feat: Add dependency-cruiser for dependency graph validation (#2999)

* feat(boilerplate): add dependency-cruiser configuration and update navigation types

- Introduced a new `.dependency-cruiser.js` file for managing dependency rules and warnings.
- Updated `package.json` to include a script for running dependency-cruiser.
- Refactored navigation type definitions by consolidating them into `navigationTypes.ts` for better organization.
- Adjusted imports across various components to utilize the new navigation types structure.

* feat(cli): add dependency-cruiser configuration and update package scripts

- Introduced a new `.dependency-cruiser.js` file to manage dependency rules and warnings.

- Updated `package.json` to include a script for running dependency-cruiser.

- Modified CircleCI configuration to run dependency-cruiser as part of the static tests.

- Refactored generator options in `src/tools/generators.ts` for improved type handling.

- Updated `src/tools/spawn.ts` to use `cross-spawn` directly for better clarity.

* feat(cli): add scripts for generating dependency graph visualizations

- Updated `.gitignore` to exclude generated dependency graph files.
- Enhanced `package.json` with a new script to generate SVG and PNG visualizations of the dependency graph using dependency-cruiser.

* fix(cli): update dependency graph script to use 'src' instead of 'app'

- Modified the `depcruise:graph` script in `package.json` to target the 'src' directory for generating dependency graph visualizations.
- Updated `.gitignore` to include new graph output files.

* fix(boilerplate): update ReactotronConfig import path and clean demo dependencies

- Adjusted the import path for ReactotronConfig in _layout.tsx to reflect the correct directory structure.
- Removed "@react-navigation/bottom-tabs" from demoDependenciesToRemove in demo.ts for cleaner dependency management.

* refactor(boilerplate): move hasValidStringProp utility to DemoShowroomScreen

- Integrated the hasValidStringProp function directly into DemoShowroomScreen.tsx for improved accessibility and type safety.
- Removed the standalone hasValidStringProp.ts file to streamline the codebase.

* fix(boilerplate): correct ReactotronConfig import path in _layout.tsx

- Updated the import path for ReactotronConfig to align with the new directory structure.

* feat(boilerplate): add utility function for delaying execution in dependency-cruiser config

- Included "utils/delay.ts" in the dependency-cruiser configuration to manage execution delays effectively.

* chore(boilerplate): update .gitignore to exclude app-dependency-graph.dot file

* feat(boilerplate): update dependency-cruiser configuration to use metroConfig for extensions

- Replaced hardcoded file extensions in .dependency-cruiser.js with dynamic mapping from metroConfig's sourceExts for improved flexibility and maintainability.

* fix(boilerplate): update ReactotronConfig import path to use alias

- Changed the import path for ReactotronConfig in _layout.tsx to use the alias "@/devtools/ReactotronConfig" for consistency with the project's directory structure.

* refactor(boilerplate): enhance dependency-cruiser configuration with dynamic platform extensions

- Added support for multiple platform-specific file extensions in .dependency-cruiser.js by dynamically mapping them from metroConfig's sourceExts, improving flexibility and maintainability.

* feat(cli): implement update function for package.json in Expo Router

- Added a new utility function to update the `package.json` scripts for dependency-cruiser to use the 'src' directory instead of 'app', enhancing project structure consistency.
- Removed outdated script replacements from the previous implementation for cleaner code.

Author: joshuayoes

.circleci/config.yml

@@ -59,7 +59,7 @@ jobs:
           key: ignite-deps-cache-{{ .Environment.IGNITE_DEPS_PACKAGER }}-{{ checksum "boilerplate/package.json" }}-{{ arch }}-{{ .Environment.IGNITE_DEPS_KEY_SUFFIX }}
       - run:
           name: Run static tests
-          command: yarn format:check && yarn lint && yarn typecheck
+          command: yarn format:check && yarn lint && yarn typecheck && yarn depcruise
       - run:
           name: Run jest tests
           command: yarn test

