Tech stack
Every major dependency in ShipVeryFast and the role it plays. The list below is taken straight from package.json, if a library is here, it is wired into the boilerplate and ready to use.
The package manager is npm. After cloning, run npm install and the entire stack below is installed in one step.
Framework & language
The app runs on Next.js 15 (next ^15.5.19) with the App Router, on React 19 (react / react-dom ^19.0.0). The dev server uses Turbopack, the dev script is literally next dev --turbopack.
Everything is written in TypeScript ^5 with "strict": true. The compiler is configured in tsconfig.json with target: ES2017, module: esnext, and moduleResolution: bundler. The @/* path alias maps to the project root, so imports look like @/libs/auth rather than long relative paths.
// tsconfig.json (excerpt)
{
"compilerOptions": {
"target": "ES2017",
"strict": true,
"module": "esnext",
"moduleResolution": "bundler",
"jsx": "preserve",
"paths": { "@/*": ["./*"] }
}
}Data & auth
Data lives in Supabase (managed Postgres). The client comes from @supabase/supabase-js, with @supabase/auth-helpers-nextjs and @supabase/auth-helpers-react for session-aware server and client helpers.
Authentication is handled by NextAuth.js (next-auth ^4.24.11), configured in libs/auth.ts. It uses the official Supabase adapter, @next-auth/supabase-adapter (imported as SupabaseAdapter), so NextAuth sessions and Supabase rows stay in sync.
Payments
Payments run on the official Stripe Node SDK (stripe ^18.0.0). The boilerplate ships Stripe Checkout for subscriptions plus a webhook handler so subscription lifecycle events update your database. See Payments for the Checkout and webhook wiring.
Transactional email is sent through Mailgun. The transport layer lives in libs/mailer.ts, which sends over Mailgun SMTP (smtp.mailgun.org) using nodemailer with Mailgun open/click tracking headers enabled. Higher-level helpers and templates sit in libs/emailService.ts and libs/emailTemplates.ts. The mailgun.js client is also available for direct API calls.
UI
The UI is built with Tailwind CSS (tailwindcss ^3.3.0) and shadcn/ui, scaffolded via the shadcn CLI. The primitives underneath are Radix UI packages (@radix-ui/react-select, @radix-ui/react-switch, @radix-ui/react-tooltip, @radix-ui/react-accordion, and more). Icons come from lucide-react and react-icons.
Theming is driven by CSS custom properties defined in app/globals.css: color tokens such as --background, --primary, and --ring are stored as HSL channels and consumed via hsl(var(--token)), with a full .dark override for dark mode. Animations use tailwindcss-animate and tw-animate-css; class composition uses clsx, tailwind-merge, and class-variance-authority. Charts are rendered with recharts. Client state is managed with zustand and server state with @tanstack/react-query.
AI
The AI layer in libs/ai/ is provider-agnostic: Anthropic and OpenAI live behind one interface so the chat UI can switch providers. The Claude path uses the official @anthropic-ai/sdk, libs/ai/anthropic.ts exposes the model claude-opus-4-8("Claude Opus 4.8"). The OpenAI path uses the official openai SDK in libs/ai/openai.ts, with models gpt-4o and gpt-4o-mini. Both providers stream plain-text deltas. See AI assistant for the streaming endpoint and UI.
Validation & security
Request and environment validation use Zod (zod ^3.24.3) , for example, libs/config.ts validates environment variables at import time. Rate limiting is built on rate-limiter-flexible, input sanitization on isomorphic-dompurify (DOMPurify), and CSRF protection is a custom implementation. Cookie handling uses cookies-next. See Security for how these fit together.
Testing
Unit and integration tests run on Jest (jest ^29.7.0) with ts-jest for TypeScript and jest-environment-jsdom for the DOM. Component tests use React Testing Library (@testing-library/react, @testing-library/jest-dom, @testing-library/user-event). End-to-end tests run on Playwright (@playwright/test), with accessibility assertions powered by @axe-core/playwright. See Testing for the full command list.
Key dependencies and their roles
A quick map of the libraries you'll touch most often:
| Package | Role |
|---|---|
next | Next.js 15 App Router framework (Turbopack dev server) |
react / react-dom | React 19 runtime |
typescript | TypeScript ^5, strict mode |
@supabase/supabase-js | Postgres database + auth client |
next-auth + @next-auth/supabase-adapter | Session auth wired to Supabase |
stripe | Checkout, subscriptions, webhooks |
nodemailer + mailgun.js | Transactional email via Mailgun |
tailwindcss + shadcn | Styling and UI component scaffolding |
lucide-react / react-icons | Icon sets |
recharts | Charts (admin analytics, dashboards) |
@tanstack/react-query | Server-state fetching and caching |
zustand | Client-side state stores |
@anthropic-ai/sdk / openai | AI providers behind libs/ai/ |
zod | Schema validation (requests, env vars) |
rate-limiter-flexible | API rate limiting |
isomorphic-dompurify | HTML/XSS sanitization |
jest + ts-jest | Unit / integration test runner |
@playwright/test + @axe-core/playwright | E2E and accessibility tests |
Next steps
- Project structure, where each library is used in the tree
- Configuration, wire up Supabase, Stripe, and Mailgun keys
- Quickstart, clone, install, and run the stack locally