Enterprise-grade development tooling for modern JavaScript/TypeScript projects
A comprehensive, battle-tested collection of reusable scripts and utilities designed specifically for large-scale development teams. Built with the same standards as Google, Meta, and Amazon - featuring 80%+ test coverage, automated security scanning, and production-ready tooling.
@kitiumai/scripts is a comprehensive TypeScript utility library that provides production-ready solutions for common development tasks. Unlike fragmented utility libraries, it offers a complete toolkit covering the entire development lifecycle - from local development to CI/CD pipelines.
- ποΈ Build & Development: TypeScript compilation, testing, linting, formatting
- π Security First: Automated secret scanning, dependency audits, license compliance
- π DevOps Ready: Git operations, release automation, deployment checks
- π€ AI Integration: Token management for OpenAI, Anthropic, Google AI, DeepSeek
- π Enterprise Standards: 80%+ test coverage, comprehensive error handling, typed APIs
- β‘ Performance: Optimized for speed with parallel execution and caching
- π§ Extensible: Modular design with tree-shakable imports
| Feature | @kitiumai/scripts | zx | execa | oclif | commander |
|---|---|---|---|---|---|
| Scope | Full dev lifecycle | Command execution | Command execution | CLI frameworks | CLI parsing |
| Security | Built-in scanning | Manual | Manual | Manual | Manual |
| Testing | 80%+ coverage | Basic | Basic | Basic | Basic |
| AI Integration | β Native support | β | β | β | β |
| Git Operations | β Comprehensive | β | β | β | β |
| Release Mgmt | β Automated | β | β | β | β |
| License Compliance | β Built-in | β | β | β | β |
| Type Safety | β Full TypeScript | β | |||
| Enterprise Ready | β Production tested | β | β |
- Scope: zx focuses on shell scripting; we provide complete dev tooling
- Security: We include automated secret scanning and vulnerability checks
- Testing: 80% coverage vs zx's minimal testing
- Enterprise: Built for large teams with proper error handling and logging
- Features: execa is just command execution; we provide 15 specialized modules
- Integration: Native AI, Git, security, and release management
- Safety: Built-in security scanning and license compliance
- DX: Comprehensive error handling and logging utilities
- Purpose: CLI frameworks for building tools; we ARE the tool collection
- Usage: Import and use immediately vs building custom CLIs
- Completeness: Ready-to-use solutions vs framework for building
Unlike fragmented utility libraries, @kitiumai/scripts provides:
- π Security-First Design: Every function includes security considerations
- π Production-Ready: Used in production by Kitium AI across 50+ repositories
- π Enterprise Scale: Built for large teams with proper logging, error handling, and monitoring
- π€ AI-Native: First utility library with built-in AI provider management
- β‘ Performance Optimized: Parallel execution, caching, and optimized algorithms
- π§ Tree-Shakable: Import only what you need, zero bundle bloat
- π Comprehensive Documentation: Every function documented with examples
- 50+ repositories using this package
- 80% test coverage maintained across all modules
- Zero security incidents from tooling (automated scanning)
- 10x faster release cycles with automated tooling
- 100% TypeScript with strict mode and full type safety
# npm
npm install @kitiumai/scripts
# pnpm
pnpm add @kitiumai/scripts
# yarn
yarn add @kitiumai/scriptsRequirements:
- Node.js >= 18.0.0
- TypeScript >= 5.0.0 (for types)
- Git >= 2.30.0 (for Git operations)
This package uses automated GitHub Actions workflows for releases. New versions are published when tags are pushed.
- Automated Tagging: Use the "Tag @kitiumai/scripts Release" workflow in this repository's Actions
- Version Format: Tags follow
@kitiumai/scripts@<version>format (e.g.,@kitiumai/scripts@1.0.0) - Automatic Publishing: Pushing a tag triggers the release workflow that builds, tests, and publishes to NPM
- Tag Creation:
Tag @kitiumai/scripts Release- Creates version tags - Publishing:
Release @kitiumai/scripts- Publishes to NPM on tag push
Note: These workflows are located in .github/workflows/ within this package directory.
