speexjs-core 0.7.0

package/CHANGELOG.md

@@ -0,0 +1,117 @@
+# Changelog
+
+## [0.4.4] - 2026-06-28
+
+### Diubah
+- Semua markdown file dipindah ke packages/core/ dan include di npm package
+- `files` di package.json: nambah `"*.md"` biar dokumentasi ikut ter-publish
+
+## [0.4.3] - 2026-06-28
+
+### Diubah
+- Markdown file dipindah dari root ke packages/core/
+
+## [0.4.2] - 2026-06-28
+
+### Ditambahkan
+- **validation** — `parseNIK()` extract data dari NIK (gender, provinsi, tanggal lahir)
+- **validation** — `isPlatNomor()` validasi plat kendaraan Indonesia (B 1234 CD)
+- **validation** — `isKodepos()` validasi kode pos Indonesia (5 digit)
+- **validation** — `isNoRekening()` validasi nomor rekening bank (8-16 digit)
+- 828 total tests (19 test files)
+
+## [0.4.1] - 2026-06-28
+
+### Diubah
+- Semua dokumentasi pake Bahasa Indonesia
+- Description npm: fokus ke developer Indonesia
+
+## [0.4.0] - 2026-06-28
+
+### Ditambahkan
+- **color module** — `hexToRgb()`, `rgbToHex()`, `lighten()`, `darken()`, `contrastRatio()`, `meetsWCAG()`
+- **core** — `deepEqual()` (deep equality), `pipe()`, `compose()` (function composition)
+- **string** — `formatBytes()`, `randomString()`, `randomBoolean()`, `pluralize()`
+- **collection** — `deepGet()`, `deepSet()` (nested object path access)
+- 810 total tests (18 test files)
+
+### Diubah
+- Semua dokumentasi pake Bahasa Indonesia
+
+## [0.3.9] - 2026-06-28
+
+### Diubah
+- README pake Bahasa Inggris (dulu Indonesia)
+- Description npm diupdate
+
+## [0.3.6] - 2026-06-28
+
+### Diubah
+- 810 total tests (dari 484) — nambah brutal audit suite 273 edge-case tests
+- SUMMARY.md dibuat — dokumentasi fitur lengkap semua module
+
+### Dibenerin
+- 6 bug ditemukan pas brutal audit
+- Semua prototype pollution, ReDoS, crypto tests terverifikasi
+
+## [0.3.5] - 2026-06-28
+
+### Ditambahkan (Ekspansi P1)
+- **async**: Queue (priority task queue), Semaphore, memoizeAsync (stale-while-revalidate)
+- **math**: median, stddev, sampleStddev, percentile, correlation, formatCurrency
+- **string**: levenshtein, fuzzyMatch, maskString (PDPA compliance), terbilang (angka→kata), formatRupiah
+- **collection**: topoSort (Kahn's algorithm), slidingWindows, tumblingWindows
+- **date**: timeAgo (id/en), timeRemaining, Duration, formatDuration, toTimezone, formatInTimezone, WIB/WITA/WIT constants
+
+## [0.3.4] - 2026-06-28
+
+### Ditambahkan (Modul P0)
+- **validation**: isNIK, isNPWP, isPhone, isEmail, isURL — validasi khusus Indonesia
+- **error**: createError, TypedError (10 codes + HTTP status), MultiError, collectErrors
+- **logger**: Logger class, child loggers, console/JSON/file transports, buffered transport
+- 16 modules total, 484 tests passing
+
+## [0.3.3] - 2026-06-28
+
+### Dibenerin
+- `round(1.005, 2)` floating-point bug
+- `parseDate('29/02/2023')` gak throw buat invalid leap year
+- Nambah `sideEffects: false` buat tree-shaking optimal
+
+## [0.3.2] - 2026-06-28
+
+### Ditambahkan
+- Biome linter + formatter config
+- CI workflow dengan matrix testing (Node 18, 20, 22)
+- SECURITY.md buat vulnerability disclosure
+- CHANGELOG.md
+
+### Dibenerin
+- Cross-platform `clean` script
+- GitHub Actions: dep-exray-scan pake speedx-core
+- Hapus keyword "zero-dependency" yang misleading
+
+## [0.3.0] - 2026-06-27
+
+### Diubah
+- `speedx-dep-exray` digabung ke `speedx-core` jadi module built-in
+- Satu package: `npm install speedx-core` dapet semua
+- 7 npm packages di-unpublish/deprecate
+
+### Ditambahkan
+- `dep-exray` module: scanProject, analyzeUsage, generateReport
+- CLI: `npx dep-exray .`
+
+## [0.2.0] - 2026-06-27
+
+### Ditambahkan
+- crypto module: hash, randomHex, base64, generateToken, generateOTP
+- path module: join, resolve, basename, dirname, extname
+
+## [0.1.0] - 2026-06-27
+
+### Ditambahkan
+- Initial release
+- core, math, date, collection, string, async, io, type modules
+- 100+ utility functions
+- Full TypeScript strict mode

