Claude-skill-registry frontend-ultimate
Ultimate 25+ years expert-level frontend skill covering Next.js, React, TypeScript, Tailwind CSS, styled-components, Redux, Zustand, Webpack, Vite, Parcel, Jest/Vitest testing, performance optimization, and ALL security aspects comprehensively (XSS, CSRF, injection, data privacy, CSP, dependency security, etc.). Covers all use cases (SPAs, PWAs, e-commerce, dashboards, real-time apps, mobile-responsive). Advanced features include A11y, Core Web Vitals, SEO, i18n, error handling, monitoring, component architecture, design patterns. Maximum security hardening, genius-level optimization, modernized development standards. Use when building ANY frontend application requiring enterprise security, performance, and scalability.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/frontend-expert" ~/.claude/skills/majiayu000-claude-skill-registry-frontend-ultimate && rm -rf "$T"
manifest:
skills/data/frontend-expert/SKILL.mdsource content
ULTIMATE FRONTEND MASTERY - 25+ YEARS EXPERT LEVEL
Enterprise-grade frontend architecture with genius-level optimization, comprehensive security hardening, and all modern best practices across Next.js, React, TypeScript, and complete tooling ecosystem.
🎯 THE DECISION MATRIX
Choose your path based on requirements:
Building a website or app? ├─ Static site needed? │ ├─ YES → Next.js with SSG │ └─ NO → Continue ├─ Real-time features needed? │ ├─ YES → Next.js with WebSockets + React │ └─ NO → Continue ├─ Simple SPA sufficient? │ ├─ YES → React + Vite │ └─ NO → Next.js ├─ E-commerce with SEO? │ └─ Next.js (SSG + ISR) ├─ Enterprise dashboard? │ └─ React + Redux + Vite ├─ PWA needed? │ └─ Next.js + PWA plugin └─ Performance critical? └─ Vite + React with optimizations
PART 1: CORE ARCHITECTURE
Architecture Decision Tree
// PROJECT STRUCTURE - NEXT.JS (Most Powerful) my-app/ ├── src/ │ ├── app/ // Next.js App Router │ │ ├── page.tsx // Root page │ │ ├── layout.tsx // Root layout (security headers!) │ │ ├── api/ // API routes (secured) │ │ ├── (auth)/ // Route groups │ │ ├── dashboard/ │ │ └── error.tsx // Error boundary │ ├── components/ │ │ ├── common/ // Reusable components │ │ ├── features/ // Feature-specific │ │ └── ui/ // Atomic components │ ├── hooks/ // Custom React hooks │ ├── store/ // Redux/Zustand │ ├── utils/ │ │ ├── security.ts // Security utilities │ │ ├── validation.ts // Input validation │ │ ├── sanitization.ts // XSS prevention │ │ └── crypto.ts // Client-side encryption │ ├── lib/ │ │ ├── api.ts // API client │ │ └── db.ts // Database access │ ├── types/ // TypeScript types │ ├── styles/ // Global styles │ ├── middleware.ts // Next.js middleware │ ├── env.ts // Type-safe env │ └── constants.ts // Constants ├── public/ // Static assets ├── tests/ // Test files ├── .env.local // Local env (gitignored) ├── .env.example // Example env ├── .eslintrc.json // ESLint config ├── .prettierrc.json // Prettier config ├── tsconfig.json // TypeScript config ├── next.config.js // Next.js config ├── tailwind.config.js // Tailwind config ├── jest.config.js // Jest config └── package.json // Dependencies
NextAuth Setup (Secure Authentication)
// app/api/auth/[...nextauth]/route.ts import NextAuth from "next-auth"; import GoogleProvider from "next-auth/providers/google"; import CredentialsProvider from "next-auth/providers/credentials"; import { PrismaAdapter } from "@next-auth/prisma-adapter"; import { prisma } from "@/lib/prisma"; import { hash, compare } from "bcryptjs"; export const authOptions = { adapter: PrismaAdapter(prisma), secret: process.env.NEXTAUTH_SECRET, session: { strategy: "jwt" as const, maxAge: 30 * 24 * 60 * 60, // 30 days }, pages: { signIn: "/auth/login", error: "/auth/error", }, callbacks: { async jwt({ token, user, account }) { if (user) { token.id = user.id; token.role = user.role; } return token; }, async session({ session, token }) { if (session.user) { session.user.id = token.id as string; session.user.role = token.role as string; } return session; }, async signIn({ user, account }) { // Additional security checks if (account?.provider === "credentials") { // Rate limiting for password attempts const attempts = await getLoginAttempts(user.email); if (attempts > 5) { throw new Error("Too many login attempts"); } } return true; }, }, providers: [ GoogleProvider({ clientId: process.env.GOOGLE_CLIENT_ID!, clientSecret: process.env.GOOGLE_CLIENT_SECRET!, allowDangerousEmailAccountLinking: false, }), CredentialsProvider({ async authorize(credentials: any) { if (!credentials?.email || !credentials?.password) { throw new Error("Missing credentials"); } const user = await prisma.user.findUnique({ where: { email: credentials.email }, }); if (!user) { throw new Error("Invalid email"); } const isValidPassword = await compare( credentials.password, user.hashedPassword ); if (!isValidPassword) { throw new Error("Invalid password"); } return { id: user.id, email: user.email, role: user.role, }; }, }), ], }; export const handler = NextAuth(authOptions); export { handler as GET, handler as POST };
PART 2: SECURITY - COMPREHENSIVE HARDENING
2.1 XSS (Cross-Site Scripting) Prevention
// lib/security/xss-prevention.ts import DOMPurify from "isomorphic-dompurify"; import { marked } from "marked"; /** * Sanitize HTML to prevent XSS * CRITICAL: Use for user-generated content */ export function sanitizeHTML(html: string): string { const config = { ALLOWED_TAGS: [ "b", "i", "em", "strong", "a", "p", "br", "ul", "li", "ol", "blockquote", "code", "pre", "h1", "h2", "h3" ], ALLOWED_ATTR: ["href", "title", "target"], FORCE_BODY: true, KEEP_CONTENT: true, }; return DOMPurify.sanitize(html, config); } /** * Safely render markdown without XSS */ export async function renderMarkdown(markdown: string): Promise<string> { const html = await marked(markdown); return sanitizeHTML(html); } /** * Escape HTML special characters * Use in text content */ export function escapeHTML(text: string): string { const map: Record<string, string> = { "&": "&", "<": "<", ">": ">", '"': """, "'": "'", }; return text.replace(/[&<>"']/g, (char) => map[char]); } /** * Prevent script injection in URLs */ export function isValidURL(url: string): boolean { try { const parsed = new URL(url); // Whitelist safe protocols if (!["http:", "https:", "mailto:", "tel:"].includes(parsed.protocol)) { return false; } return true; } catch { return false; } } /** * Safe JSON parsing */ export function safeJSONParse(json: string, fallback: any = null) { try { return JSON.parse(json); } catch { console.error("Invalid JSON"); return fallback; } } // React component for safe content display export function SafeHTML({ html }: { html: string }) { return ( <div dangerouslySetInnerHTML={{ __html: sanitizeHTML(html), }} /> ); }
2.2 CSRF (Cross-Site Request Forgery) Protection
// lib/security/csrf.ts import { generateTokenPair } from "crypto-random-string"; /** * Generate CSRF token for forms */ export function generateCSRFToken(): string { return crypto.getRandomValues(new Uint8Array(32)).toString(); } /** * Verify CSRF token */ export async function verifyCSRFToken(token: string, stored: string): Promise<boolean> { if (!token || !stored) return false; return crypto.subtle.timingSafeEqual( new TextEncoder().encode(token), new TextEncoder().encode(stored) ); } // Middleware for CSRF protection export const csrfProtectionMiddleware = async ( req: NextRequest, res: NextResponse ) => { if (["POST", "PUT", "DELETE", "PATCH"].includes(req.method)) { const token = req.headers.get("x-csrf-token"); const stored = req.cookies.get("csrf-token")?.value; if (!token || !stored || !await verifyCSRFToken(token, stored)) { return new NextResponse("CSRF token validation failed", { status: 403, }); } } return res; }; // Hook for forms export function useCSRFToken() { const [token, setToken] = useState<string>(""); useEffect(() => { const fetchToken = async () => { const res = await fetch("/api/csrf-token"); const data = await res.json(); setToken(data.token); }; fetchToken(); }, []); return token; } // Form component with CSRF export function CSRFForm({ children, action }: any) { const token = useCSRFToken(); return ( <form action={action} method="POST"> <input type="hidden" name="csrf-token" value={token} /> {children} </form> ); }
