ripcord
project scaffolding, opinion enforcer, and build tooling!
install
npm install --save-dev ripcord
what
what does ripcord
really do?
- :rocket: deploys a set of rules into your project, on request.
- what are rules? they are all sorts of things. business rules, scripts, or even depedencies!
- see counsel for more. ripcord uses counsel to apply scaffolding and enforcement.
- :lock: enforces those rules, on request.
- :memo: exposes tooling for report generation! depencency reports, license reports and checking are included.
what rules & opinions does ripcord apply? see module.exports.rules, or the below rules section for a high level summarization.
usage
here are some hypothetical use cases:
- to install
ripcord
rules into to your project, simply install it or update it into your project! - to manually apply rules, run
ripcord counsel apply
- to check if ripcord's rules are honored, run
ripcord counsel check
- to generate a depedency report, run
ripcord report [-o /path/to/report]
pro tip: if you install ripcord globally ([sudo] npm i -g ripcord
) and have ripcord
installed locally, you can simply run ripcord [cmd]
in your project. ripcord
will detect a local copy and run that version. rad+!
what else can it do?
[node_modules/.bin/]ripcord --help
api docs found here
does ripcord dogfood itself?
absolutely. :tada:
applied rules
general package validation (on pre-commit)
npm ls
- validate package declaration matches actual package contentripcord counsel check
- enforce all rules below that implement acheck
method
security check (on pre-commit)
nsp check
- check pkg deps for vulns
linting
standard
test and coverage
- enforces
test
task defined. prefers wrapping tests withnyc
pacakge - encourages coverage enforcement on common metrics @90%
- enforces
user docs
- mandates
README.md
- mandates
api docs (onpublish)
- generate JSDoc pages, themed, published to
gh-pages
- generate JSDoc pages, themed, published to
package publish behavior
- apply version bumping using npm and git tooling
- no manual version number bumping
- use git tags/releases
- e.g.
npm run publish-patch
- apply version bumping using npm and git tooling
license validation (on pre-commit)
- assert licenses are approved! does not guarantee you've been given permission to use them :)
- configuration:
"ripcord": { "devOnly": true }
waives license accountability. if your package is for development only, you certify that it will never ship in production
pre-commit actions
- summarization of the above
- on pre-commit:
['validate', 'lint', 'test', 'check-coverage', 'check-licenses', 'secure']
})
rules can be ignored or overridden per the counsel-rule docs.
tooling
dependency reporting
generate dependency report. operates in two modes:
- node/npm project mode
- uses your
package.json
depedencies & devDependencies as sole source of external depedencies
- uses your
- ui build (e.g. webpack build)
- uses ui build compiler output as declaration of which
dependencies
are used, and uses remainingdevDependencies
as source of external devDependencies - see
ripcord report --help
for more info
- uses ui build compiler output as declaration of which
rule application and checking
deploy or check project conventions via counsel. counsel <apply|check>
license checking
check or dump (output) project licenses. only outputs licenses for dependencies
not devDependencies
by default.
licenses [options] <check|dump>
npm repo package syncning
sync packages from npm repo to repo. current implementation assumes artifactory API present to successfully copy!
ripcord sync-packages --help
considerations
development
- this project uses Microsoft TypeScript. if you are editing
.ts
, be mindful that they must be compiled. simply runningtsc --watch
ornode_modules/.bin/tsc --watch
will fire off the compiler and auto-watch the ts files. fear not, the compiled files include source maps, so you can debug the TypeScript content naturally. - if you do not have editor preference, it is recommended to use
VSCode
. this package bundles some helpful workspace settings:- easy debug using the pre-defined launch tasks
- debug using the built source maps
- hide .js and .map files from the source tree.
yarn compatibility
this modules digs deep into your node_modules
. hence, consistent structure and content are imperative for reporting and license features to work. consequently, we recommend only officially using npm, at least for builds.
logo
todo
- ui build support for license checking