package/CONTRIBUTING.md

@@ -0,0 +1,55 @@
+# Kontribusi ke speedx-core
+
+## Setup Development
+
+```bash
+cd packages/core
+npm install
+npx tsup
+npx vitest run
+```
+
+## Cara Nambah Fungsi Baru
+
+1. Tambah fungsi di module yang sesuai `packages/core/src/<module>/`
+2. Export dari `index.ts` module tersebut
+3. Tambah test di `packages/core/tests/`
+4. Jalankan `npx vitest run` (828 tests harus passing)
+5. Jalankan `npx tsup` biar build sukses
+6. Update `SUMMARY.md` sama `README.md`
+
+## Module yang Tersedia
+
+| Module | Lokasi |
+|--------|--------|
+| core | `src/core/` |
+| math | `src/math/` |
+| date | `src/date/` |
+| collection | `src/collection/` |
+| string | `src/string/` |
+| async | `src/async/` |
+| io | `src/io/` |
+| type | `src/type/` |
+| crypto | `src/crypto/` |
+| path | `src/path/` |
+| color | `src/color/` |
+| validation | `src/validation/` |
+| error | `src/error/` |
+| logger | `src/logger/` |
+| dep-exray | `src/dep-exray/` |
+
+## Aturan Commit
+
+Pake [Conventional Commits](https://www.conventionalcommits.org/):
+
+```
+feat(core): nambah deepMerge function
+fix(math): benerin floating point rounding
+docs: update README
+```
+
+## Pull Request
+
+1. Bikin branch dari `master`
+2. Pastikan `npx tsup && npx vitest run` lolos
+3. Buka PR ke `master` dengan judul dan deskripsi jelas

package/PUBLISH.md

@@ -0,0 +1,45 @@
+# Panduan Publishing
+
+## Prasyarat
+
+```bash
+npm login
+```
+
+## Cara Publish speedx-core
+
+```bash
+cd packages/core
+
+# 1. Build
+npx tsup
+
+# 2. Test (828 tests)
+npx vitest run
+
+# 3. Bump version
+npm version patch
+# atau: npm version minor
+# atau: npm version major
+
+# 4. Build ulang setelah version bump
+npx tsup
+
+# 5. Publish ke npm
+npm publish
+
+# 6. Commit dan push ke GitHub
+cd ../..
+git add -A
+git commit -m "chore: bump ke v$(node -p \"require('./packages/core/package.json').version\")"
+git push origin master
+```
+
+## Checklist Sebelum Publish
+
+- [ ] `npx tsup` — build sukses
+- [ ] `npx vitest run` — 828 tests pass
+- [ ] `npm login` — udah login
+- [ ] Changelog udah diupdate
+- [ ] README udah sesuai
+- [ ] Git commit — semua perubahan ter-commit

