Skip to main content

​
Configuration Guide

This guide covers all configuration options for TamborraData, including environment variables, Next.js configuration, and TypeScript settings.

​
Environment Variables

​
Overview

TamborraData uses environment variables for configuration. Variables are loaded from .env.local for local development and configured in Vercel for production.
.env.local is ignored by Git and should never be committed. Use .env.example as a template.

​
Required Variables

​
SUPABASE_URL
string
required
Your Supabase project URL.Format: https://xxxxx.supabase.co
Example: https://abcdefghijk.supabase.coWhere to find: Supabase Dashboard > Settings > API > Project URL
​
SUPABASE_ANON_KEY
string
required
Your Supabase anonymous/public API key.Format: JWT token starting with eyJ...
Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Where to find: Supabase Dashboard > Settings > API > Project API keys > anon public
Use the anon/public key, NOT the service_role key. The service_role key bypasses Row Level Security and should never be exposed to the client.

​
Environment File Structure

Create .env.local in your project root:
.env.local
# Supabase credentials
SUPABASE_URL="https://xxxxx.supabase.co"
SUPABASE_ANON_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Always use double quotes around values. This prevents issues with special characters in keys.

​
Environment Loading

Next.js automatically loads environment variables from:
  1. .env.local (local development, highest priority)
  2. .env.production (production builds)
  3. .env.development (development builds)
  4. .env (all environments, lowest priority)
# .env.local (gitignored)
SUPABASE_URL="your-dev-database-url"
SUPABASE_ANON_KEY="your-dev-key"

​
Next.js Configuration

​
File: next.config.ts

The Next.js configuration file controls framework behavior, redirects, headers, and optimizations.
next.config.ts
import type { NextConfig } from 'next';

const nextConfig: NextConfig = {
  // Domain redirect (production only)
  async redirects() {
    const redirects = [];

    if (process.env.NODE_ENV === 'production') {
      redirects.push({
        source: '/:path*',
        has: [{
          type: 'host' as const,
          value: 'www.tamborradata.com',
        }],
        destination: 'https://tamborradata.com/:path*',
        permanent: true,
      });
    }

    return redirects;
  },

  // Performance & Security
  poweredByHeader: false,
  compress: true,

  // Security Headers
  async headers() {
    return [
      {
        source: '/(.*)',
        headers: [
          { key: 'X-DNS-Prefetch-Control', value: 'on' },
          { key: 'X-XSS-Protection', value: '1; mode=block' },
          { key: 'X-Frame-Options', value: 'DENY' },
          { key: 'X-Content-Type-Options', value: 'nosniff' },
          { key: 'Referrer-Policy', value: 'origin-when-cross-origin' },
          {
            key: 'Strict-Transport-Security',
            value: 'max-age=63072000; includeSubDomains; preload',
          },
        ],
      },
    ];
  },
};

export default nextConfig;

​
Configuration Options Explained

Purpose: Force non-www domain in production.
async redirects() {
  // Only in production
  if (process.env.NODE_ENV === 'production') {
    return [{
      source: '/:path*',
      has: [{ type: 'host', value: 'www.tamborradata.com' }],
      destination: 'https://tamborradata.com/:path*',
      permanent: true,  // 301 redirect
    }];
  }
  return [];
}
Behavior: www.tamborradata.com β†’ tamborradata.com
Purpose: Enhance security and prevent common attacks.
HeaderValuePurpose
X-DNS-Prefetch-ControlonEnable DNS prefetching
X-XSS-Protection1; mode=blockBlock XSS attacks
X-Frame-OptionsDENYPrevent clickjacking
X-Content-Type-OptionsnosniffPrevent MIME sniffing
Referrer-Policyorigin-when-cross-originControl referrer info
Strict-Transport-Securitymax-age=63072000Force HTTPS
These headers are automatically applied to all routes.
poweredByHeader: false
Removes X-Powered-By: Next.js header for security (hides framework).compress: true
Enables gzip/brotli compression for responses.
Do not modify next.config.ts unless you understand the implications. Incorrect configuration can break routing or security.

​
TypeScript Configuration

​
File: tsconfig.json

TypeScript configuration for the project.
tsconfig.json
{
  "compilerOptions": {
    "target": "ES2017",
    "lib": ["dom", "dom.iterable", "esnext"],
    "allowJs": true,
    "skipLibCheck": true,
    "strict": false,
    "noEmit": true,
    "incremental": true,
    "module": "esnext",
    "esModuleInterop": true,
    "moduleResolution": "bundler",
    "resolveJsonModule": true,
    "isolatedModules": true,
    "jsx": "react-jsx",
    "plugins": [{ "name": "next" }],
    "baseUrl": ".",
    "paths": {
      "@/*": ["./*"]
    }
  },
  "include": [
    "next-env.d.ts",
    "**/*.ts",
    "**/*.tsx",
    ".next/types/**/*.ts"
  ],
  "exclude": ["node_modules"]
}

​
Key Settings

​
target
string
default:"ES2017"
ECMAScript version for compiled JavaScript.
​
strict
boolean
default:"false"
Currently disabled for faster development.
Consider enabling "strict": true for production-ready code. This enables:
  • strictNullChecks
  • strictFunctionTypes
  • strictBindCallApply
  • strictPropertyInitialization
​
moduleResolution
string
default:"bundler"
Uses modern bundler resolution (Node16 + extras).
​
paths
object
Path aliases for imports.
// Instead of:
import Component from '../../../components/Component';

// You can write:
import Component from '@/components/Component';

​
TailwindCSS Configuration

​
File: tailwind.config.ts

TamborraData uses TailwindCSS 4 with CSS-first configuration.
TailwindCSS 4 uses @import in CSS files instead of tailwind.config.ts. The config file is minimal.

