively
@@ -444,7 +495,26 @@ function getFrameworkInstructions(stacks) {
 - Handle all errors explicitly — never ignore err returns
 - Use context.Context for cancellation and timeouts
 - Prefer table-driven tests
-- Run \`go vet\` and \`golangci-lint\` before committing`);
+- Run \`go vet\` and \`golangci-lint\` before committing
+- If using gRPC: define .proto files in proto/ or pkg/proto, generate with protoc
+- If Makefile exists: use make targets for build/test/lint
+- Organize: cmd/ for entry points, internal/ for private packages, pkg/ for public`);
+  }
+  if (stackKeys.includes('cpp')) {
+    sections.push(`### C++
+- Follow project coding standards (check .clang-format if present)
+- Use smart pointers (unique_ptr, shared_ptr) over raw pointers
+- Run clang-tidy for static analysis
+- Prefer const references for function parameters
+- Use CMake targets, not raw compiler flags`);
+  }
+  if (stackKeys.includes('bazel')) {
+    sections.push(`### Bazel
+- Define BUILD files per package. Keep targets focused
+- Use visibility carefully — prefer package-private
+- Run buildifier for formatting`);
   }
   if (stackKeys.includes('terraform')) {
@@ -453,7 +523,10 @@ function getFrameworkInstructions(stacks) {
 - Always run \`terraform plan\` before \`terraform apply\`
 - Store state remotely (S3 + DynamoDB, or Terraform Cloud)
 - Use variables.tf for all configurable values
-- Tag all resources consistently`);
+- Tag all resources consistently
+- If using Helm: define charts in charts/ or helm/, use values.yaml for config
+- Lock providers: always commit .terraform.lock.hcl
+- Use terraform fmt before committing`);
   }
   const hasJS = stackKeys.some(k => ['react', 'vue', 'angular', 'nextjs', 'node', 'svelte'].includes(k));
@@ -523,10 +596,24 @@ npm run lint         # or: npx eslint .`;
     // --- Framework-specific instructions ---
     const frameworkInstructions = getFrameworkInstructions(stacks);
-    const stackSection = frameworkInstructions
+    let stackSection = frameworkInstructions
       ? `\n## Stack-Specific Guidelines\n\n${frameworkInstructions}\n`
       : '';
+    // Check for security-focused project
+    const pkg2 = ctx.jsonFile('package.json') || {};
+    const allDeps2 = { ...(pkg2.dependencies || {}), ...(pkg2.devDependencies || {}) };
+    const hasSecurityDeps = allDeps2['helmet'] || allDeps2['jsonwebtoken'] || allDeps2['bcrypt'] || allDeps2['passport'];
+    if (hasSecurityDeps) {
+      stackSection += '\n### Security Best Practices\n';
+      stackSection += '- Follow OWASP Top 10 — run /security-review regularly\n';
+      stackSection += '- Never log sensitive data (passwords, tokens, PII)\n';
+      stackSection += '- Use parameterized queries — never string concatenation for SQL\n';
+      stackSection += '- Set security headers via Helmet. Review CSP policy for your frontend\n';
+      stackSection += '- Rate limit all authentication endpoints\n';
+      stackSection += '- Validate and sanitize all user input at API boundaries\n';
+    }
     // --- TypeScript-specific additions ---
     let tsSection = '';
     if (hasTS) {

package/src/techniques.js CHANGED Viewed

@@ -955,6 +955,8 @@ const STACKS = {
   swift: { files: ['Package.swift'], content: {}, label: 'Swift' },
   terraform: { files: ['main.tf', 'terraform'], content: {}, label: 'Terraform' },
   kubernetes: { files: ['k8s', 'kubernetes', 'helm'], content: {}, label: 'Kubernetes' },
+  cpp: { files: ['CMakeLists.txt', 'Makefile', '.clang-format'], content: {}, label: 'C++' },
+  bazel: { files: ['BUILD', 'WORKSPACE', 'BUILD.bazel', 'WORKSPACE.bazel'], content: {}, label: 'Bazel' },
 };
 module.exports = { TECHNIQUES, STACKS };