2.3 Input Validation & Sanitization
// lib/security/validation.ts import { z } from "zod"; /** * Comprehensive validation schemas */ export const schemas = { email: z.string().email("Invalid email").toLowerCase(), password: z.string() .min(8, "Min 8 characters") .regex(/[A-Z]/, "Need uppercase") .regex(/[a-z]/, "Need lowercase") .regex(/[0-9]/, "Need digit") .regex(/[!@#$%^&*]/, "Need special char"), username: z.string() .min(3, "Min 3 chars") .max(20, "Max 20 chars") .regex(/^[a-zA-Z0-9_-]+$/, "Only alphanumeric, _, -"), url: z.string().url("Invalid URL").refine( (url) => ["http:", "https:"].includes(new URL(url).protocol), "Only http(s) allowed" ), phoneNumber: z.string() .regex(/^\+?[1-9]\d{1,14}$/, "Invalid phone"), }; /** * Validate and sanitize input */ export function validateInput( data: unknown, schema: z.ZodSchema ): { valid: boolean; data?: unknown; error?: string } { try { const validated = schema.parse(data); return { valid: true, data: validated }; } catch (error) { if (error instanceof z.ZodError) { return { valid: false, error: error.errors[0].message }; } return { valid: false, error: "Validation failed" }; } } /** * Prevent SQL injection * (Always use parameterized queries with Prisma/ORM) */ export function sanitizeSQLInput(input: string): string { // This is backup - always use ORM return input .replace(/'/g, "''") .replace(/"/g, '""') .replace(/\\/g, "\\\\") .slice(0, 1000); // Max length } /** * Sanitize file uploads */ export function validateFileUpload( file: File, allowedTypes: string[], maxSize: number ): { valid: boolean; error?: string } { // Check file type if (!allowedTypes.includes(file.type)) { return { valid: false, error: "File type not allowed" }; } // Check file size if (file.size > maxSize) { return { valid: false, error: "File too large" }; } // Check file name for injection if (!/^[a-zA-Z0-9._-]+$/.test(file.name)) { return { valid: false, error: "Invalid filename" }; } return { valid: true }; }
2.4 Content Security Policy (CSP)
// app/layout.tsx - Security Headers import { Metadata } from "next"; export const metadata: Metadata = { title: "Secure App", description: "Enterprise security", }; export default function RootLayout({ children, }: { children: React.ReactNode; }) { return ( <html lang="en"> <head> {/* CSP Header */} <meta httpEquiv="Content-Security-Policy" content={` default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.example.com; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; `.replace(/\n/g, "")} /> {/* Security Headers */} <meta httpEquiv="X-UA-Compatible" content="ie=edge" /> <meta httpEquiv="X-Content-Type-Options" content="nosniff" /> <meta httpEquiv="X-Frame-Options" content="DENY" /> <meta httpEquiv="X-XSS-Protection" content="1; mode=block" /> <meta httpEquiv="Referrer-Policy" content="strict-origin-when-cross-origin" /> <meta httpEquiv="Permissions-Policy" content="geolocation=(), microphone=(), camera=()" /> {/* HTTPS Enforcement */} <meta httpEquiv="Strict-Transport-Security" content="max-age=31536000; includeSubDomains" /> </head> <body>{children}</body> </html> ); }
2.5 API Security & Rate Limiting
