v0.4.2

Release Notes Draft

Summary

This release hardens the scaffold CLI, improves Bun-first runtime behavior, expands automated coverage, refreshes the generated Next.js starter with a stronger default landing experience, and clarifies bundled AI skills in the package docs. This release also updates the bundled Next.js template with critical security fixes from the upstream Next.js 16.2.6 and 15.5.18 releases.

Security Updates

This release includes updated Next.js versions (16.2.6 and 15.5.18) that address multiple critical security vulnerabilities. See Next.js Security Advisory for complete details.

High Severity (7 vulnerabilities):

• Denial of Service with Server Components
• Middleware / Proxy bypass in App Router applications via segment-prefetch routes (including incomplete fix follow-up)
• Denial of Service via connection exhaustion in applications using Cache Components
• Middleware / Proxy bypass through dynamic route parameter injection
• Server-side request forgery in applications using WebSocket upgrades
• Middleware / Proxy bypass in Pages Router applications using i18n

Moderate Severity (4 vulnerabilities):

• Cross-site scripting in App Router applications using CSP nonces
• Cross-site scripting in beforeInteractive scripts with untrusted input
• Denial of Service in the Image Optimization API
• Cache poisoning in React Server Component responses

Low Severity (2 vulnerabilities):

• Cache poisoning via collisions in React Server Component cache-busting
• Middleware / Proxy redirects can be cache-poisoned

We strongly recommend upgrading as soon as possible to protect your applications from these vulnerabilities.

v0.4.1

Summary

This release hardens the scaffold CLI, improves Bun-first runtime behavior, expands automated coverage, refreshes the generated Next.js starter with a stronger default landing experience, and clarifies bundled AI skills in the package docs.

CLI and Tooling

• Replaced the external Commander-based CLI parser with an internal argument parser and explicit usage-error handling.
• Moved more scaffold filesystem and process execution paths to Bun-native utilities.
• Added shared type modules for CLI options, package manager selection, template metadata, and interactive UI state.
• Expanded automated coverage for CLI parsing, create flows, project name normalization, and interactive teardown.
• Documented out-of-the-box AI skill installation by base template and add-on in the root README.

Template and Starter Updates

• Refreshed the base starter with GYLDLAB branding.
• Extracted generated homepage assembly into a dedicated helper so scaffold code stays modular instead of carrying one oversized inline page template.
• Moved Elysia route scaffolding to src/app/api and aligned generated imports, smoke tests, and documentation with that structure.

Fixes

• Fixed interactive CLI teardown so the terminal restores correctly on normal completion and on signal-based exit.
• Fixed cross-platform path handling in the prefer-src-alias ESLint rule so Windows drive-letter casing differences no longer skip the rule.
• Fixed UNC path handling in the prefer-src-alias ESLint rule so network-share roots resolve correctly.
• Added regression tests covering Windows and UNC path resolution for prefer-src-alias.

v0.3.0

@gyldlab/next v0.3.0

This release expands scaffold capabilities, improves generated project guidance, and updates the CLI ecosystem to newer package versions.

Added

• Enhanced Elysia add-on with backend operations tooling and database utilities.
• Added generated project scripts for auth and database workflows in Elysia-based scaffolds.
• Improved skill installation behavior across package managers using the correct executor:
  • bunx
  • npx
  • pnpm dlx
  • yarn dlx
• Added stronger agent policy guidance for generated Elysia and shadcn projects.

Improved

• Refined CLI brand/layout rendering for animated logo and terminal-size-aware display.
• Expanded create command test coverage with mocked package executors and better scaffold validation.
• Clarified add-on README and manifest documentation around skill installation flow.

Updated

• Upgraded dependencies across Next.js, Elysia, GSAP + Lenis, and shadcn-related templates.
• Refreshed package dependency versions in the CLI itself.

Removed

• Removed all skill files from generated projects instead now it will be done via command.

Notes

• No explicit breaking changes are included in this release.

v0.2.1

This release includes the project setup improvements from v0.2.0 and finalizes the package naming so the create flow works correctly.

Highlights

• Smoother project creation experience
• Clearer template and add-on selection
• More reliable interactive terminal behavior
• Cleaner pre-commit checks
• Updated documentation to match the current create flow
• Finalized package naming for the create command

Notes

• The user-facing command remains bun create @gyldlab/next
• The published package identity is now aligned with Bun create resolution

v0.1.0 - Initial CLI Release

What's New 🎉

Welcome to the first official release of the create-gyldlab-next CLI!

Built on a foundation of SOVEREIGN ALCHEMY, this tool transforms vision into production-ready Next.js applications through curated templates and organization-approved add-ons.

Features

• Project Scaffolding: Quickly generate standardized Next.js applications.
• Curated Add-ons: Built-in support for easily wiring up:
  • shadcn/ui (Components & UI)
  • ElysiaJS (Backend/API)
  • GSAP + Lenis (Animations & Smooth Scrolling)
• Package Manager agnostic: Works seamlessly with npm, pnpm, or bun.

Fixes & Notes

• Fixed package naming: Officially published to the npm registry as the unscoped create-gyldlab-next package.

Quick Start

npm create gyldlab-next my-app
# or
bun create gyldlab-next my-app