package/README.md

@@ -0,0 +1,174 @@
+# speedx-core
+
+> **JavaScript toolkit all-in-one buat developer Indonesia — Standard Library + Dependency Scanner + 🇮🇩 Validasi NIK/NPWP/Phone + Logger + Typed Errors**
+
+```bash
+npm install speedx-core
+```
+
+Satu package buat semua kebutuhan JavaScript lo: utility functions, async helpers, crypto, path manipulation, typed errors, structured logging, **plus** dependency health scanner dan validasi data Indonesia (NIK, NPWP, Phone).
+
+**100% buat programmer Indonesia. Zero dependency runtime.**
+
+---
+
+## Fitur Unggulan 🇮🇩
+
+| Fitur | Fungsi |
+|-------|--------|
+| **Validasi NIK** | `isNIK('3201010203940001')` — validasi 16 digit + tanggal lahir |
+| **Parse NIK** | `parseNIK('320101...')` — extract gender, provinsi, tanggal lahir |
+| **Validasi NPWP** | `isNPWP('12.345.678.9-012.344')` — dengan checksum otomatis |
+| **Validasi Plat Nomor** | `isPlatNomor('B 1234 CD')` — validasi plat kendaraan |
+| **Validasi Nomor HP** | `isPhone('08123456789')` — support semua prefix Indonesia |
+| **Validasi Kode Pos** | `isKodepos('16110')` — validasi kode pos 5 digit |
+| **Validasi No. Rekening** | `isNoRekening('1234567890')` — validasi 8-16 digit |
+| **Terbilang** | `terbilang(1500000)` → "satu juta lima ratus ribu" |
+| **Format Rupiah** | `formatRupiah(1500000)` → "Rp1.500.000" |
+| **Format Waktu** | `timeAgo(new Date(...))` → "5 detik yang lalu" |
+| **Timezone WIB/WITA/WIT** | `formatInTimezone(date, 'HH', TIMEZONE_WIB)` → "07" |
+| **Dependency Scanner** | `npx dep-exray .` — scan project lo |
+
+---
+
+## 16 Modules
+
+| Module | Fungsi Unggulan |
+|--------|----------------|
+| **core** | deepClone, deepMerge, debounce, deepEqual, pipe, throttle, memoize |
+| **math** | add/sub/mul/div (safe float), median, stddev, percentile, formatCurrency |
+| **date** | formatDate, timeAgo, Duration, timezone helpers (WIB/WITA/WIT) |
+| **collection** | sortBy, groupBy, shuffle, topoSort, slidingWindows, deepGet, deepSet |
+| **string** | camelCase, uuid, nanoid, slugify, **terbilang**, **formatRupiah**, maskString, formatBytes |
+| **async** | sleep, parallelMap, Queue, Semaphore, memoizeAsync, retryAsync |
+| **io** | parseCsv, stringifyCsv, safeJsonParse, env |
+| **type** | 20+ type guards (isString, isNil, assertDefined, getType) |
+| **crypto** | hash, base64, generateToken, generateOTP, constantTimeEqual |
+| **path** | join, resolve, basename, dirname, extname, normalize |
+| **color** | hexToRgb, rgbToHex, lighten, darken, contrastRatio, meetsWCAG |
+| **validation** | **isNIK**, **parseNIK**, **isNPWP**, **isPlatNomor**, **isPhone**, **isKodepos**, **isNoRekening**, isEmail, isURL |
+| **error** | createError (typed + HTTP status), TypedError, MultiError |
+| **logger** | Logger class, child loggers, console/JSON/file transports |
+| **dep-exray** | scanProject, generateReport, analyzeUsage, CLI: `npx dep-exray .` |
+
+---
+
+## Contoh Kode
+
+```typescript
+import { deepClone } from "speedx-core"
+import { formatDate, timeAgo, TIMEZONE_WIB } from "speedx-core/date"
+import { Queue } from "speedx-core/async"