// lib/security/rate-limit.ts import { Ratelimit } from "@upstash/ratelimit"; import { Redis } from "@upstash/redis"; const redis = new Redis({ url: process.env.UPSTASH_REDIS_REST_URL!, token: process.env.UPSTASH_REDIS_REST_TOKEN!, }); /** * Rate limiters for different endpoints */ export const rateLimiters = { // 5 requests per minute auth: new Ratelimit({ redis, limiter: Ratelimit.fixedWindow(5, "60 s"), }), // 100 requests per minute api: new Ratelimit({ redis, limiter: Ratelimit.fixedWindow(100, "60 s"), }), // 1000 requests per minute public: new Ratelimit({ redis, limiter: Ratelimit.fixedWindow(1000, "60 s"), }), }; // Middleware for rate limiting export async function withRateLimit( key: string, limiter: Ratelimit, handler: Function ) { const { success, pending } = await limiter.limit(key); if (!success) { return new Response("Too many requests", { status: 429 }); } return handler(); }
2.6 Secure API Routes with Validation
// app/api/user/profile/route.ts import { NextRequest, NextResponse } from "next/server"; import { getServerSession } from "next-auth/next"; import { authOptions } from "@/app/api/auth/[...nextauth]/route"; import { schemas, validateInput } from "@/lib/security/validation"; import { rateLimiters, withRateLimit } from "@/lib/security/rate-limit"; /** * GET /api/user/profile - Fetch user profile * Protected: Requires authentication */ export async function GET(req: NextRequest) { try { // Check authentication const session = await getServerSession(authOptions); if (!session?.user?.id) { return NextResponse.json( { error: "Unauthorized" }, { status: 401 } ); } // Rate limiting return await withRateLimit( `api-${session.user.id}`, rateLimiters.api, async () => { // Fetch user data const user = await prisma.user.findUnique({ where: { id: session.user.id }, select: { id: true, email: true, name: true, role: true, }, }); if (!user) { return NextResponse.json( { error: "User not found" }, { status: 404 } ); } return NextResponse.json(user); } ); } catch (error) { console.error("Error:", error); return NextResponse.json( { error: "Internal server error" }, { status: 500 } ); } } /** * POST /api/user/profile - Update user profile * Protected: Requires authentication * Validates: Email, name * Sanitizes: All input */ export async function POST(req: NextRequest) { try { const session = await getServerSession(authOptions); if (!session?.user?.id) { return NextResponse.json( { error: "Unauthorized" }, { status: 401 } ); } // Rate limiting (stricter for POST) return await withRateLimit( `api-post-${session.user.id}`, rateLimiters.auth, async () => { const body = await req.json(); // Validate email const emailValidation = validateInput( body.email, schemas.email ); if (!emailValidation.valid) { return NextResponse.json( { error: emailValidation.error }, { status: 400 } ); } // Validate name if (!body.name || typeof body.name !== "string") { return NextResponse.json( { error: "Invalid name" }, { status: 400 } ); } // Check if email already exists const existingUser = await prisma.user.findUnique({ where: { email: emailValidation.data as string }, }); if (existingUser && existingUser.id !== session.user.id) { return NextResponse.json( { error: "Email already in use" }, { status: 409 } ); } // Update user const updated = await prisma.user.update({ where: { id: session.user.id }, data: { email: emailValidation.data as string, name: body.name, }, select: { id: true, email: true, name: true, }, }); return NextResponse.json(updated); } ); } catch (error) { console.error("Error:", error); return NextResponse.json( { error: "Internal server error" }, { status: 500 } ); } }
PART 3: STATE MANAGEMENT - REDUX & ZUSTAND
3.1 Redux Toolkit Setup (Enterprise)
// store/index.ts import { configureStore } from "@reduxjs/toolkit"; import authReducer from "./slices/auth"; import userReducer from "./slices/user"; import uiReducer from "./slices/ui"; export const store = configureStore({ reducer: { auth: authReducer, user: userReducer, ui: uiReducer, }, middleware: (getDefaultMiddleware) => getDefaultMiddleware({ serializableCheck: { // Ignore non-serializable data like Error objects ignoredActions: ["auth/login/rejected"], }, }), devTools: process.env.NODE_ENV !== "production", }); export type RootState = ReturnType<typeof store.getState>; export type AppDispatch = typeof store.dispatch;