π Release Documentation - Complete release process guide
Core utilities for command execution, file operations, and logging.
import { exec, pathExists, readJson, writeJson, log, measure } from '@kitiumai/scripts/utils';
// Execute commands safely
const result = await exec('npm', ['install'], { cwd: '/path/to/project' });
console.log(`Exit code: ${result.code}`);
// File operations with error handling
const exists = await pathExists('./config.json');
const config = await readJson<MyConfig>('./config.json');
await writeJson('./output.json', data, true); // pretty print
// Structured logging
log('info', 'Starting build process');
log('success', 'Build completed successfully');
log('error', 'Build failed', error);
// Performance measurement
await measure('Build Process', async () => {
// your expensive operation
});Key Functions:
exec()- Safe command execution with proper error handlingpathExists()- Cross-platform path existence checkingreadJson()/writeJson()- JSON file operations with validationlog()- Structured logging with levels (info, success, warn, error)measure()- Performance timing utilityfindFiles()- Recursive file searching with patternsgetEnv()- Environment variable handling with defaults
Comprehensive testing utilities with coverage and watch modes.
import { runTests, runTestsCoverage, watchTests } from '@kitiumai/scripts/test';
// Run all tests
await runTests();
// Run with coverage report
await runTestsCoverage();
// Watch mode for TDD
await watchTests();
// Advanced options
await runTests({
pattern: 'src/**/*.test.ts',
coverage: true,
watch: false,
timeout: 10000,
sequential: false,
flags: ['--reporter=verbose']
});Key Functions:
runTests()- Execute test suite with configurable optionsrunTestsCoverage()- Run tests with coverage reportingwatchTests()- Watch mode for test-driven development
Code quality and formatting tools.
import { runEslint, checkFormat, fixFormat, lintAll } from '@kitiumai/scripts/lint';
// Run ESLint
await runEslint({ fix: false });
// Check code formatting
await checkFormat();
// Auto-fix formatting issues
await fixFormat();
// Run all linting and formatting checks
await lintAll(true); // true to auto-fixKey Functions:
runEslint()- Execute ESLint with configurable optionscheckFormat()- Check Prettier formatting without changesfixFormat()- Auto-fix formatting issueslintAll()- Combined linting and formatting
Complete Git operations for automation.
import {
getCurrentBranch,
isWorkingDirectoryClean,
getChangedFiles,
stageFiles,
commit,
push,
createTag
} from '@kitiumai/scripts/git';
// Get repository state
const branch = await getCurrentBranch();
const isClean = await isWorkingDirectoryClean();
const changes = await getChangedFiles();
// Stage and commit changes
await stageFiles(['src/file1.ts', 'src/file2.ts']);
await commit('feat: add new feature', {
allowEmpty: false,
sign: false
});
// Push and tag
await push('main', 'origin');
await createTag('v1.0.0', 'Release version 1.0.0');Key Functions:
getCurrentBranch()- Get current Git branch nameisWorkingDirectoryClean()- Check if working directory has uncommitted changesgetChangedFiles()- Get list of modified filesstageFiles()- Stage files for commitcommit()- Create commits with conventional commit supportpush()- Push commits to remotecreateTag()- Create and push Git tags
Automated security scanning and compliance.
import {
scanSecrets,
auditDependencies,
checkPolicyCompliance
} from '@kitiumai/scripts/security';
// Scan for secrets
const secretResult = await scanSecrets({
scanner: 'gitleaks',
configPath: './gitleaks.toml',
failOnFinding: true
});
// Audit dependencies for vulnerabilities
const auditResult = await auditDependencies({
severityThreshold: 'moderate',
includeDev: true,
failOnVulnerability: true
});
// Check security policy compliance
const compliance = await checkPolicyCompliance({
licenseAllowlist: ['MIT', 'Apache-2.0', 'BSD-3-Clause'],
vulnerabilityBudget: { critical: 0, high: 2 }
});Key Functions:
scanSecrets()- Scan for secrets using Gitleaks or TruffleHogauditDependencies()- Audit npm/pnpm dependencies for vulnerabilitiescheckPolicyCompliance()- Validate security policies and budgets
AI provider token management and validation.
