setup-react-rules
Setup React Rules
What This Sets Up
PostToolUse hooks on Edit/Write (auto-detects and excludes component library directories):
- Ban raw HTML elements — suggest shadcn/ui components from
@/components/ui/ - Ban TypeScript escape hatches — block
as any,as Record<string, any>,as Record<string, unknown>,@ts-ignore,@ts-expect-error - Ban barrel imports — flag re-exports from index files, suggest direct path imports
- Ban missing passive event listeners — flag
addEventListener('scroll'|'touchstart'|'wheel')without{ passive: true } - Ban static imports of heavy deps — flag top-level imports of
chart.js,d3,three.js,pdf-lib(suggest dynamicimport()orReact.lazy()) - Ban dangerouslySetInnerHTML — XSS risk, escape hatch:
// allow-dangerouslySetInnerHTML: [reason] - Ban eval() and new Function() — code injection risk (OWASP A03)
- Ban .innerHTML assignment — XSS risk, use textContent or React rendering
- Ban inline
style={{}}— use Tailwind utility classes - Ban raw hex/rgb in className and CSS — use design tokens (
text-destructive, nottext-[#ff0000]) - Ban
!importantin TSX/JSX/CSS/SCSS/SASS/LESS — breaks Tailwind cascade - Ban visual style overrides on registry components (use variant prop, layout classes are fine)
- Ban
onClick + navigate()— use<Button asChild><Link>instead
More from malinskibeniamin/skills
setup-react-compiler
Install React Compiler with rsbuild and enforce compiler-friendly patterns via PostToolUse hooks. Flags manual memoization, derived state, useRef cache. Use when setting up React Compiler or post-compiler patterns.
9setup-biome
Install Biome linter with Ultracite preset, create biome.jsonc config, and configure Claude Code Stop hook for auto-fix before finishing. Use when setting up linting, formatting, Biome, Ultracite, or code quality enforcement.
9setup-quality-gate
Add quality:gate package.json script for fast local/CI quality checks (biome + tsgo + related tests), GitHub Actions workflow, and Stop hook for type checking. Use when setting up quality gates, CI pipelines, or pre-push validation.
9setup-connect-query
Enforce ConnectRPC + Connect Query + Protobuf v2 patterns via PostToolUse hooks. Bans raw useQuery, empty invalidateQueries, $typeName literals. Use when setting up ConnectRPC, protobuf type safety, or data fetching enforcement.
8work-automation-kit
Install planning and project management skills — PRD creation, implementation planning, issue breakdown, bug triage, code review. Use when setting up project planning workflows or creating PRDs.
8setup-zustand
Enforce zustand best practices via PostToolUse hooks — double-parens create, useShallow selectors, persist middleware. Use when setting up zustand enforcement or preventing re-render issues.
8