Claude Skills: 12 Strict Coding Rule Packs for TypeScript, Rust, Swift, Go, JS, Postgres, and Audits

A backend dev with 8 years of experience, specializing in web scraping and security audits, packaged 12 Claude Code skills after retyping the same rules across projects. The repo claude-skills contains opinionated rule sets for common languages and workflows, each a single SKILL.md file with frontmatter. Rules include severity tags (CRITICAL/HIGH/MEDIUM/LOW), numbered IDs, and BAD/GOOD examples.

What's inside

• typescript-strict (TS 6.0/7.0): no any, no as, exhaustive unions, satisfies, using, NoInfer, branded IDs
• rust-strict (edition 2024): no unwrap(), thiserror/anyhow split, unsafe audit, newtype IDs, integer overflow handling, tracing
• swift-strict (6.2): no force unwrap, strict concurrency, typed throws, Sendable, some vs any, privacy manifest
• go-strict (1.26): error wrapping, slog, context propagation, errors.Is/errors.As, os.Root for FS containment, range-over-func
• javascript-strict (Node 24 LTS): AbortController, crypto.randomBytes for tokens, streams for large IO, stdlib over deps
• postgres-strict (PG 18): migration safety (CONCURRENTLY, NOT VALID), RLS for multi-tenant, pgvector HNSW, AIO, skip scan, MERGE+RETURNING
• security-audit-standard: 6-phase audit (secrets, input validation, authn/authz, data, deps, infra), supply chain section, OWASP Top 10 quick check, audit report format
• performance-audit-standard: hot path Big-O, N+1 queries, missing indexes, EXPLAIN ANALYZE workflow, Core Web Vitals
• testing-patterns: Vitest, cargo test, Swift Testing, go test conventions + property-based + coverage targets
• code-review: multi-language pipeline that calls the strict skills
• github-standards: PR template, action SHA pinning, CODEOWNERS, Dependabot, secret scanning, branch protection
• git-commit: Conventional Commits with the "why" question

How they work

Skills are markdown with frontmatter. Claude Code reads the description on every turn and pulls the body into context only when relevant — e.g., rust-strict loads when you touch .rs files, postgres-strict when you write a migration, code-review when you say /code-review. No hooks or shell wrappers.

Install:

git clone https://github.com/0xMassi/claude-skills ~/Developer/claude-skills
cd ~/Developer/claude-skills
for s in */SKILL.md; do ln -s "$PWD/$(dirname $s)" ~/.claude/skills/; done

Restart Claude Code, the skills appear in the list.

Example rule from postgres-strict

PG-01: CREATE INDEX CONCURRENTLY on hot tables
BAD: CREATE INDEX events_user_id_idx ON events (user_id);
-- takes ACCESS EXCLUSIVE lock for the duration of the build
GOOD: CREATE INDEX CONCURRENTLY events_user_id_idx ON events (user_id);
-- short ACCESS EXCLUSIVE on metadata, no row lock during build

Every rule follows this BAD/GOOD format with severity tags and numbered IDs you can cite in PR comments.

What it is not

• Not a linter — linters check syntax, these check intent.
• Not a tutorial — assumes you already know the language.
• Not exhaustive — 12 files, ~4700 lines, opinionated.

MIT license, contribution guidelines in CONTRIBUTING.md. PRs welcome, especially from security and DB experts.