import {
validateAIToken,
getAIToken,
isAIProviderConfigured,
getConfiguredAIProviders,
maskAIToken
} from '@kitiumai/scripts/ai';
// Validate AI provider tokens
const isValid = validateAIToken('openai', 'sk-proj-...');
const isAnthropicValid = validateAIToken('anthropic', 'sk-ant-...');
// Get tokens from environment
const openaiToken = getAIToken('openai');
const anthropicToken = getAIToken('anthropic');
// Check provider configuration
const configuredProviders = getConfiguredAIProviders();
console.log('Configured:', configuredProviders); // ['openai', 'anthropic']
// Mask tokens for logging
const masked = maskAIToken('sk-proj-1234567890abcdef');
console.log(masked); // 'sk-p...cdef'Key Functions:
validateAIToken()- Validate tokens for OpenAI, Anthropic, Google AI, DeepSeekgetAIToken()- Retrieve tokens from environment variablesisAIProviderConfigured()- Check if AI provider is configuredgetConfiguredAIProviders()- List all configured AI providersmaskAIToken()- Securely mask tokens for logging
Production operations and health checks.
import { smokeServices, rolloutGuard, verifyLogSchemas } from '@kitiumai/scripts/operations';
// Smoke test services
const smokeResults = await smokeServices([
{ name: 'API', url: 'https://api.example.com/health' },
{ name: 'Web', url: 'https://app.example.com', expectedStatus: 200 }
]);
// Deployment readiness check
const isReady = await rolloutGuard({
environment: 'production',
checks: ['database', 'cache', 'cdn']
});
// Verify log schema compliance
await verifyLogSchemas({
logFiles: ['logs/app.log'],
schemaPath: './schemas/log.schema.json'
});Key Functions:
smokeServices()- Health check multiple services/endpointsrolloutGuard()- Validate deployment prerequisitesverifyLogSchemas()- Ensure log files match expected schemas
Bulk repository operations and environment management.
import {
runBulkRepoTask,
validateEnv,
detectDrift
} from '@kitiumai/scripts/automation';
// Run command across multiple repositories
await runBulkRepoTask({
repos: ['./repo1', './repo2', './repo3'],
command: 'npm run build',
concurrency: 3,
continueOnError: false
});
// Validate environment setup
await validateEnv({
requiredEnv: ['API_KEY', 'DATABASE_URL'],
requiredCommands: [
{ cmd: 'node', minVersion: '18.0.0' },
{ cmd: 'pnpm', minVersion: '8.0.0' }
]
});
// Detect configuration drift
const drift = await detectDrift({
paths: ['src', 'config'],
excludePatterns: ['*.test.ts', '*.spec.ts']
});Key Functions:
runBulkRepoTask()- Execute commands across multiple repositoriesvalidateEnv()- Validate environment variables and command versionsdetectDrift()- Detect configuration drift across files
Package.json and dependency utilities.
import {
getPackageManager,
findPackageJson,
checkDeprecatedDeps
} from '@kitiumai/scripts/deps';
// Detect package manager
const pm = await getPackageManager(); // 'pnpm', 'npm', or 'yarn'
// Find package.json files
const packagePaths = await findPackageJson('./monorepo');
// Check for deprecated dependencies
const deprecated = await checkDeprecatedDeps('./package.json');
if (deprecated.length > 0) {
console.log('Deprecated packages found:', deprecated);
}Key Functions:
getPackageManager()- Auto-detect package manager (pnpm/npm/yarn)findPackageJson()- Find package.json files recursivelycheckDeprecatedDeps()- Identify deprecated npm packages
Developer productivity tools.
