Shared Libraries¶
TL;DR — Four monorepos host all shared
@securitize/*packages:nestjs-shared(backend),reactjs-shared(frontend),commons-shared(cross-stack),bc-shared(blockchain, owned by the BC team). All built and published with Turborepo to a private npm registry.
Overview¶
To avoid duplication across ~150 repos, common utilities, middlewares, types, and components live in central monorepos. Every repo installs them as @securitize/* packages via the NPM token — see secrets.md for token handling.
The monorepos¶
| Monorepo | Focus | Typical packages |
|---|---|---|
| nestjs-shared | Backend (NestJS) | Logger, correlation IDs, auth middleware, database modules |
| reactjs-shared | Frontend (React) | Shared components, hooks, design system primitives |
| commons-shared | Cross-stack | Shared types, helpers, coverage-insights (see code-insights.md) |
| bc-shared | Blockchain (BC team) | blockchain-contracts, blockchain-slack-notifications, types, web3-hooks |
bc-shared release branch
bc-shared uses a release branch (not master) for publishing. Repo: https://bitbucket.org/securitize_dev/bc-shared
All monorepos follow the same packages/ folder layout:
{monorepo}/
├── packages/
│ ├── package-a/
│ │ └── package.json # publishes @securitize/package-a
│ ├── package-b/
│ └── ...
└── turbo.json
Package management¶
- Registry: private npm (internal license) — scope
@securitize. - Install: requires
SECURITIZE_READ_NPM_TOKENin.npmrc. See secrets.md. - Build & publish: Turborepo orchestrates build ordering and publishing across packages.
Publishing flow (high level)¶
- Update a package in the monorepo.
- Bump the version in that package's
package.json. - Merge PR → CI pipeline publishes new version to private npm via Turborepo.
- Consumer repos upgrade via
npm install @securitize/<package>@latest.
See also¶
- Code Insights & Coverage —
@securitize/coverage-insightslives incommons-shared. - Secrets — How the
@securitizescope is authenticated.