chore: update configuration files and ignore patterns

[vancura]

• Added .npmignore to specify files to exclude from npm package.
• Updated .gitignore to refine ignored files and added new patterns.
• Modified .prettierignore to exclude additional generated files.
• Adjusted .editorconfig and .gitattributes for consistency.
• Enhanced biome.json with new formatting and linting rules.
• Updated cspell.json to include new words and adjust ignore patterns.
• Refined eslint.config.js to include new rules and ignored files.
• Updated prettier.config.js for improved formatting settings.
• Made minor adjustments to styles.css for consistency in quotes.

This PR updates various configuration files and ignore patterns to standardize tooling configurations and clarify file handling across the project.

Configuration File Updates:

The PR introduces a new .npmignore file to control which files are published to npm, initially ignoring all files and then whitelisting dist/, README.md, and LICENSE.

Ignore Pattern Refinements:

• .cfignore: Added blank line after initial comment lines
• .gitignore: Renamed build section heading from "Build outputs" to "Build output", added new ignore patterns for .iml, .zed/, .cursor/ directories, and minified assets (*.min.js, *.min.css)
• .prettierignore: Added patterns to ignore all JSON files and generation-ignore entries for CLAUDE.md, .rules, and CHANGELOG.md
• eslint.config.js: Extended global ignore patterns to include CLAUDE.md and .rules
• cspell.json: Added CLAUDE.md to ignorePaths and expanded hex pattern recognition from 6-8 digits to 3-8 digits

Tool Configuration Enhancements:

• biome.json: Enabled formatWithErrors, added attributePosition: auto, new JavaScript formatter options (bracketSpacing: true, bracketSameLine: false, quoteProperties: asNeeded), CSS module support, single quote style for CSS, and expanded linter rules including style rules (noNonNullAssertion: warn, useConst: error, useBlockStatements: off, etc.) and security rules (noDangerouslySetInnerHtml: error, noDebugger: error)
• prettier.config.js: Increased global tabWidth from 2 to 4, added proseWrap: 'always' and htmlWhitespaceSensitivity: 'css'
• eslint.config.js: Added new Promise-related rules (promise/no-return-wrap: error, promise/param-names: error, promise/no-nesting: warn)
• cspell.json: Added allowCompoundWords and dictionaries configuration, refined word list, and removed version field
• .editorconfig: Removed Makefile-specific tab indentation override
• .gitattributes: Removed binary classification for SVG files

Minor Updates:

• demos/styles.css: Updated string quotes from double to single quotes in tailwind imports, font-family, and content values
• package.json: Added two new security audit scripts (security:audit and security:audit:fix)
• scripts/sync-rules.mjs: Removed shebang line and ESLint disable directive

These changes standardize tool configurations, improve consistency in ignore patterns, and enhance linting and formatting rule coverage across the project.

[coderabbitai]

Walkthrough

The pull request updates multiple configuration files across linting, formatting, and ignore patterns. Changes include formatter configuration adjustments, expanded linting rules, new npm publish rules, and updated ignore patterns for various tools.

Changes

Cohort / File(s)	Summary
Ignore and Editor Configuration Files .cfignore, .editorconfig, .gitattributes, .gitignore, .npmignore, .prettierignore	Updated and introduced multiple ignore patterns: .cfignore adds formatting spacing; .editorconfig removes Makefile tab override; .gitattributes removes SVG binary classification; .gitignore updates build output heading and adds patterns for *.iml, .zed/, .cursor/, *.min.js, *.min.css; .npmignore created with publish rules; .prettierignore adds *.json, CLAUDE.md, .rules, CHANGELOG.md patterns
Linting and Formatting Configuration biome.json, eslint.config.js, prettier.config.js, cspell.json	biome.json extends JavaScript/CSS formatting with new options (bracketSpacing, quoteStyle, cssModules) and adds linter rules (noNonNullAssertion, useConst, noDebugger, noDangerouslySetInnerHtml); eslint.config.js adds CLAUDE.md/.rules ignores and Promise-related rules; prettier.config.js increases tabWidth from 2 to 4 and adds proseWrap/htmlWhitespaceSensitivity; cspell.json updates dictionaries, adds allowCompoundWords, removes version field, expands hex pattern matching to 3-8 digits
Project Scripts and Package Management package.json, scripts/sync-rules.mjs	package.json adds two new security audit scripts (security:audit, security:audit:fix); scripts/sync-rules.mjs removes shebang line and ESLint directive comment
Asset Files demos/styles.css	CSS import and string values updated from double quotes to single quotes (tailwind import, font-family, content)

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary focus of the changeset: configuration and ignore pattern updates across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch settings-maintenance

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.gitignore (1)

44-46: Appropriate IDE file exclusions.

The additions correctly ignore IntelliJ IDEA module files (*.iml) and modern IDE directories (.zed/, .cursor/).

Note: .cursor/ appears twice in this file (line 22 under generated AI rules and line 46 under IDE files). While Git will handle this correctly, you may want to consolidate to a single entry for clarity.

prettier.config.js (1)

14-20: Consider the scope of root-level settings.

