by AlexSergey
Zero-config React with built-in SSR, automated quality gates, and AI-ready project structure - ship clean code whether you write it yourself or with an AI assistant.
# Add to your Claude Code skills
git clone https://github.com/AlexSergey/rockpackLast scanned: 5/21/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@babel/plugin-transform-modules-systemjs: @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@unhead/react: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "axios: Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
"severity": "high"
},
{
"type": "npm-audit",
"message": "basic-ftp: basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands",
"severity": "high"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "handlebars: Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "serialize-javascript: Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "unhead: Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "webpack-dev-server: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-05-21T07:52:30.876Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}rockpack is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by AlexSergey. Zero-config React with built-in SSR, automated quality gates, and AI-ready project structure - ship clean code whether you write it yourself or with an AI assistant. It has 1,261 GitHub stars.
rockpack failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/AlexSergey/rockpack" and add it to your Claude Code skills directory (see the Installation section above).
rockpack is primarily written in TypeScript. It is open-source under AlexSergey on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh rockpack against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
Rockpack is a zero-configuration toolkit for building React applications - with full support for Server-Side Rendering (SSR), bundling, linting, and testing. In minutes, you can have a modern React app with production-ready quality gates, preconfigured tooling, and built-in support for AI-assisted development.
CLAUDE.md with strict quality rules and cost-saving conventions makes working with AI tools like Claude Code fast, reliable, and economical.Rockpack is designed to make AI-assisted development safe, fast, and cost-efficient.
Beyond tooling, Rockpack establishes a baseline architecture - consistent project structure, naming conventions, and module boundaries - that AI models can reason about reliably. A well-structured codebase is not just easier for humans to navigate; it dramatically improves the quality of AI-generated code because the model has clear patterns to follow and fewer ambiguous decisions to make.
The combination of a defined architecture, test coverage, strict quality gates, and a well-tuned CLAUDE.md means AI tools like Claude Code can contribute to your codebase without introducing regressions or inconsistencies. Because every Rockpack project starts with linting and tests already configured, AI-generated code is reviewed automatically on every change.
The CLAUDE.md configuration is optimized for:
Rockpack is a good fit for:
Also, take a look at iSSR - a small module for adding SSR to an existing React app:
Every new React project raises the same questions:
Setting this up from scratch takes weeks. Rockpack solves it in minutes.
With Rockpack, you go from zero to a fully configured, running project in minutes and focus on writing the code that matters.
Rockpack is modular. Each package can be used independently or together.
A CLI scaffolding tool for React applications. Follows a feature-based project structure (see this article).
Supported application types:
All project types include:
Optional add-ons for each project type:
More details...
A Webpack-based bundler with best-practice loaders and plugins preconfigured.
@rockpack/compiler supports:
More details...
Pre-configured Jest with TypeScript and Babel support, HTML reporting, and best-practice defaults for React projects.
More details...
Opinionated ESLint configuration with Prettier, Stylelint, and Commitlint - ready to use out of the box.
More details...
For more information, follow the links to each module.
Rockpack is a free and open-source project. Contributions are always welcome.
The Rockpack project was inspired by:
@rockpack/starter scaffolds a complete app with TypeScript, Jest, ESLint, and SSR support.