.dependency-cruiser.js

@@ -0,0 +1,181 @@
+/** @type {import('dependency-cruiser').IConfiguration} */
+module.exports = {
+  forbidden: [
+    {
+      name: "no-circular",
+      severity: "warn",
+      comment:
+        "This dependency is part of a circular relationship. You might want to revise " +
+        "your solution (i.e. use dependency inversion, make sure the modules have a single responsibility) ",
+      from: {},
+      to: {
+        circular: true,
+      },
+    },
+    {
+      name: "no-orphans",
+      comment:
+        "This is an orphan module - it's likely not used (anymore?). Either use it or " +
+        "remove it. If it's logical this module is an orphan (i.e. it's a config file), " +
+        "add an exception for it in your dependency-cruiser configuration. By default " +
+        "this rule does not scrutinize dot-files (e.g. .eslintrc.js), TypeScript declaration " +
+        "files (.d.ts), tsconfig.json and some of the babel and webpack configs.",
+      severity: "warn",
+      from: {
+        orphan: true,
+        pathNot: [
+          "(^|/)\\.[^/]+\\.(js|cjs|mjs|ts|json)$",
+          "\\.d\\.ts$",
+          "(^|/)tsconfig\\.json$",
+          "(^|/)(babel|webpack)\\.config\\.(js|cjs|mjs|ts|json)$",
+          "template\\.config\\.js$", // template config for Ignite CLI
+          "bin/ignite$", // CLI entry point
+        ],
+      },
+      to: {},
+    },
+    {
+      name: "no-deprecated-core",
+      comment:
+        "A module depends on a node core module that has been deprecated. Find an alternative - these are " +
+        "bound to exist - node doesn't deprecate lightly.",
+      severity: "warn",
+      from: {},
+      to: {
+        dependencyTypes: ["core"],
+        path: ["^(punycode)$", "^(domain)$", "^(constants)$", "^(sys)$"],
+      },
+    },
+    {
+      name: "not-to-deprecated",
+      comment:
+        "This module uses a (version of an) npm module that has been deprecated. Either upgrade to a later " +
+        "version of that module, or find an alternative. Deprecated modules are a security risk.",
+      severity: "warn",
+      from: {},
+      to: {
+        dependencyTypes: ["deprecated"],
+      },
+    },
+    {
+      name: "no-non-package-json",
+      severity: "error",
+      comment:
+        "This module depends on an npm package that isn't in the 'dependencies' section of your package.json. " +
+        "That's problematic as the package either (1) won't be available on live (2) will be " +
+        "available on live with an non-guaranteed version. Fix it by adding the package to the dependencies " +
+        "in your package.json.",
+      from: {},
+      to: {
+        dependencyTypes: ["npm-no-pkg", "npm-unknown"],
+      },
+    },
+    {
+      name: "not-to-unresolvable",
+      comment:
+        "This module depends on a module that cannot be found ('resolved to disk'). If it's an npm " +
+        "module: add it to your package.json. In all other cases you likely already know what to do.",
+      severity: "error",
+      from: {},
+      to: {
+        couldNotResolve: true,
+      },
+    },
+    {
+      name: "no-duplicate-dep-types",
+      comment:
+        "Likely this module depends on an external ('npm') package that occurs more than once " +
+        "in your package.json i.e. bot as a devDependencies and in dependencies. This will cause " +
+        "maintenance problems later on.",
+      severity: "warn",
+      from: {},
+      to: {
+        moreThanOneDependencyType: true,
+        dependencyTypesNot: ["type-only"],
+      },
+    },
+    {
+      name: "not-to-spec",
+      comment:
+        "This module depends on a spec (test) file. The sole responsibility of a spec file is to test code. " +
+        "If there's something in a spec that's of use to other modules, it doesn't have that single " +
+        "responsibility anymore. Factor it out into (e.g.) a separate utility/ helper or a mock.",
+      severity: "error",
+      from: {
+        pathNot: "\\.(spec|test)\\.(js|mjs|cjs|ts|tsx)$",
+      },
+      to: {
+        path: "\\.(spec|test)\\.(js|mjs|cjs|ts|tsx)$",
+      },
+    },
+    {
+      name: "not-to-dev-dep",
+      severity: "error",
+      comment:
+        "This module depends on an npm package from the 'devDependencies' section of your " +
+        "package.json. It looks like something that ships to production, though. To prevent problems " +
+        "with npm packages that aren't there on production declare it (only!) in the 'dependencies'" +
+        "section of your package.json. If this module is development only - add it to the " +
+        "from.pathNot re of the not-to-dev-dep rule in the dependency-cruiser configuration",
+      from: {
+        path: "^(src)",
+        pathNot: "\\.(spec|test)\\.(js|mjs|cjs|ts|tsx)$",
+      },
+      to: {
+        dependencyTypes: ["npm-dev"],
+        pathNot: ["node_modules/@types/"],
+      },
+    },
+    {
+      name: "optional-deps-used",
+      severity: "info",
+      comment:
+        "This module depends on an npm package that is declared as an optional dependency " +
+        "in your package.json. As this makes sense in limited situations only, it's flagged here. " +
+        "If you're using an optional dependency here by design - add an exception to your" +
+        "dependency-cruiser configuration.",
+      from: {},
+      to: {
+        dependencyTypes: ["npm-optional"],
+      },
+    },
+    {
+      name: "peer-deps-used",
+      comment:
+        "This module depends on an npm package that is declared as a peer dependency " +
+        "in your package.json. This makes sense if your package is e.g. a plugin, but in " +
+        "other cases - maybe not so much. If the use of a peer dependency is intentional " +
+        "add an exception to your dependency-cruiser configuration.",
+      severity: "warn",
+      from: {},
+      to: {
+        dependencyTypes: ["npm-peer"],
+      },
+    },
+  ],
+  options: {
+    doNotFollow: {
+      path: "node_modules",
+    },
+    tsPreCompilationDeps: true,
+    tsConfig: {
+      fileName: "tsconfig.json",
+    },
+    enhancedResolveOptions: {
+      exportsFields: ["exports"],
+      conditionNames: ["import", "require", "node", "default"],
+      extensions: [".ts", ".js", ".json"],
+    },
+    reporterOptions: {
+      dot: {
+        collapsePattern: "node_modules/(@[^/]+/[^/]+|[^/]+)",
+      },
+      archi: {
+        collapsePattern: "^(src|test)/[^/]+",
+      },
+      text: {
+        highlightFocused: true,
+      },
+    },
+  },
+}