The new root-level settings have the following implications:

• tabWidth: 4 won't affect Markdown (uses 2) or YAML (uses 2) due to overrides, and the file comment states Prettier is only used for those file types
• proseWrap: 'always' duplicates the Markdown override at line 27
• htmlWhitespaceSensitivity: 'css' is Prettier's default value

If Prettier truly only formats Markdown and YAML in this project, consider whether these root settings serve a purpose or add potential confusion.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5bf5134 and 1506859.

📒 Files selected for processing (13)

• .cfignore
• .editorconfig
• .gitattributes
• .gitignore
• .npmignore
• .prettierignore
• biome.json
• cspell.json
• demos/styles.css
• eslint.config.js
• package.json
• prettier.config.js
• scripts/sync-rules.mjs

💤 Files with no reviewable changes (3)

• scripts/sync-rules.mjs
• .editorconfig
• .gitattributes

🔇 Additional comments (22)

.npmignore (1)

1-10: LGTM! Well-structured npm ignore rules.

The deny-all-then-allow pattern is best practice for npm packages. The whitelisted items (dist, README, LICENSE) are appropriate for distribution. The comment correctly notes this documents publishing intent even for private repositories.

.prettierignore (1)

28-35: LGTM! Consistent tool separation.

The additions correctly delegate JSON formatting to Biome and exclude generated files (CLAUDE.md, .rules, CHANGELOG.md) that appear in other ignore configurations across the project.

.cfignore (1)

3-3: LGTM! Formatting improvement.

The blank line improves readability without changing behavior.

.gitignore (1)

69-71: LGTM! Minified assets correctly excluded.

Build artifacts like minified JavaScript and CSS files are appropriately ignored and align with similar patterns in .prettierignore.

eslint.config.js (2)

29-30: LGTM! Consistent ignore patterns across tools.

Adding CLAUDE.md and .rules aligns with the ignore patterns in .prettierignore and .gitignore, maintaining consistency across the toolchain.

---

104-106: LGTM! Enhanced promise handling rules.

The three added rules enforce promise best practices:

• no-return-wrap prevents unnecessary wrapping
• param-names enforces standard naming conventions
• no-nesting encourages proper promise chaining

The severity levels (error for the first two, warn for nesting) are appropriately balanced.

demos/styles.css (3)

1-1: LGTM! Quote style consistency.

The change from double to single quotes aligns with the singleQuote: true setting in prettier.config.js.

---

20-20: LGTM! Quote style consistency.

Switching to single quotes maintains consistency with the project's formatting standards.

---

38-45: LGTM! Quote style consistency in content values.

The Unicode escape sequences for list markers (▸ and ✓) remain functionally identical with single quotes while maintaining consistency with project formatting standards.

package.json (1)

56-57: LGTM! Valuable security audit commands.

The new security scripts provide convenient access to pnpm's audit functionality. The moderate audit level appropriately filters for actionable vulnerabilities while the fix script enables automated remediation.

cspell.json (3)

4-5: Good additions for technical spell-checking.

The allowCompoundWords flag and explicit dictionaries list will improve spell-checking accuracy for technical documentation and code.

---

51-51: Consistent ignore pattern across tooling.

Adding CLAUDE.md to ignorePaths aligns with similar entries in .prettierignore and other configuration files.

---

57-57: Improved hex pattern coverage.

Expanding the hex digit range from {6,8} to {3,8} now properly covers shorthand hex colors like #FFF and #FFFF, which is more comprehensive.

biome.json (9)

18-19: Improved formatter flexibility.

Enabling formatWithErrors allows code formatting during development even when syntax errors are present, which can improve workflow efficiency. The attributePosition: "auto" setting ensures consistent HTML/JSX attribute positioning.

---

27-30: Sensible JavaScript formatting rules.

The added formatter options enforce consistent code style: always using parentheses for arrow functions, spacing in object literals, multiline bracket positioning, and minimal quote usage on properties.

---

41-41: CSS Modules support enabled.

Enabling cssModules adds proper parsing support for CSS Modules, which is beneficial for modern component-based styling workflows.

---

48-48: Consistent quote style across languages.

Changing CSS quoteStyle to single quotes aligns with the JavaScript configuration (line 24), maintaining consistent quote usage throughout the codebase.

---

58-64: Solid style rules for code quality.

The new style rules enforce good practices: preferring const over let, warning about non-null assertions and parameter reassignment, and requiring explicit import type syntax. These improve code safety and maintainability.

---

67-67: Prevents debugger statements in production.

Adding noDebugger: "error" ensures that debugger statements don't accidentally make it into production code, which is a good safety practice.

---

77-77: Allows forEach usage.

Disabling noForEach permits the use of array.forEach(), prioritizing readability over the minor performance benefits of for-of loops. This is a reasonable trade-off for most applications.

---

81-83: Critical XSS protection.

Adding noDangerouslySetInnerHtml: "error" in the security rules helps prevent cross-site scripting vulnerabilities by flagging potentially dangerous HTML injection patterns. This is an essential security safeguard.

---

21-21: Import organization is correctly delegated to ESLint.

The organizeImports: "off" setting is appropriate because import organization is handled by eslint-plugin-simple-import-sort (configured in eslint.config.js with rules set to 'error'), preventing conflicts between Biome and ESLint.