jake e776dc74f6 fix: harden CLI against path traversal, env injection, and cleartext registry fetches
- **`app.dir` and region key path traversal.** `appSpecSchema` now validates `dir` with `safeRelativePath` at parse time (rejecting `..`, absolute paths, and null bytes); the `regions` record key receives the same treatment. `applyModule` and `cmdRemove` re-check every resolved write/delete destination with the new `assertWithinRoot` helper, which walks the full symlink chain so a planted link can't redirect file operations outside the project root even if the lexical check passes.
- **Env var line injection in `.env.example`.** `envVarSchema` now validates `name` against `^[A-Za-z_][A-Za-z0-9_]*$` and rejects control characters in `example` and `description`; the `appendEnvVar` helper applies the same check as defense-in-depth so a crafted third-party module can't smuggle extra `KEY=value` lines into the generated file.
- **Cleartext registry/npm endpoint rejection.** Remote `http://` URLs for `STANZA_REGISTRY`, `registries[*].url`, and `STANZA_NPM_REGISTRY` are now refused (`STANZA_REGISTRY`/`STANZA_NPM_REGISTRY` hard-error; third-party `http://` entries warn and skip so the rest of the CLI keeps working). `file://`, bare filesystem paths, and loopback hosts stay allowed for local-dev and CI-fixture workflows. Set `STANZA_ALLOW_INSECURE_REGISTRY=1` to opt into a trusted internal `http://` mirror with a one-time stderr warning.
2026-06-09 12:50:43 -04:00
2026-05-22 18:37:24 -04:00
2026-05-22 18:37:24 -04:00
2026-05-20 11:52:53 -04:00

Stanza

Modular monorepo template CLI — aka shadcn for full-stack TypeScript projects.

npm init stanza my-revolutionary-app

Pick a framework, ORM, database, auth provider, and UI — get a clean monorepo with idiomatic code, vendored into your repo. Layer in more modules later with stanza-cli add.

Warning

Major work in progress! See the module registry for the roadmap.

Why Stanza?

  • add works after init. Run stanza add on an existing project — it's manifest-driven and peer-aware, so it picks the right adapter for your stack and wires deps, env, and templates into the correct workspace package.
  • Your code, vendored. Generated files land in your repo verbatim. There's no Stanza runtime to install or carry around.
  • Open registry. Modules are static JSON. Point the CLI at your own host and serve custom modules.

Quick start

npm init stanza my-app
cd my-app
npm install
npm run dev

Add a module to an existing project at any time:

npx stanza-cli add auth better-auth

auth, db, and orm install into their own internal workspace packages (packages/auth/, packages/db/, named @<your-app>/auth, @<your-app>/db); your app consumes them via workspace:*. Swapping an auth provider replaces the contents of packages/auth/ without touching your app's imports.

Docs

Full guides and the CLI reference live at stanza.tools/docs. Assemble a stack visually with the builder at stanza.tools.

What's inside

apps/
  cli/            # stanza-cli — the CLI binary
  web/            # https://stanza.tools (TanStack Start)
packages/
  schema/         # @withstanza/schema — stanza.json + module schema, contract types, category list
  registry/       # slot/peer/capability resolver + package.json/env/template synthesis
  codemods/       # ts-morph helpers for region-aware patching
  utils/          # shared path-safety + env-file helpers
  create-stanza/  # `npm init stanza` template shim
registry/
  modules/        # first-party modules (framework, orm, db, auth, ui, tooling, testing)
scripts/
  compile-registry.ts  # builds the static registry JSON the CLI consumes

License

MIT

S
Description
🥁 shadcn for infrastructure.
https://stanza.tools
Readme MIT
3.7 MiB
Languages
TypeScript 91.5%
MDX 6.1%
CSS 2.2%
JavaScript 0.2%