// store/slices/auth.ts import { createSlice, createAsyncThunk, PayloadAction } from "@reduxjs/toolkit"; interface AuthState { user: { id: string; email: string; role: string } | null; token: string | null; loading: boolean; error: string | null; } const initialState: AuthState = { user: null, token: null, loading: false, error: null, }; /** * Async thunk for login * Validates credentials, handles errors securely */ export const login = createAsyncThunk( "auth/login", async ( credentials: { email: string; password: string }, { rejectWithValue } ) => { try { const res = await fetch("/api/auth/login", { method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", // Include cookies body: JSON.stringify(credentials), }); if (!res.ok) { const error = await res.json(); return rejectWithValue(error.message); } const data = await res.json(); return data; } catch (error) { return rejectWithValue("Network error"); } } ); /** * Async thunk for logout */ export const logout = createAsyncThunk("auth/logout", async () => { await fetch("/api/auth/logout", { method: "POST" }); return null; }); export const authSlice = createSlice({ name: "auth", initialState, reducers: { setUser: (state, action: PayloadAction<AuthState["user"]>) => { state.user = action.payload; }, }, extraReducers: (builder) => { builder .addCase(login.pending, (state) => { state.loading = true; state.error = null; }) .addCase(login.fulfilled, (state, action) => { state.loading = false; state.user = action.payload.user; state.token = action.payload.token; }) .addCase(login.rejected, (state, action) => { state.loading = false; state.error = action.payload as string; }) .addCase(logout.fulfilled, (state) => { state.user = null; state.token = null; }); }, }); export default authSlice.reducer;
3.2 Zustand Setup (Modern & Lightweight)
// store/auth.store.ts import { create } from "zustand"; import { devtools, persist } from "zustand/middleware"; interface User { id: string; email: string; role: string; } interface AuthStore { user: User | null; token: string | null; isLoading: boolean; error: string | null; setUser: (user: User | null) => void; setToken: (token: string | null) => void; setLoading: (loading: boolean) => void; setError: (error: string | null) => void; login: (email: string, password: string) => Promise<void>; logout: () => Promise<void>; refresh: () => Promise<void>; } export const useAuthStore = create<AuthStore>()( devtools( persist( (set) => ({ user: null, token: null, isLoading: false, error: null, setUser: (user) => set({ user }), setToken: (token) => set({ token }), setLoading: (isLoading) => set({ isLoading }), setError: (error) => set({ error }), login: async (email, password) => { set({ isLoading: true, error: null }); try { const res = await fetch("/api/auth/login", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ email, password }), credentials: "include", }); if (!res.ok) { const error = await res.json(); throw new Error(error.message); } const data = await res.json(); set({ user: data.user, token: data.token, isLoading: false, }); } catch (error) { const message = error instanceof Error ? error.message : "Login failed"; set({ error: message, isLoading: false }); throw error; } }, logout: async () => { await fetch("/api/auth/logout", { method: "POST" }); set({ user: null, token: null }); }, refresh: async () => { const res = await fetch("/api/auth/refresh"); if (res.ok) { const data = await res.json(); set({ token: data.token }); } }, }), { name: "auth-store", partialize: (state) => ({ user: state.user, token: state.token, }), } ) ) );
PART 4: STYLING - TAILWIND CSS & STYLED-COMPONENTS
4.1 Tailwind CSS Configuration