​
PostCSS Configuration

postcss.config.mjs
export default {
  plugins: {
    '@tailwindcss/postcss': {},
  },
};

​
CSS Entry Point

Tailwind is imported via CSS:
app/globals.css
@import 'tailwindcss';

/* Custom theme variables */
@theme {
  --color-primary: #1e40af;
  --color-secondary: #7c3aed;
}

​
ESLint Configuration

​
File: eslint.config.mjs

Linting rules for code quality.
eslint.config.mjs
import { dirname } from "path";
import { fileURLToPath } from "url";
import { FlatCompat } from "@eslint/eslintrc";

const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);

const compat = new FlatCompat({
  baseDirectory: __dirname,
});

const eslintConfig = [...compat.extends("next/core-web-vitals")];

export default eslintConfig;

​
Running ESLint

pnpm lint
ESLint automatically runs during pnpm build. Fix all errors before deploying.

​
Package Manager Configuration

​
Using pnpm

The project uses pnpm for package management. Why pnpm?
  • ⚑ Fast: 2-3x faster than npm
  • πŸ’Ύ Efficient: Uses hard links to save disk space
  • πŸ”’ Strict: Better dependency resolution

​
Lock File

pnpm-lock.yaml tracks exact dependency versions.
Always commit pnpm-lock.yaml to ensure consistent installs across environments.

​
Common Commands

pnpm install

​
Dependency Management

​
Production Dependencies

Key runtime dependencies:
PackageVersionPurpose
next16.1.0React framework
react19.2.3UI library
@supabase/supabase-js2.89.0Database client
@tanstack/react-query5.90.12Data fetching
@nivo/bar, @nivo/line0.99.0Charts
framer-motion12.23.26Animations
@vercel/analytics1.6.1Analytics

​
Development Dependencies

PackageVersionPurpose
typescript5.9.3Type checking
tailwindcss4.1.18CSS framework
eslint9.39.2Code linting
prettier3.7.4Code formatting
Run pnpm outdated to check for package updates.

​
Build Configuration

​
Production Build

pnpm build
This command:
  1. Type-checks TypeScript
  2. Lints code with ESLint
  3. Compiles Next.js app
  4. Generates static pages
  5. Optimizes assets

​
Build Output

Build artifacts are stored in .next/: 
.next/
β”œβ”€β”€ cache/              # Build cache
β”œβ”€β”€ server/             # Server-side code
β”œβ”€β”€ static/             # Static assets
└── types/              # Generated types
Never commit the .next directory. It’s regenerated on each build.

​
Environment-Specific Configuration

​
Development

pnpm dev
Features:
  • Hot Module Replacement (HMR)
  • React Query Devtools
  • Verbose error messages
  • Source maps enabled

​
Production

pnpm build
pnpm start
Features:
  • Minified code
  • No devtools
  • Optimized bundles
  • Server-side rendering

​
Vercel Configuration

​
Automatic Detection

Vercel automatically detects:
  • Framework: Next.js
  • Build Command: pnpm build
  • Output Directory: .next
  • Install Command: pnpm install

​
Environment Variables in Vercel

1

Open Project Settings

Go to your Vercel project > Settings > Environment Variables
2

Add Variables

Add:
  • SUPABASE_URL (Plain Text)
  • SUPABASE_ANON_KEY (Plain Text)
3

Select Environments

Choose which environments to apply:
  • βœ… Production
  • βœ… Preview
  • βœ… Development (optional)
4

Redeploy

Trigger a new deployment for changes to take effect.
Use different Supabase projects for production and preview/development environments.

​
Configuration Troubleshooting

​
Environment Variables Not Loading

Problem: App can’t connect to Supabase. Solutions:
  1. Verify .env.local exists and has correct values
  2. Restart dev server after changing .env.local
  3. Check for typos in variable names
  4. Ensure no trailing spaces in values
  5. Variables must start with NEXT_PUBLIC_ to be accessible in browser (Supabase keys don’t need this)

​
TypeScript Path Alias Errors

Problem: Cannot find module '@/...' Solution: Ensure tsconfig.json has: 
{
  "compilerOptions": {
    "baseUrl": ".",
    "paths": {
      "@/*": ["./*"]
    }
  }
}
Restart TypeScript server in your IDE.

​
Build Failures

Problem: pnpm build fails. Solutions:
  1. Clear build cache: 
    rm -rf .next
pnpm build
  2. Check for TypeScript errors: 
    pnpm tsc --noEmit
  3. Verify all dependencies installed: 
    rm -rf node_modules pnpm-lock.yaml
pnpm install

​
Best Practices

DO:
  • Keep .env.local out of version control
  • Use different credentials for dev/staging/production
  • Regularly update dependencies
  • Run pnpm lint before committing
  • Test builds locally before deploying
DON’T:
  • Commit .env.local or .env.production
  • Use service_role key in client code
  • Modify next.config.ts without testing
  • Ignore TypeScript errors
  • Skip pnpm install after pulling changes

​
Next Steps

Deployment

Learn how to deploy to production

Mock Data

Understand the synthetic data structure

API Reference

Explore API endpoints

Architecture

Deep dive into system design

Build docs developers (and LLMs) love

Get started for freeTalk to us