+import { uuid, maskString, terbilang, formatRupiah, formatBytes } from "speedx-core/string"
+import { isNIK, isNPWP, isPhone } from "speedx-core/validation"
+import { createError } from "speedx-core/error"
+import { Logger } from "speedx-core/logger"
+import { hexToRgb, contrastRatio } from "speedx-core/color"
+
+// Validasi data Indonesia
+isNIK("3201010203940001")     // true
+isNPWP("12.345.678.9-012.344") // true
+isPhone("08123456789")        // true
+
+// Konversi angka ke kata
+terbilang(1500000)  // "satu juta lima ratus ribu"
+formatRupiah(1500000)  // "Rp1.500.000"
+
+// Relative time
+timeAgo(new Date(Date.now() - 5000)) // "5 detik yang lalu"
+
+// Mask data sensitif (PDPA compliance)
+maskString("08123456789") // "081*****789"
+
+// Format file size
+formatBytes(1048576) // "1 MB"
+
+// Color utilities
+hexToRgb("#ff0000") // { r: 255, g: 0, b: 0 }
+contrastRatio("#000000", "#ffffff") // 21
+
+// Typed errors
+throw createError("VALIDATION_ERROR", "Email wajib diisi")
+
+// Structured logger
+const log = new Logger({ level: "info", name: "app" })
+log.info("Server started", { port: 3000 })
+```
+
+---
+
+## dep-exray — Dependency Health Scanner
+
+**Scan project lo buat nemuin dependency yang gak kepake, bloated, atau punya CVE.**
+
+```bash
+npx dep-exray .
+npx dep-exray /path/to/project --json --verbose
+```
+
+### Fitur
+- Deteksi replacement: lodash → speedx-core, moment → speedx-core/date, uuid → native crypto.randomUUID()
+- Estimasi ukuran dependency
+- CVE detection
+- JSON output untuk CI/CD
+- Usage analyzer
+
+---
+
+## Quick Start
+
+```bash
+git clone https://github.com/superdevids/speedx.git
+cd speedx/packages/core
+npm install
+npx tsup              # Build
+npx vitest run        # Test (828 tests)
+npx dep-exray .       # Scan project sendiri
+```
+
+---
+
+## Statistik Test
+
+| File Tes | Jumlah |
+|----------|--------|
+| 19 file | **828** passing ✅ |
+
+---
+
+## Struktur Project
+
+```
+packages/core/
+├── src/
+│   ├── core/          # deepClone, debounce, deepEqual, pipe
+│   ├── math/          # add, median, stddev, formatCurrency
+│   ├── date/          # formatDate, timeAgo, Duration, WIB/WITA/WIT
+│   ├── collection/    # groupBy, topoSort, deepGet, deepSet
+│   ├── string/        # camelCase, terbilang, formatRupiah
+│   ├── async/         # sleep, Queue, Semaphore, memoizeAsync
+│   ├── io/            # parseCsv, safeJsonParse, env
+│   ├── type/          # 20+ type guards
+│   ├── crypto/        # hash, generateToken, base64
+│   ├── path/          # join, resolve, basename
+│   ├── color/         # hexToRgb, lighten, darken, contrastRatio
+│   ├── validation/    # isNIK, parseNIK, isNPWP, isPlatNomor, isPhone, isKodepos, isNoRekening, isEmail, isURL
+│   ├── error/         # createError, TypedError, MultiError
+│   ├── logger/        # Logger, transports
+│   └── dep-exray/     # Dependency scanner
+├── tests/             # 828 tests
+├── dist/              # Hasil build
+└── package.json
+```
+
+---
+
+## Roadmap
+
+Lihat [ROADMAP.md](./ROADMAP.md) untuk detail lengkap.
+
+---
+
+## License
+
+MIT