import {
validateCommits,
ensureSharedConfigs,
checkCodeownersCoverage
} from '@kitiumai/scripts/dx';
// Validate conventional commits
const commitResult = await validateCommits({
range: 'HEAD~10..HEAD',
allowedTypes: ['feat', 'fix', 'docs', 'refactor']
});
// Ensure shared configurations
await ensureSharedConfigs({
configs: ['.eslintrc.js', '.prettierrc', 'tsconfig.json'],
enforce: true
});
// Check CODEOWNERS coverage
const coverage = await checkCodeownersCoverage({
files: ['src/**/*.ts'],
codeownersPath: './CODEOWNERS'
});Key Functions:
validateCommits()- Validate conventional commit messagesensureSharedConfigs()- Ensure consistent config files across reposcheckCodeownersCoverage()- Validate CODEOWNERS file coverage
Automated release and versioning.
import {
prepareReleaseNotes,
verifyPublishState,
syncVersionTags
} from '@kitiumai/scripts/release';
// Generate release notes from changesets
const notes = await prepareReleaseNotes({
changesetDir: './changesets',
groupBy: 'package'
});
// Verify publish readiness
const publishCheck = await verifyPublishState({
commands: ['npm run build', 'npm run test'],
checks: ['clean working directory', 'up-to-date branch']
});
// Sync version tags
await syncVersionTags({
packagePath: './package.json',
tagPrefix: 'v',
registry: 'https://registry.npmjs.org'
});Key Functions:
prepareReleaseNotes()- Generate release notes from changesetsverifyPublishState()- Validate publish prerequisitessyncVersionTags()- Sync package versions with Git tags
Structured logging and monitoring.
import { setupStructuredLogging, createLogger } from '@kitiumai/scripts/observability';
// Setup structured logging
await setupStructuredLogging({
level: 'info',
format: 'json',
redaction: ['password', 'token', 'secret']
});
// Create contextual logger
const logger = createLogger('auth-service', {
userId: '12345',
requestId: 'req-abc'
});
logger.info('User authenticated', { method: 'oauth' });
logger.error('Authentication failed', { error: 'invalid_token' });Deployment and operational readiness.
import {
performHealthCheck,
checkDeploymentReadiness
} from '@kitiumai/scripts/ops';
// Health check with retry logic
const isHealthy = await performHealthCheck({
services: [
{ name: 'api', url: 'https://api.example.com/health' },
{ name: 'db', url: 'https://db.example.com/status' }
],
timeout: 5000,
retries: 3
});
// Check deployment readiness
const deploymentStatus = await checkDeploymentReadiness({
environment: 'production',
checks: ['database', 'redis', 'cdn', 'monitoring']
});Key Functions:
performHealthCheck()- Comprehensive health checks with retriescheckDeploymentReadiness()- Validate deployment prerequisites
Data quality and privacy utilities.
import {
scanForPII,
validateDatasetSchema,
detectDataDrift
} from '@kitiumai/scripts/data';
// Scan for personally identifiable information
const piiResults = await scanForPII({
files: ['data/users.json', 'logs/app.log'],
patterns: ['email', 'phone', 'ssn']
});
// Validate dataset against schema
const validation = await validateDatasetSchema({
dataPath: './data/dataset.json',
schemaPath: './schemas/dataset.schema.json'
});
// Detect data drift
const drift = await detectDataDrift({
baselinePath: './data/baseline.json',
currentPath: './data/current.json',
threshold: 0.05
});The package includes executable scripts for common automation tasks:
set-npm-token- Configure npm authentication tokenadd-npmrc- NPM configuration managementadd-ai-tokens- AI provider token configuration (OpenAI, Anthropic, etc.)
