📦 archetype: library

Publish a library without the breaking-change rage.

Building an npm, PyPI, crates.io, or Maven library? GreatCTO auto-detects the library archetype and ships semver enforcement, API stability checks, changelog discipline, and migration guides from day one.

$ npx great-cto init Back to home ↗
What you avoid

The 5 library bugs that destroy adoption.

Without GreatCTO

  • Breaking change shipped as patch — community rage
  • No TypeScript types — JS-only adoption
  • Stale CHANGELOG.md — users blindsided on upgrade
  • Tree-shaking broken — bundle size doubles
  • No migration guide for v1 → v2
  • Stars drop · forks happen · ecosystem fork.

With GreatCTO

  • Semver gate: any public API change → minor or major
  • Types auto-generated · published · checked
  • CHANGELOG.md updated at gate:ship — required
  • Bundle-size budget enforced with size-limit
  • Migration guide template required for major bumps
  • Predictable upgrades · happy users · ecosystem trust.
Auto-applied gates

Detected: package.json with "main" + "exports"
library archetype.

No regulatory compliance — but TDD, 12-angle review, security audit, and supply-chain hardening still apply:

01 · code-reviewer

API surface diff

Detects breaking changes via api-extractor / pyright / cargo public-api. Forces semver alignment.

02 · qa-engineer

Backward-compat matrix

Tests against last 3 major versions of consumers. Snapshot diff on type definitions. Bundle-size regression checked.

03 · senior-dev

CHANGELOG discipline

Conventional commits → auto-generate CHANGELOG.md · Keep a Changelog format · migration guides for major bumps.

04 · security-officer

Supply-chain audit

npm audit · cargo audit · Dependabot · OpenSSF Scorecard · provenance checks at publish time.

Domain pack overlays

Likely to overlay on library.

Packs auto-attach when CLI detects pack-specific signals (e.g. twilio in deps → voice-pack). Each pack adds its own reviewer agents + human gates on top of the base archetype pipeline.

+ API Platform
OAuth 2.1, webhook signing, idempotency, RFC 8594 Sunset
Real-world examples

Companies operating as library.

2 startups in this space. Click for full pack mapping.

HAPI FHIR
Open-source FHIR Java server
open-sourceCA
ROS / Open Robotics
Robot Operating System (ROS 2)
open-sourceUS

Listed companies operate in this space. Inclusion is based on publicly available product descriptions and does not imply endorsement of or by GreatCTO.

30 seconds

Drop into any npm / PyPI / cargo / Maven library.

$ npx great-cto init
no signup·runs locally·pay your own API