Vitus Labs
Tools Next.js

Tools Next.js

Next.js configuration wrapper with security headers, monorepo transpilation, and tools-core integration.

@vitus-labs/tools-nextjs wraps your Next.js configuration with security headers, monorepo transpile support, and TypeScript build settings. Configuration is loaded from vl-tools.config.mjs via tools-core.

Installation

npm install @vitus-labs/tools-nextjs

Peer dependency: next >= 14

Quick Start

// next.config.ts
import { withVitusLabs } from '@vitus-labs/tools-nextjs'

export default withVitusLabs({
  // Your standard Next.js config
  experimental: { ppr: true },
})

This wraps your config with:

  • 6 security headers applied to all routes
  • Monorepo package transpilation
  • TypeScript build settings

withVitusLabs()

withVitusLabs(nextConfig?: NextConfig): NextConfig

Wraps a Next.js configuration with vitus-labs defaults. All standard Next.js properties are preserved.

Merge Strategy

PropertyBehavior
imagesObject merge (user overrides config)
transpilePackagesArray concatenation (config + user)
typescriptObject merge (user overrides config)
headersSecurity headers prepended, user headers appended
Everything elsePreserved via spread
export default withVitusLabs({
  images: { formats: ['image/webp'] },
  transpilePackages: ['@my-org/shared'],
  headers: async () => [
    { source: '/api/(.*)', headers: [{ key: 'X-Custom', value: 'yes' }] },
  ],
})

The result:

  • Security headers apply to /(.*)
  • Your custom header applies to /api/(.*)
  • transpilePackages includes both config-level and inline packages

Security Headers

Six security headers are applied to all routes by default:

HeaderValuePurpose
X-DNS-Prefetch-ControlonEnable DNS prefetching
Strict-Transport-Securitymax-age=63072000; includeSubDomains; preloadHSTS with 2-year max-age
X-Content-Type-OptionsnosniffPrevent MIME type sniffing
Referrer-Policyorigin-when-cross-originControl referrer information
X-Frame-OptionsSAMEORIGINPrevent clickjacking
Permissions-Policycamera=(), microphone=(), geolocation=()Disable sensitive APIs

Header Configuration

Configure via vl-tools.config.mjs under the next key:

export default {
  next: {
    // Enable all defaults
    headers: true,

    // Disable all security headers
    headers: false,

    // Override specific headers
    headers: {
      'Permissions-Policy': 'camera=(self), microphone=()',
      'X-Frame-Options': 'DENY',
    },

    // Full control via callback
    headers: (defaults) => defaults.filter(h => h.key !== 'X-Frame-Options'),
  },
}

securityHeaders()

Also exported for standalone use:

import { securityHeaders } from '@vitus-labs/tools-nextjs'

// Returns Next.js headers format: [{ source: '/(.*)', headers: [...] }]
const headers = securityHeaders(true)   // All defaults
const headers = securityHeaders(false)  // Empty array
const headers = securityHeaders({       // Override specific
  'X-Frame-Options': 'DENY',
})

Configuration

Configure via vl-tools.config.mjs:

export default {
  next: {
    headers: true,                         // Security headers (default: true)
    images: {                              // Next.js image config
      remotePatterns: [{ hostname: '*.example.com' }],
    },
    transpilePackages: ['@my-org/ui'],     // Packages to transpile
    typescript: {
      ignoreBuildErrors: false,            // Strict (default)
    },
  },
}

NextjsToolsConfig

OptionTypeDefaultDescription
headersboolean | Record<string, string> | (defaults) => SecurityHeader[]trueSecurity header configuration
imagesNextConfig['images']{}Next.js image optimization
transpilePackagesstring[][]Packages to transpile in monorepo
typescriptNextConfig['typescript']{ ignoreBuildErrors: false }TypeScript build settings

Types

interface SecurityHeader {
  key: string
  value: string
}

type HeadersConfig =
  | boolean
  | Record<string, string>
  | ((defaults: SecurityHeader[]) => SecurityHeader[])

interface NextjsToolsConfig {
  headers?: HeadersConfig
  images?: NextConfig['images']
  transpilePackages?: string[]
  typescript?: NextConfig['typescript']
}

Exports

import { withVitusLabs, securityHeaders } from '@vitus-labs/tools-nextjs'

import type {
  HeadersConfig,
  NextjsToolsConfig,
  SecurityHeader,
} from '@vitus-labs/tools-nextjs'

Tools Lint

Shared Biome configuration for consistent formatting and linting across the vitus-labs ecosystem.

Tools Next.js Images

Image optimization plugin for Next.js — WebP conversion, LQIP placeholders, responsive images, SVG sprites, and compression.

On this page

InstallationQuick StartwithVitusLabs()Merge StrategySecurity HeadersHeader ConfigurationsecurityHeaders()ConfigurationNextjsToolsConfigTypesExports