// tailwind.config.js import type { Config } from "tailwindcss"; import defaultTheme from "tailwindcss/defaultTheme"; const config: Config = { content: [ "./src/pages/**/*.{js,ts,jsx,tsx,mdx}", "./src/components/**/*.{js,ts,jsx,tsx,mdx}", "./src/app/**/*.{js,ts,jsx,tsx,mdx}", ], theme: { extend: { colors: { primary: { 50: "#f0f9ff", 500: "#0ea5e9", 900: "#082f49", }, }, fontFamily: { sans: ["Inter", ...defaultTheme.fontFamily.sans], }, spacing: { "safe-top": "var(--safe-top)", "safe-bottom": "var(--safe-bottom)", }, }, }, plugins: [ require("@tailwindcss/forms"), require("@tailwindcss/typography"), require("@tailwindcss/aspect-ratio"), ], }; export default config;
4.2 Styled Components with TypeScript
// components/Button.styled.ts import styled from "styled-components"; interface ButtonProps { variant?: "primary" | "secondary" | "danger"; size?: "sm" | "md" | "lg"; disabled?: boolean; } export const StyledButton = styled.button<ButtonProps>` padding: ${(props) => { switch (props.size) { case "sm": return "0.5rem 1rem"; case "lg": return "1rem 1.5rem"; default: return "0.75rem 1.25rem"; } }}; background-color: ${(props) => { switch (props.variant) { case "secondary": return "#e5e7eb"; case "danger": return "#ef4444"; default: return "#3b82f6"; } }}; color: ${(props) => props.variant === "secondary" ? "#000" : "#fff"}; border: none; border-radius: 0.375rem; font-weight: 600; cursor: pointer; transition: all 0.3s ease; opacity: ${(props) => (props.disabled ? 0.6 : 1)}; pointer-events: ${(props) => (props.disabled ? "none" : "auto")}; &:hover:not(:disabled) { transform: translateY(-2px); box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); } &:active:not(:disabled) { transform: translateY(0); } @media (max-width: 640px) { padding: ${(props) => props.size === "sm" ? "0.375rem 0.75rem" : "0.625rem 1rem"}; } `;
PART 5: PERFORMANCE OPTIMIZATION
5.1 Image Optimization
// components/OptimizedImage.tsx import Image from "next/image"; import { useState } from "react"; interface OptimizedImageProps { src: string; alt: string; width: number; height: number; priority?: boolean; sizes?: string; } export function OptimizedImage({ src, alt, width, height, priority = false, sizes, }: OptimizedImageProps) { const [isLoading, setIsLoading] = useState(true); return ( <div className="relative overflow-hidden bg-gray-100"> <Image src={src} alt={alt} width={width} height={height} priority={priority} sizes={sizes || "100vw"} quality={85} placeholder="blur" blurDataURL="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAY..." onLoadingComplete={() => setIsLoading(false)} className={`transition-opacity duration-300 ${ isLoading ? "opacity-0" : "opacity-100" }`} /> </div> ); }
5.2 Code Splitting & Lazy Loading
// components/Layout.tsx import { lazy, Suspense } from "react"; // Lazy load components that aren't immediately needed const Analytics = lazy(() => import("@/components/Analytics")); const Chat = lazy(() => import("@/components/Chat")); export function Layout({ children }: { children: React.ReactNode }) { return ( <div> {children} {/* Lazy load non-critical components */} <Suspense fallback={<div>Loading...</div>}> <Analytics /> </Suspense> <Suspense fallback={null}> <Chat /> </Suspense> </div> ); }
5.3 Performance Monitoring
// lib/performance/metrics.ts /** * Web Vitals monitoring * Sends metrics to analytics service */ export function reportWebVitals(metric: any) { if (metric.value === undefined) return; // Send to analytics const body = JSON.stringify(metric); if (navigator.sendBeacon) { navigator.sendBeacon("/api/metrics", body); } else { fetch("/api/metrics", { body, method: "POST", keepalive: true, }); } } // pages/_app.tsx import { useReportWebVitals } from "next/web-vitals"; function App() { useReportWebVitals((metric) => { console.log(`${metric.name}: ${metric.value}ms`); }); return <></>; }
PART 6: TESTING - JEST & VITEST
6.1 Jest Setup
