A small static pre-launch site showcasing the Voder project. This repository contains the source for the site, developer tooling (ESLint, Prettier, Vitest), and scripts used during development and CI.
Prerequisites
- Node.js >= 20.0.0 (the project enforces this via package.json
engines). We recommend using a Node version manager such as nvm, asdf, or Volta.
Install dependencies (non-interactive)
- npm ci
Run locally
- npm run dev Starts the Vite dev server (default: http://localhost:5173). Open that URL in the browser.
Build for production
- npm run build
Produces a production build in the
dist/directory.
Preview production build
- npm run preview
Serves the
dist/build locally for a quick smoke test.
Type checking
- npm run type-check Runs TypeScript checking (no emit).
Tests
- npm test Runs the test suite (Vitest, jsdom).
- npm run test:coverage
Runs tests and generates a coverage report (text + html). The HTML report is written to
coverage/index.html. - npm run screenshots Runs Playwright E2E tests locally to generate visual regression screenshots.
- npm run e2e:ci:prod Runs production verification tests against https://voder.ai to ensure the deployed site is working correctly and not showing hosting provider holding pages.
Lint and format
- npm run lint
- npm run lint:fix
- npm run format
- npm run format:check
Health and maintenance scripts
- npm run prepare
Runs
scripts/prepare-libraries.js(used by the development environment).
Git hooks
- The repository uses
simple-git-hooksto enforce quality standards on every commit - Pre-commit hooks automatically run: lint:check, format:check, type-check, test:ci
- Hooks are installed automatically during
npm installvia the postinstall script - All quality checks must pass before commits are allowed
- To bypass hooks temporarily (not recommended):
git commit --no-verify
Security
- Security Policy: See
docs/SECURITY-POLICY.mdfor vulnerability management procedures - Security Incidents: Unpatchable vulnerabilities documented in
docs/security-incidents/ - npm audit: Integrated into CI/CD pipeline for continuous security monitoring
- Vulnerability Acceptance: 14-day acceptance criteria for unpatchable vulnerabilities
- For unpatchable security issues: Create formal security incident using
prompt-assets/security-incident-template.md
Verification (CI-local)
-
The repository provides a
verifyscript which runs an opinionated sequence of checks intended for CI and developer verification:npm run verify
The sequence includes an audit fix, lint autofix, lint checks, format checks, a production build and the test suite with coverage. Run this locally when preparing a release or when a PR touches build/config files.
Notes for contributors
- Tests are designed to avoid writing files into the repository. If you need file fixtures in tests, use
os.tmpdir()and ensure artifacts are cleaned up. - The test configuration focuses coverage on application source under
src/. If you add source used by runtime, ensure tests exercise it so coverage remains accurate.
Troubleshooting
- If
npm cifails due to node engine mismatch, switch your Node version to a compatible one (>=20.0.0). - If lint or format fails, run
npm run lint:fixornpm run formatand re-run verification. - If tests fail locally but pass in CI, ensure you have installed dependencies with
npm ci(CI uses a lockfile to install reproducible versions).
Contact
- For repository-level questions, open an issue or PR on GitHub.