JSPM

@geenius/release-toolkit

0.10.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 15
  • Score
    100M100P100Q61880F
  • License FSL-1.1-Apache-2.0

Centralized, opt-out-able release toolkit for every Geenius package and boilerplate. One canonical CLI (geenius-release) replaces the per-package supply-chain / license / SBOM / smoke-packed / gauntlet scripts.

Package Exports

  • @geenius/release-toolkit

Readme

@geenius/release-toolkit

Canonical release toolkit for every Geenius package and boilerplate. One CLI (geenius-release) replaces the per-package supply-chain / license / SBOM / smoke-packed / gauntlet scripts that previously lived as 26–36 hand-copied duplicates.

Dev-only. Add to devDependencies; never appears in your runtime bundle.

pnpm add -D @geenius/release-toolkit

Quick start

Wire the canonical scripts into your package.json:

{
  "scripts": {
    "audit:supply-chain": "geenius-release supply-chain",
    "audit:license":      "geenius-release license",
    "audit:sbom":         "geenius-release sbom",
    "test:smoke-packed":  "geenius-release smoke-packed",
    "test:gauntlet":      "geenius-release gauntlet"
  }
}

No config file required — the toolkit ships ecosystem-sensible defaults. Add release-toolkit.config.json next to package.json to override.

Subcommands (v0.1)

Subcommand Replaces Description
supply-chain 26 per-package scripts pnpm audit + osv-scanner + Socket + license, all required/optional configurable
license 36 copies of license-check.mjs Forbidden-license scan over installed deps
sbom 36 copies of sbom.mjs CycloneDX 1.5 JSON SBOM (optional SPDX via syft)
smoke-packed 36 copies of smoke-packed-imports.mjs Pack, install, dynamic-import every subpath in package.json:exports
gauntlet The &&-chained pnpm test:gauntlet macro Compose the configured step sequence into one structured report

v0.2 adds coverage-report, diff-coverage, mutation-report, a11y-report, size-check. v0.3 adds storybook, publint, attw, perf-smoke.

Opting out of Socket

Socket requires a free account. To opt out:

{
  "supplyChain": {
    "scanners": { "socket": { "required": false } }
  }
}

required: false is the default for every boilerplate. Internal @geenius/* packages opt-in to strict mode in CI via SOCKET_API_TOKEN. Env override for one-off CI runs:

GEENIUS_SUPPLY_CHAIN_SOCKET=off geenius-release supply-chain

Configuration reference

See .docs/DOCS/PACKAGES/RELEASE_TOOLKIT.md for the full config schema and examples, and .docs/PRDS/packages/PACKAGE_RELEASE_TOOLKIT_PRD.md for the design rationale.

Exit codes

Code Meaning
0 Required steps passed (optional steps may have skipped)
1 At least one required step failed
2 Configuration error
3 Environment error (missing pnpm, missing lockfile)
4 Internal toolkit bug

Stable across versions. CI integrations can rely on them.

Optional git hooks

The toolkit ships a non-blocking pre-push hook template at templates/husky/pre-push. It runs pnpm run audit:supply-chain before each push and reports findings without blocking the push (remove the trailing || exit 0 in the script to make findings blocking).

Install per-repo:

cp node_modules/@geenius/release-toolkit/templates/husky/pre-push .husky/pre-push
chmod +x .husky/pre-push

The hook is not auto-installed by adding the toolkit as a dependency — adoption is opt-in.

Reports

Every subcommand writes a JSON report at .eval/release-toolkit/<command>.json. The shape is documented in src/types.ts and is consumed by CI integrations and downstream report aggregators.

Development

pnpm install
pnpm build
pnpm test
pnpm lint
pnpm exec geenius-release gauntlet   # dogfood

License

FSL-1.1-Apache-2.0