// jest.config.js const nextJest = require("next/jest"); const createJestConfig = nextJest({ dir: "./", }); const customJestConfig = { setupFilesAfterEnv: ["<rootDir>/jest.setup.js"], moduleNameMapper: { "^@/(.*)$": "<rootDir>/src/$1", }, testEnvironment: "jest-environment-jsdom", collectCoverageFrom: [ "src/**/*.{js,jsx,ts,tsx}", "!src/**/*.d.ts", "!src/**/*.stories.{js,jsx,ts,tsx}", ], }; module.exports = createJestConfig(customJestConfig);
6.2 Component Testing
// __tests__/Button.test.tsx import { render, screen, fireEvent } from "@testing-library/react"; import { Button } from "@/components/Button"; describe("Button Component", () => { it("renders button with text", () => { render(<Button>Click me</Button>); expect(screen.getByRole("button", { name: /click me/i })).toBeInTheDocument(); }); it("calls onClick handler", () => { const handleClick = jest.fn(); render(<Button onClick={handleClick}>Click</Button>); fireEvent.click(screen.getByRole("button")); expect(handleClick).toHaveBeenCalled(); }); it("disables button when disabled prop is true", () => { render(<Button disabled>Disabled</Button>); expect(screen.getByRole("button")).toBeDisabled(); }); it("handles keyboard interaction", () => { const handleClick = jest.fn(); render(<Button onClick={handleClick}>Click</Button>); const button = screen.getByRole("button"); fireEvent.keyDown(button, { key: "Enter", code: "Enter" }); expect(handleClick).toHaveBeenCalled(); }); });
6.3 Integration Testing
// __tests__/auth.integration.test.tsx import { render, screen, waitFor } from "@testing-library/react"; import userEvent from "@testing-library/user-event"; import { LoginForm } from "@/components/LoginForm"; describe("Login Flow", () => { it("logs in user successfully", async () => { const user = userEvent.setup(); render(<LoginForm />); const emailInput = screen.getByLabelText(/email/i); const passwordInput = screen.getByLabelText(/password/i); const submitButton = screen.getByRole("button", { name: /login/i }); await user.type(emailInput, "test@example.com"); await user.type(passwordInput, "Password123!"); await user.click(submitButton); await waitFor(() => { expect(screen.queryByText(/loading/i)).not.toBeInTheDocument(); }); expect(screen.getByText(/welcome/i)).toBeInTheDocument(); }); it("displays error for invalid credentials", async () => { const user = userEvent.setup(); render(<LoginForm />); await user.type(screen.getByLabelText(/email/i), "wrong@example.com"); await user.type(screen.getByLabelText(/password/i), "WrongPassword123!"); await user.click(screen.getByRole("button", { name: /login/i })); await waitFor(() => { expect(screen.getByText(/invalid credentials/i)).toBeInTheDocument(); }); }); });
PART 7: BUILD TOOLS CONFIGURATION
7.1 Vite Configuration (Blazing Fast)
// vite.config.ts import { defineConfig } from "vite"; import react from "@vitejs/plugin-react"; import compression from "vite-plugin-compression"; import { visualizer } from "rollup-plugin-visualizer"; export default defineConfig({ plugins: [ react({ jsxRuntime: "automatic", jsxImportSource: "@emotion/react", }), compression({ verbose: true, disable: false, threshold: 10240, algorithm: "brotliCompress", ext: ".br", }), visualizer({ open: true, }), ], build: { target: "ES2020", minify: "terser", reportCompressedSize: true, rollupOptions: { output: { manualChunks: { vendor: ["react", "react-dom"], router: ["react-router-dom"], state: ["zustand"], }, }, }, }, server: { middlewareMode: false, proxy: { "/api": "http://localhost:3001", }, }, });
7.2 Webpack Configuration (Enterprise)
