陌讯skills聚合平台

code-quality-setup

📁 metyatech/skill-code-quality-setup 📅 7 days ago
10
总安装量
10
周安装量
#29639
全站排名
安装命令
npx skills add https://github.com/metyatech/skill-code-quality-setup --skill code-quality-setup

Agent 安装分布

opencode 10
gemini-cli 10
github-copilot 10
amp 10
codex 10
kimi-cli 10

Skill 文档

Code quality setup

Per-language toolchain

Use the standard toolchain for each language in the repository.

JavaScript / TypeScript (incl. React/Next)

  • Format+lint: ESLint + Prettier.
  • When configuring Prettier, always add and maintain .prettierignore so generated/build outputs and composed files are not formatted/linted as source (e.g., dist/, build artifacts, and AGENTS.md when generated by compose-agentsmd).
  • Typecheck: tsc with strict settings for TS projects.
  • Dependency scan: osv-scanner. If unsupported, use the package manager’s audit tooling.

Python

  • Format+lint: Ruff.
  • Typecheck: Pyright.
  • Dependency scan: pip-audit.

Go

  • Format: gofmt.
  • Lint/static analysis: golangci-lint (includes staticcheck).
  • Dependency scan: govulncheck.

Rust

  • Format: cargo fmt.
  • Lint/static analysis: cargo clippy with warnings as errors.
  • Dependency scan: cargo audit.

Java

  • Format: Spotless + google-java-format.
  • Lint/static analysis: Checkstyle + SpotBugs.
  • Dependency scan: OWASP Dependency-Check.

Kotlin

  • Format: Spotless + ktlint.
  • Lint/static analysis: detekt.
  • Compiler: enable warnings-as-errors in CI; if impractical, get explicit user approval before relaxing.

C#

  • Format: dotnet format (verify-no-changes in CI).
  • Lint/static analysis: enable .NET analyzers; treat warnings as errors; enable nullable reference types.
  • Dependency scan: dotnet list package --vulnerable.

C++

  • Format: clang-format.
  • Lint/static analysis: clang-tidy.
  • Build: enable strong warnings and treat as errors; run sanitizers (ASan/UBSan) in CI where supported.

PowerShell

  • Format+lint: PSScriptAnalyzer (Invoke-Formatter + Invoke-ScriptAnalyzer).
  • Runtime: Set-StrictMode -Version Latest; fail fast on errors.
  • Tests: Pester when tests exist.
  • Enforce PSScriptAnalyzer via the repo’s standard verify command/script when PowerShell is used; treat findings as errors.

Shell (sh/bash)

  • Format: shfmt.
  • Lint: shellcheck.

Dockerfile

  • Lint: hadolint.

Terraform

  • Format: terraform fmt -check.
  • Validate: terraform validate.
  • Lint: tflint.
  • Security scan: trivy config.

YAML

  • Lint: yamllint.

Markdown

  • Lint: markdownlint.

Design and visual accessibility automation

Apply this section to projects with web UI components only.

  • Enforce automated visual accessibility checks as part of the repo-standard verify command and CI.
  • Use route discovery (sitemap, generated route lists, or framework route manifests) so newly added pages are automatically included.
  • Validate both light and dark themes when theme switching is supported.
  • Validate at least default, hover, and focus states for interactive elements.
  • Enforce non-text boundary contrast checks across all visible UI elements that present boundaries (including interactive controls and container-like elements), not only predefined component classes.
  • Use broad DOM discovery with only minimal technical exclusions (hidden/zero-size/non-rendered nodes).
  • Fail CI on violations; do not silently ignore design regressions.
  • If temporary exclusions are unavoidable, keep them narrowly scoped, documented with rationale, and remove them promptly.

Security baseline

  • Require dependency vulnerability scanning appropriate to the ecosystem (SCA) for merges. If unavailable, report the limitation and get explicit user approval.
  • Enable GitHub secret scanning and remediate findings; never commit secrets. If unavailable, add a repo-local secret scanner.
  • Enable CodeQL code scanning for supported languages. If unavailable, use the best alternative for that ecosystem.
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。