.gitignore

@@ -42,3 +42,7 @@ test/artifacts/*
 # Ignore build artifacts
 .yarn/build-state.yml
 .yarn/install-state.gz
+
+# Dependency graph visualizations
+ignite-cli-dependency-graph.svg
+ignite-cli-dependency-graph.png

boilerplate/.dependency-cruiser.js

@@ -0,0 +1,195 @@
+const metroConfig = require("./metro.config.js")
+
+const platforms = ["ios", "android", "web", "native"]
+const extensions = metroConfig?.resolver?.sourceExts.flatMap((pExt) =>
+  platforms.map((platform) => `.${platform}.${pExt}`).concat(`.${pExt}`),
+)
+
+/** @type {import('dependency-cruiser').IConfiguration} */
+module.exports = {
+  forbidden: [
+    {
+      name: "no-circular",
+      severity: "warn",
+      comment:
+        "This dependency is part of a circular relationship. You might want to revise " +
+        "your solution (i.e. use dependency inversion, make sure the modules have a single responsibility) ",
+      from: {},
+      to: {
+        circular: true,
+      },
+    },
+    {
+      name: "no-orphans",
+      comment:
+        "This is an orphan module - it's likely not used (anymore?). Either use it or " +
+        "remove it. If it's logical this module is an orphan (i.e. it's a config file), " +
+        "add an exception for it in your dependency-cruiser configuration. By default " +
+        "this rule does not scrutinize dot-files (e.g. .eslintrc.js), TypeScript declaration " +
+        "files (.d.ts), tsconfig.json and some of the babel and webpack configs.",
+      severity: "warn",
+      from: {
+        orphan: true,
+        pathNot: [
+          "(^|/)\\.[^/]+\\.(js|cjs|mjs|ts|json)$",
+          "\\.d\\.ts$",
+          "(^|/)tsconfig\\.json$",
+          "(^|/)(babel|webpack)\\.config\\.(js|cjs|mjs|ts|json)$",
+          "crashReporting\\.ts$", // Boilerplate file for future crash reporting setup
+          "utils/delay\\.ts$", // Utility function for delaying execution
+        ],
+      },
+      to: {},
+    },
+    {
+      name: "no-deprecated-core",
+      comment:
+        "A module depends on a node core module that has been deprecated. Find an alternative - these are " +
+        "bound to exist - node doesn't deprecate lightly.",
+      severity: "warn",
+      from: {},
+      to: {
+        dependencyTypes: ["core"],
+        path: ["^(punycode)$", "^(domain)$", "^(constants)$", "^(sys)$"],
+      },
+    },
+    {
+      name: "not-to-deprecated",
+      comment:
+        "This module uses a (version of an) npm module that has been deprecated. Either upgrade to a later " +
+        "version of that module, or find an alternative. Deprecated modules are a security risk.",
+      severity: "warn",
+      from: {},
+      to: {
+        dependencyTypes: ["deprecated"],
+      },
+    },
+    {
+      name: "no-non-package-json",
+      severity: "error",
+      comment:
+        "This module depends on an npm package that isn't in the 'dependencies' section of your package.json. " +
+        "That's problematic as the package either (1) won't be available on live (2) will be " +
+        "available on live with an non-guaranteed version. Fix it by adding the package to the dependencies " +
+        "in your package.json.",
+      from: {},
+      to: {
+        dependencyTypes: ["npm-no-pkg", "npm-unknown"],
+      },
+    },
+    {
+      name: "not-to-unresolvable",
+      comment:
+        "This module depends on a module that cannot be found ('resolved to disk'). If it's an npm " +
+        "module: add it to your package.json. In all other cases you likely already know what to do.",
+      severity: "error",
+      from: {},
+      to: {
+        couldNotResolve: true,
+      },
+    },
+    {
+      name: "no-duplicate-dep-types",
+      comment:
+        "Likely this module depends on an external ('npm') package that occurs more than once " +
+        "in your package.json i.e. bot as a devDependencies and in dependencies. This will cause " +
+        "maintenance problems later on.",
+      severity: "warn",
+      from: {},
+      to: {
+        moreThanOneDependencyType: true,
+        dependencyTypesNot: ["type-only"],
+      },
+    },
+    {
+      name: "not-to-spec",
+      comment:
+        "This module depends on a spec (test) file. The sole responsibility of a spec file is to test code. " +
+        "If there's something in a spec that's of use to other modules, it doesn't have that single " +
+        "responsibility anymore. Factor it out into (e.g.) a separate utility/ helper or a mock.",
+      severity: "error",
+      from: {
+        pathNot: "\\.(spec|test)\\.(js|mjs|cjs|ts|tsx)$",
+      },
+      to: {
+        path: "\\.(spec|test)\\.(js|mjs|cjs|ts|tsx)$",
+      },
+    },
+    {
+      name: "not-to-dev-dep",
+      severity: "error",
+      comment:
+        "This module depends on an npm package from the 'devDependencies' section of your " +
+        "package.json. It looks like something that ships to production, though. To prevent problems " +
+        "with npm packages that aren't there on production declare it (only!) in the 'dependencies'" +
+        "section of your package.json. If this module is development only - add it to the " +
+        "from.pathNot re of the not-to-dev-dep rule in the dependency-cruiser configuration",
+      from: {
+        path: "^(app|src)",
+        pathNot: "\\.(spec|test)\\.(js|mjs|cjs|ts|tsx)$",
+      },
+      to: {
+        dependencyTypes: ["npm-dev"],
+        pathNot: ["node_modules/@types/"],
+        exoticRequireNot: [
+          "react-native/Libraries/Utilities/codegenNativeComponent",
+          "react-native/Libraries/Utilities/codegenNativeCommands",
+        ],
+      },
+    },
+    {
+      name: "optional-deps-used",
+      severity: "info",
+      comment:
+        "This module depends on an npm package that is declared as an optional dependency " +
+        "in your package.json. As this makes sense in limited situations only, it's flagged here. " +
+        "If you're using an optional dependency here by design - add an exception to your" +
+        "dependency-cruiser configuration.",
+      from: {},
+      to: {
+        dependencyTypes: ["npm-optional"],
+      },
+    },
+    {
+      name: "peer-deps-used",
+      comment:
+        "This module depends on an npm package that is declared as a peer dependency " +
+        "in your package.json. This makes sense if your package is e.g. a plugin, but in " +
+        "other cases - maybe not so much. If the use of a peer dependency is intentional " +
+        "add an exception to your dependency-cruiser configuration.",
+      severity: "warn",
+      from: {},
+      to: {
+        dependencyTypes: ["npm-peer"],
+      },
+    },
+  ],
+  options: {
+    doNotFollow: {
+      path: "node_modules",
+    },
+    tsPreCompilationDeps: true,
+    tsConfig: {
+      fileName: "tsconfig.json",
+    },
+    enhancedResolveOptions: {
+      exportsFields: ["exports"],
+      conditionNames: ["import", "require", "node", "default"],
+      // React Native / Metro bundler support for platform-specific extensions
+      // See: https://reactnative.dev/docs/platform-specific-code
+      // See: https://github.com/sverweij/dependency-cruiser/issues/511
+      extensions,
+    },
+    reporterOptions: {
+      dot: {
+        collapsePattern: "node_modules/(@[^/]+/[^/]+|[^/]+)",
+      },
+      archi: {
+        collapsePattern: "^(app|src|test)/[^/]+",
+      },
+      text: {
+        highlightFocused: true,
+      },
+    },
+  },
+}