// webpack.config.js const path = require("path"); const HtmlWebpackPlugin = require("html-webpack-plugin"); const TerserPlugin = require("terser-webpack-plugin"); const CompressionPlugin = require("compression-webpack-plugin"); const BundleAnalyzerPlugin = require("webpack-bundle-analyzer").BundleAnalyzerPlugin; module.exports = { mode: process.env.NODE_ENV || "development", entry: "./src/index.tsx", output: { path: path.resolve(__dirname, "dist"), filename: "[name].[contenthash].js", chunkFilename: "[name].[contenthash].chunk.js", clean: true, }, module: { rules: [ { test: /\.[jt]sx?$/, exclude: /node_modules/, use: { loader: "babel-loader", options: { presets: [ ["@babel/preset-env", { modules: false }], ["@babel/preset-react", { runtime: "automatic" }], "@babel/preset-typescript", ], }, }, }, { test: /\.css$/, use: ["style-loader", "css-loader", "postcss-loader"], }, ], }, optimization: { minimize: true, minimizer: [ new TerserPlugin({ terserOptions: { compress: { drop_console: true }, }, }), ], splitChunks: { chunks: "all", cacheGroups: { vendor: { test: /[\\/]node_modules[\\/]/, name: "vendors", priority: 10, }, common: { minChunks: 2, priority: 5, reuseExistingChunk: true, }, }, }, }, plugins: [ new HtmlWebpackPlugin({ template: "./public/index.html", minify: { removeComments: true, collapseWhitespace: true, }, }), new CompressionPlugin({ algorithm: "gzip", test: /\.(js|css|html|svg)$/, threshold: 10240, minRatio: 0.8, }), process.env.ANALYZE && new BundleAnalyzerPlugin(), ].filter(Boolean), devServer: { port: 3000, historyApiFallback: true, proxy: { "/api": "http://localhost:3001", }, }, };
PART 8: ACCESSIBILITY (A11Y)
8.1 Accessible Components
// components/accessible/AccessibleButton.tsx import { ReactNode } from "react"; interface AccessibleButtonProps { children: ReactNode; onClick: () => void; disabled?: boolean; ariaLabel?: string; ariaPressed?: boolean; role?: "button" | "tab" | "menuitem"; } export function AccessibleButton({ children, onClick, disabled = false, ariaLabel, ariaPressed, role = "button", }: AccessibleButtonProps) { return ( <button onClick={onClick} disabled={disabled} aria-label={ariaLabel} aria-pressed={ariaPressed} role={role} className="px-4 py-2 rounded font-semibold transition" style={{ // Focus visible for keyboard navigation outline: "2px solid transparent", outlineOffset: "2px", }} onKeyDown={(e) => { if (e.key === "Enter" || e.key === " ") { e.preventDefault(); onClick(); } }} > {children} </button> ); }
8.2 ARIA Labels & Attributes
// components/accessible/AccessibleForm.tsx export function AccessibleForm() { return ( <form aria-labelledby="form-title"> <h1 id="form-title">Login Form</h1> <div className="form-group"> <label htmlFor="email-input"> Email Address <span aria-label="required">*</span> </label> <input id="email-input" type="email" aria-required="true" aria-describedby="email-error" placeholder="you@example.com" /> <div id="email-error" role="alert"> {/* Error messages here */} </div> </div> <button type="submit" aria-label="Submit login form" > Login </button> </form> ); }
PART 9: SEO OPTIMIZATION
9.1 Meta Tags & Structured Data
// app/layout.tsx import { Metadata } from "next"; export const metadata: Metadata = { title: "My Awesome App", description: "The best application ever built", openGraph: { type: "website", locale: "en_US", url: "https://example.com", siteName: "My App", images: [ { url: "https://example.com/og-image.png", width: 1200, height: 630, alt: "Preview Image", }, ], }, twitter: { card: "summary_large_image", creator: "@yourusername", }, robots: { index: true, follow: true, "max-image-preview": "large", "max-snippet": -1, "max-video-preview": -1, }, }; // Structured Data (JSON-LD) export function StructuredData() { const schema = { "@context": "https://schema.org", "@type": "Organization", name: "My App", url: "https://example.com", logo: "https://example.com/logo.png", sameAs: [ "https://twitter.com/yourusername", "https://linkedin.com/company/myapp", ], }; return ( <script type="application/ld+json" dangerouslySetInnerHTML={{ __html: JSON.stringify(schema) }} /> ); }
Continuing in next part due to length... This is PART 1-9 of the comprehensive skill.
Let me continue with remaining critical sections in the next file creation...