package/ROADMAP.md

@@ -0,0 +1,72 @@
+# Roadmap SpeedX Core
+
+## v0.4.0 — Modul Indonesia & Error Foundation ✅ (Selesai)
+
+### Modul Baru
+- ✅ **validation** — `isNIK()`, `parseNIK()`, `isNPWP()`, `isPlatNomor()`, `isPhone("id")`, `isKodepos()`, `isNoRekening()`, `isEmail()`, `isURL()` — zero-dep, khusus Indonesia
+- ✅ **error** — `createError()` factory, `MultiError`, typed error codes
+- ✅ **logger** — Structured logger zero-dep, child loggers, file transport
+- ✅ **color** — `hexToRgb()`, `lighten()`, `darken()`, `contrastRatio()`, `meetsWCAG()`
+
+### Ekspansi Modul Existing
+- ✅ **core** — `deepEqual()`, `pipe()`, `compose()`
+- ✅ **string** — `maskString()`, `levenshtein()`, `fuzzyMatch()`, `terbilang()`, `formatRupiah()`, `formatBytes()`, `pluralize()`
+- ✅ **math** — `median()`, `stddev()`, `percentile()`, `correlation()`, `formatCurrency()`
+- ✅ **async** — `Queue()`, `Semaphore`, `memoizeAsync()`
+- ✅ **collection** — `topoSort()` (Kahn), `slidingWindows()`, `deepGet()`, `deepSet()`
+- ✅ **date** — `timeAgo()`, `Duration`, `formatDuration()`, `toTimezone()`, WIB/WITA/WIT
+
+---
+
+## v0.5.0 — Production Toolkit (Next)
+
+### Ekspansi
+- **validation** — Tambah `isEmail()` detail check, `isURL()` lebih ketat
+- **io** — `parseJSONL()`, streaming CSV parser
+- **crypto** — AES-GCM encrypt/decrypt, HMAC signing, hapus xorCipher
+
+### Infrastructure
+- TypeDoc generated API docs (biar gampang referensi)
+- Benchmark suite vs lodash/moment
+- VS Code Extension publish ke Marketplace
+
+---
+
+## v0.6.0 — Advanced
+
+### Modul Baru
+- **signal** — Reactive primitives: `signal()`, `computed()`, `effect()` — framework-agnostic
+- **ml** — `cosineSimilarity()`, confusion matrix, F1 score, k-means clustering
+
+### Ekspansi
+- **crypto** — JWT lite buat edge runtime
+- **type** — Schema validation lite
+
+---
+
+## v1.0.0 — Stable API
+
+- API freeze — no breaking changes setelah v1.0
+- Dependabot + Renovate configured
+- Co-maintainer onboarding
+
+---
+
+## Prioritas Matrix
+
+| Item | Impact | Effort | Priority |
+|------|--------|--------|----------|
+| validation module (isNIK, isNPWP, isPhone) | 🔥🔥🔥 | 🟢 Small | ✅ P0 |
+| error module | 🔥🔥🔥 | 🟢 Small | ✅ P0 |
+| logger module | 🔥🔥🔥 | 🟢 Small | ✅ P0 |
+| color module | 🔥🔥 | 🟢 Small | ✅ P0 |
+| string: terbilang, formatRupiah, maskString | 🔥🔥🔥 | 🟢 Small | ✅ P0 |
+| math: median, stddev, percentile | 🔥🔥 | 🟢 Small | ✅ P1 |
+| async: Queue, Semaphore | 🔥🔥 | 🟡 Medium | ✅ P1 |
+| core: pipe, compose, deepEqual | 🔥🔥🔥 | 🟡 Medium | ✅ P1 |
+| collection: topoSort, deepGet, deepSet | 🔥🔥 | 🟡 Medium | ✅ P1 |
+| date: timeAgo, Duration, tz helpers | 🔥🔥 | 🟡 Medium | ✅ P1 |
+| io: JSONL parser, streaming CSV | 🔥🔥 | 🟡 Medium | P2 |
+| crypto: AES-GCM, HMAC, JWT | 🔥🔥🔥 | 🔴 Large | P2 |
+| signal module | 🔥🔥 | 🔴 Large | P2 |
+| ml module | 🔥🔥 | 🔴 Large | P3 |

package/SECURITY.md

@@ -0,0 +1,35 @@
+# Kebijakan Keamanan
+
+## Melaporkan Kerentanan
+
+Kalau lo nemu celah keamanan di speedx-core, lapor lewat email: adityasuperdev@gmail.com
+
+**JANGAN bikin GitHub issue publik untuk kerentanan keamanan.**
+
+Lo bakal dapet respon dalam 48 jam. Kalo belum ada kabar, follow-up lewat email.
+
+## Yang Perlu Disertakan
+
+- Deskripsi kerentanan
+- Langkah-langkah reproduksi
+- Versi yang terpengaruh
+- Dampak potensial
+- Saran perbaikan (kalo ada)
+
+## Ruang Lingkup
+
+- Package npm speedx-core
+- CLI tool dep-exray
+- GitHub Actions workflows
+
+## Di Luar Ruang Lingkup
+
+- Fungsi `xorCipher` di module crypto **SENG A JA BUKAN untuk keamanan**. Itu cuma XOR obfuscation sederhana buat masking data ringan. Jangan pake buat enkripsi data sensitif.
+
+## Kebijakan Disclosure
+
+Begitu kerentanan dikonfirmasi:
+1. Kita bakal kerjain fix
+2. Security advisory bakal dipublish di GitHub
+3. Versi yang udh di-patch bakal dirilis ke npm
+4. Kredit bakal dikasih ke pelapor (kalo mau)