hayatosc/typescript-best-practices
skills/typescript-best-practices/SKILL.md
Implement, review, and refactor TypeScript code with a strong bias toward type safety. Use to fix TypeScript errors, remove `any` or unsafe `as`, review type safety, tighten TypeScript or lint settings, and ship ESM-first code that passes the repository's typecheck without weakening types.
$ install --global
skillsauthnpx skillsauth add hayatosc/dotfiles typescript-best-practicesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 28, 2026, 2:43 AM231.3s3 files scanned
SKILL.md
- name:
- typescript-best-practices
- description:
- Implement, review, and refactor TypeScript code with a strong bias toward type safety. Use to fix TypeScript errors, remove `any` or unsafe `as`, review type safety, tighten TypeScript or lint settings, and ship ESM-first code that passes the repository's typecheck without weakening types.
TypeScript Best Practices
Overview
Write and revise TypeScript with a bias toward precise types, safe narrowing, and passing typecheck without silencing errors. Prefer fixing the root cause over weakening types, widening signatures, or bypassing the checker.
Workflow
Follow these steps in order:
1. Inspect repository constraints
- Read the active
tsconfigfiles, ESLint configuration, and package scripts before changing code. - Reuse the repository's existing toolchain. If a typecheck script exists, run that. If the repository follows
typescript-recommend-tools, prefertsgo --noEmitas the main check and keeptsc --noEmitas the compatibility fallback. Otherwise, use the repository's currenttsc --noEmitpath. - For exported APIs, shared utilities, and non-trivial domain logic, sketch or confirm the types first. Prefer to model input, output, and invariants before writing implementation details.
2. Implement safely
- Prefer inference for local variables and explicit types at public boundaries.
- Treat network, file, JSON, DOM, environment, and third-party data as
unknownuntil narrowed. - Replace
anywith concrete types, generics,unknown, or utility types. - Replace unsafe
aswith narrowing, predicates, discriminated unions,satisfies, or small refactors that make the type relationship explicit. - Use branded types (
Branded<T, Brand>) to model primitives at core domain boundaries (such as unique identifiers, units of measurement, or validated payloads) to prevent accidental mixing of structurally identical data.
3. Tighten configuration when it materially improves safety
- If the user asks for TypeScript cleanup, type safety review, or strictness improvements, update
tsconfigandtypescript-eslintconfig as part of the work when the change is scoped and reviewable. - If the repository uses the Oxc stack, consider
oxlint --type-awarewithoxlint-tsgolintalongside compiler checks rather than introducing a separate ESLint migration by default. - Apply stricter settings incrementally. Do not turn a small fix into a repo-wide migration unless the user asked for that scope.
- Read
references/config-baseline.mdbefore changing compiler or lint settings.
4. Verify
- Run typecheck after every meaningful change set and finish only when it passes.
- When a change affects exported generics, reusable utility types, branded domain types, or library-like APIs, add or update compile-time type tests.
- Run lint and tests when the repository already provides them.
- If stricter settings expose unrelated repository-wide debt, describe the follow-up work clearly and keep the current patch focused.
Default Rules
- Prefer type-first design for reusable APIs and complex domain logic.
- Avoid
any. If the value is unknown, model it asunknownand narrow it. - Avoid unsafe type assertions.
as constand framework-required assertions are acceptable only when the runtime shape is already guaranteed. - Make union and enum handling exhaustive.
- Assume ES modules by default. Prefer
importandexport, and do not introducerequire,module.exports, or mixed-module patterns unless the repository is already CommonJS or the toolchain requires it. - Keep runtime and compile-time truth aligned. Add guards at external boundaries, and do not add a new validation library solely for typing unless the user asks or the repository already uses one.
- If runtime validation is needed, prefer the repository's existing library. If the repository has none, keep lightweight manual guards by default and add tools such as
zodorvalibotonly on explicit request or when the repository already standardizes on them. - Write TSDoc (
/** ... */) on all exported functions, classes, methods, interfaces, types, and constants. Include a summary sentence, describe each parameter with@param, and document return values with@returns. Use@throwswhen a function can throw. Do not duplicate type information already expressed in TypeScript signatures; focus on intent, constraints, and usage examples.
References
- Read
references/type-safety-patterns.mdfor concrete replacements foranyand unsafeas, plus modeling guidance for extracted types, branded types, and review heuristics. - Read
references/config-baseline.mdbefore changing TypeScript ortypescript-eslintsettings.
Related Skills
hayatosc/typescript-recommend-tools
tools
VerifiedTrustedCommunity
Recommend a modern TypeScript toolchain. Use when choosing or updating a TypeScript stack for Node or CLI projects, libraries or packages, and web apps or APIs; selecting tsgo as the primary typechecker with tsc as compatibility fallback; recommending Hono, tsx, tsdown, Vite, Vitest, oxlint, oxlint-tsgolint, oxfmt, or deciding between bun and pnpm.
1SKILL.mdUpdated May 27, 2026
hayatosc/self-ship
development
VerifiedTrustedCommunity
Self-review, improve, commit, and push code that Claude has just written. Use this skill when the user asks Claude to "self-ship", "review and ship", "review then commit and push", or wants Claude to autonomously review its own output, apply improvements, and publish the changes to the remote repository. Triggered by: "self-ship", "ship it", "review and push", "review my changes and commit", or similar requests to complete the full write → review → commit → push cycle.
1SKILL.mdUpdated May 27, 2026
hayatosc/refactoring-code
development
VerifiedTrustedCommunity
Analyze and execute behavior-preserving refactors in small, verified steps. Use when the user asks to refactor, clean up code structure, extract functions or modules, reduce duplication, improve maintainability, or modernize code without changing external behavior.
1SKILL.mdUpdated May 27, 2026
hayatosc/golang-best-practices
development
VerifiedTrustedCommunity
Comprehensive Go best practices for writing production-ready, idiomatic, secure, and maintainable code. Use when: (1) writing or reviewing Go code, (2) designing project structure and layout, (3) handling errors and contexts, (4) implementing concurrency, (5) writing tests or benchmarks, (6) optimizing performance, (7) applying security practices, (8) modernizing Go codebases. Covers coding style, project organization, error handling, testing, concurrency, performance, security, and modernization.
1SKILL.mdUpdated May 27, 2026