pkg-scaffold 1.1.1 → 2.0.0

package/.github/workflows/npm-publish.yml

@@ -0,0 +1,20 @@
+name: Publish to npm
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'latest'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm install
+      - run: npm ci
+      - run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 DreamLong
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,27 +1,107 @@
-# pkg-scaffold
+# 🚀 pkg-scaffold
 
-[![NPM Version](https://img.shields.io/npm/v/pkg-scaffold.svg?style=flat&color=brightgreen&label=version)](https://www.npmjs.com/package/pkg-scaffold)
-[![License](https://img.shields.io/npm/l/pkg-scaffold.svg?style=flat&color=blue)](https://www.npmjs.com/package/pkg-scaffold)
-[![NPM Downloads](https://img.shields.io/npm/dm/pkg-scaffold.svg?style=flat&color=blueviolet)](https://www.npmjs.com/package/pkg-scaffold)
+**Advanced Dependency Intelligence & Zero-Config Workspace Initializer**
 
-`pkg-scaffold` is a zero-config, intelligent **Workspace Genesis Engine**. Instead of forcing you to configure infrastructure *before* writing code, it crawls your raw scratchpads or prototypes, diagnoses the ecosystem, automatically generates structural runtime configurations, repairs unimported statements, provisions legal licenses from remote registries, and runs deep compatibility audits.
+`pkg-scaffold` is a high-performance CLI tool designed to audit, clean, and initialize your JavaScript/TypeScript workspaces. It goes far beyond simple scaffolding by analyzing your source code's Abstract Syntax Tree (AST) to find critical issues like undeclared dependencies, orphaned packages, and security leaks.
+
+
+[![npm version](https://img.shields.io/npm/v/pkg-scaffold.svg?style=for-the-badge&color=CB3837)](https://www.npmjs.com/package/pkg-scaffold)
+[![npm downloads](https://img.shields.io/npm/dm/pkg-scaffold.svg?style=for-the-badge&color=34ADFF)](https://www.npmjs.com/package/pkg-scaffold)
+[![License](https://img.shields.io/badge/license-MIT-orange.svg?style=for-the-badge)](LICENSE)
+[![GitHub stars](https://img.shields.io/github/stars/DreamLongYT/pkg-scaffold.svg?style=for-the-badge&color=gold)](https://github.com/DreamLongYT/pkg-scaffold/stargazers)
 
 ---
 
-## 🚀 Core Features
+## ✨ Why pkg-scaffold?
+
+Most tools just create a `package.json`. `pkg-scaffold` **understands** your code. It bridges the gap between your source files and your configuration.
+
+### 🔍 Deep Intelligence Features
 
-* **Reverse Workspace Generation:** Analyzes your raw source files (`.js`, `.ts`, `.jsx`, `.tsx`) to instantly construct a tailored, valid `package.json`.
-* **Phantom Dependency Remediation:** Detects modules used in code paths (like `fs.` or `axios.`) that were never explicitly imported, and automatically injects the proper `import` or `require` headers.
-* **On-Demand Legal Provisioning:** Connects directly to the GitHub Licenses API to dynamically download, year-stamp, and author-sign standard licenses (`MIT`, `Apache-2.0`, `GPL-3.0`).
-* **Adaptive Code Mirroring:** Learns your codebase formatting preferences (tabs vs. spaces, semicolon termination configurations) and outputs matching `.prettierrc` manifests.
-* **Ecosystem-Aware Setup:** Automatically drops clean `.gitignore` files, standard `tsconfig.json` foundations if TypeScript dominates, and maps test parameters cleanly.
-* **Integrated Deprecation Guard:** Runs an isolated local layer audit to intercept obsolete, abandoned, or heavily bloated imports.
+*   **🚨 Ghost Dependency Detection**: Finds packages you `import` in your code but forgot to add to `package.json`. These are critical errors that will break your CI/CD or production builds.
+*   **🗑️ Orphaned Package Identification**: Finds packages listed in your `package.json` that are never actually used in your code. Perfect for reducing bundle size and "dependency bloat".
+*   **⚡ Unused Import Auditor**: Pinpoints specific files and line numbers where a package is imported but its identifier is never referenced.
+*   **🔐 Security Compliance**: Automatically scans for hardcoded secrets (API keys, tokens, passwords) and offers to move them safely into `.env` files.
+*   **📛 Deprecation Guard**: Live-checks your dependencies against the npm registry to warn you about deprecated or non-existent packages.
+*   **🏗️ Intelligent Scaffolding**: Detects your framework (React, Vue, Svelte, Next.js, etc.) and automatically generates optimized `tsconfig.json`, `eslint.config.js`, `.prettierrc`, and `.gitignore`.
+*   **📦 Monorepo Ready**: Automatically detects sub-workspaces and offers to set up `pnpm-workspace.yaml` or npm/yarn workspaces.
 
 ---
 
-## 📦 Installation & Immediate Usage
+## 🚀 Quick Start
 
-You do not even need to install it locally to weaponize a folder. Simply open your terminal in any directory of raw source code files and run:
+You don't even need to install it to try it out:
 
 ```bash
-npx pkg-scaffold
+npx pkg-scaffold
+```
+
+Or install it globally:
+
+```bash
+npm install -g pkg-scaffold
+# then run
+pkg-scaffold
+```
+
+---
+
+## 🛠️ How it works
+
+### 1. The Scan
+`pkg-scaffold` crawls your workspace, ignoring `node_modules` and build artifacts. It parses every `.js`, `.ts`, `.jsx`, and `.tsx` file using a high-performance AST engine.
+
+### 2. The Analysis
+It maps your imports against your `package.json`. It knows about:
+*   **Aliases**: Understands that `lodash` is often imported as `_`.
+*   **Binaries**: Knows that `tsc` comes from `typescript` and `vite` from `vite`.
+*   **Type-only imports**: Correctly handles TypeScript `import type` without flagging them as unused.
+*   **Side-effects**: Detects `import 'css-file'` or polyfills correctly.
+
+### 3. The Fix
+The tool is interactive. It will ask you before:
+*   Adding missing (ghost) dependencies.
+*   Pruning unused (orphaned) packages.
+*   Injecting `dotenv` initialization.
+*   Moving secrets to `.env`.
+
+---
+
+## 📊 Summary Report
+At the end of every run, you get a clear intelligence summary:
+
+```text
+═══════════════════════════════════════════════════════════════════
+📊 DEPENDENCY INTELLIGENCE SUMMARY
+═══════════════════════════════════════════════════════════════════
+   📁 Files scanned:           42
+   📦 Packages imported:        18
+   🚨 Ghost deps (missing):     2 — CRITICAL
+   🗑️  Orphaned deps (unused):   3
+   ⚡ Unused imports:           5
+   📛 Deprecated packages:      1
+   🔐 Hardcoded secrets:        1 — SECURITY RISK
+═══════════════════════════════════════════════════════════════════
+```
+
+---
+
+## 🤝 Contributing
+
+Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+
+1. Fork the Project
+2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the Branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+---
+
+## 📄 License
+
+Distributed under the MIT License. See `LICENSE` for more information.
+
+---
+
+**Built with ❤️ by [DreamLongYT](https://github.com/DreamLongYT)**