kitium-security-check- Comprehensive security scanning (secrets, vulnerabilities, licenses)kitium-license-check- License compliance validationlicense-check- Quick license checking
ensure-changeset- Changeset directory setupfix-deprecated-deps- Deprecated dependency management
generate-sbom- Software Bill of Materials generationsign-artifact- Artifact signing & verification
setup-github-security- GitHub security settings configurationconfigure-github-branch-protection- Branch protection rules setup
# Security scanning
npx kitium-security-check --fail-on-finding
# License compliance
npx kitium-license-check --fail-on-violation --verbose
# Setup AI tokens
npx add-ai-tokens --providers openai,anthropic
# Generate SBOM
npx generate-sbom --format cyclonedx --output sbom.jsonimport {
runTestsCoverage,
runEslint,
scanSecrets,
auditDependencies,
checkDeploymentReadiness
} from '@kitiumai/scripts';
async function runCI() {
try {
// Quality gates
await runEslint({ fix: false });
await runTestsCoverage();
// Security checks
await scanSecrets({ failOnFinding: true });
await auditDependencies({ failOnVulnerability: true });
// Deployment readiness
const ready = await checkDeploymentReadiness({
environment: 'production'
});
if (ready) {
console.log('β
All checks passed - ready for deployment');
}
} catch (error) {
console.error('β CI failed:', error.message);
process.exit(1);
}
}import { runBulkRepoTask, validateEnv } from '@kitiumai/scripts/automation';
async function updateMonorepo() {
// Validate environment
await validateEnv({
requiredEnv: ['NPM_TOKEN'],
requiredCommands: [{ cmd: 'pnpm', minVersion: '8.0.0' }]
});
// Update all packages
await runBulkRepoTask({
repos: ['packages/*', 'apps/*'],
command: 'pnpm update',
concurrency: 4
});
// Run tests across all packages
await runBulkRepoTask({
repos: ['packages/*', 'apps/*'],
command: 'pnpm test',
concurrency: 2
});
}import { getAIToken, validateAIToken, maskAIToken } from '@kitiumai/scripts/ai';
import { exec } from '@kitiumai/scripts/utils';
async function setupAIEnvironment() {
// Validate all AI tokens
const providers = ['openai', 'anthropic', 'google'] as const;
for (const provider of providers) {
const token = getAIToken(provider);
if (token && validateAIToken(provider, token)) {
console.log(`${provider}: β
configured`);
} else {
console.log(`${provider}: β missing or invalid`);
}
}
// Use AI for code review
const diff = await exec('git', ['diff', '--cached']);
if (diff.stdout) {
const aiToken = getAIToken('openai');
// Use AI to review changes...
}
}# AI Provider Tokens
OPENAI_API_KEY=sk-proj-...
ANTHROPIC_API_KEY=sk-ant-...
GOOGLE_AI_API_KEY=...
DEEPSEEK_API_KEY=...
# NPM Publishing
NPM_TOKEN=npm_...
# Security Scanning
GITLEAKS_CONFIG_PATH=./gitleaks.toml
TRUFFLEHOG_CONFIG_PATH=./trufflehog.yamlCreate .kitiumai.json for project-specific settings:
{
"security": {
"licenseAllowlist": ["MIT", "Apache-2.0", "BSD-3-Clause"],
"vulnerabilityBudget": {
"critical": 0,
"high": 2,
"moderate": 10
}
},
"lint": {
"paths": ["src/**/*.{ts,tsx}", "test/**/*.{ts,tsx}"],
"fix": true
},
"test": {
"coverage": true,
"threshold": 80
}
}# Run all tests
npm test
# Run with coverage
npm run test:coverage
# Watch mode
npm run test:watch
# UI mode
npm run test:uiCoverage Requirements:
- Branches: β₯ 80%
- Functions: β₯ 80%
- Lines: β₯ 80%
- Statements: β₯ 80%
We welcome contributions! See CONTRIBUTING.md for guidelines.
# Clone and install
git clone https://github.com/kitiumai/monorepo.git
cd tooling/scripts
pnpm install --ignore-workspace
# Run quality checks
pnpm run type-check
pnpm run lint
pnpm run test:coverageMIT License - see LICENSE for details.
Built with β€οΈ by the Kitium AI team
