chore(deps): organize dependencies #686
Conversation
Summary by CodeRabbit
WalkthroughAdds Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (9)
🚧 Files skipped from review as they are similar to previous changes (7)
🔇 Additional comments (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (5)
examples/cors/src/client.ts (1)
4-4: Use node:url for consistency with Node built-ins.
Minor consistency tweak.-import { fileURLToPath } from 'url'; +import { fileURLToPath } from 'node:url';packages/init/src/InitManager.ts (3)
2-4: Good move to node:fs and node:path; align url import too.
Consistency with other node: imports.-import { fileURLToPath } from 'url'; +import { fileURLToPath } from 'node:url';
95-106: Make renames idempotent and type promises array.
If .gitignore already exists, rename throws (EEXIST) and aborts init; also promises is untyped.- const promises = []; + const promises: Promise<void>[] = []; @@ - promises.push(fsp.rename(sourceFileLocation, targetFileLocation)); + promises.push( + fsp.rename(sourceFileLocation, targetFileLocation).catch((err: unknown) => + { + if ((err as NodeJS.ErrnoException)?.code === 'EEXIST') { return; } + throw err; + }) + );Also applies to: 103-104
12-12: Name regex excludes digits and scoped names; confirm intent.
If project/template names may include digits or npm-style scopes, consider:
- Digits: /^[a-zA-Z0-9._-]+$/
- Scoped: /^@?[a-zA-Z0-9.-]+(?:/[a-zA-Z0-9.-]+)?$/
package.json (1)
37-41: Add engines to lock Node version (node: imports, fs.cp, npm@11 imply Node ≥22).Pinning engines prevents CI/local drift and guarantees support for node: specifiers and fs.promises.cp/rm.
Apply:
"optionalDependencies": { "@nrwl/nx-linux-x64-gnu": "^15.9.3" }, - "packageManager": "[email protected]" + "engines": { + "node": ">=22", + "npm": ">=11" + }, + "packageManager": "[email protected]" }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (13)
.github/workflows/codeql.yml(1 hunks)examples/cors/src/client.ts(1 hunks)package.json(1 hunks)packages/configuration/package.json(1 hunks)packages/http/package.json(1 hunks)packages/init/src/InitManager.ts(4 hunks)packages/jitar/package.json(2 hunks)packages/jitar/rollup.definitions.js(1 hunks)packages/plugin-vite/src/index.ts(1 hunks)packages/sourcing/package.json(1 hunks)packages/sourcing/src/files/LocalFileSystem.ts(1 hunks)packages/sourcing/src/modules/RemoteImportManager.ts(0 hunks)packages/sourcing/test/fixtures/TestFileSystem.ts(1 hunks)
💤 Files with no reviewable changes (1)
- packages/sourcing/src/modules/RemoteImportManager.ts
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: basmasking
PR: MaskingTechnology/jitar#678
File: packages/validation/package.json:16-16
Timestamp: 2025-07-28T19:44:53.054Z
Learning: In the jitar monorepo, standardized tooling dependencies like rimraf, vitest, and typescript are intentionally defined once at the root level package.json and rely on npm hoisting rather than being duplicated in each individual package's package.json file. Package-specific dependencies should be in individual package.json files, but common tooling should be centralized.
📚 Learning: 2025-07-28T19:44:53.054Z
Learnt from: basmasking
PR: MaskingTechnology/jitar#678
File: packages/validation/package.json:16-16
Timestamp: 2025-07-28T19:44:53.054Z
Learning: In the jitar monorepo, standardized tooling dependencies like rimraf, vitest, and typescript are intentionally defined once at the root level package.json and rely on npm hoisting rather than being duplicated in each individual package's package.json file. Package-specific dependencies should be in individual package.json files, but common tooling should be centralized.
Applied to files:
packages/jitar/package.json
🔇 Additional comments (12)
packages/configuration/package.json (1)
21-21: dotenv bump to ^17.2.1 — approvedAll dotenv dependencies (packages/configuration and packages/jitar) are aligned at ^17.2.1, and dotenv v17.2.1 supports Node.js 12+ with no breaking ESM/import changes.
.github/workflows/codeql.yml (1)
49-49: Add packages/scheduling to CodeQL matrix — LGTMIn line with the dependency reorg; no issues spotted. Ensure the package contains JS/TS sources for the scan to be effective.
packages/sourcing/package.json (1)
22-24: Add @types/mime-types as devDependency — correct scopeThis aligns with issue #679 and prior guidance to keep package-specific typing local while central tooling stays at root. Good change.
packages/plugin-vite/src/index.ts (1)
2-3: Interop flags and imports verified — LGTM.All tsconfig.json files enable esModuleInterop or allowSyntheticDefaultImports, and there are no lingering core fs/path imports without the node: prefix.
packages/sourcing/test/fixtures/TestFileSystem.ts (1)
2-2: Use node:path in tests — LGTMConsistent with the repo’s node: prefixed imports migration.
examples/cors/src/client.ts (1)
3-3: Switch to node:path looks good.
No behavior change; aligns with the repo-wide move to explicit Node built-ins.packages/http/package.json (1)
26-29: Retain @types/express as a devDependency
Verified that no references to “express” exist in the generated .d.ts files under packages/http/dist, so consumers won’t need @types/express at runtime and it can remain in devDependencies.packages/jitar/package.json (2)
45-51: Moving Rollup toolchain into jitar devDependencies matches issue #679.
Package-specific tooling belongs here; keep shared tools (rimraf, vitest, typescript) centralized per our prior learning.
32-32: dotenv version alignment confirmed All occurrences in package.json files use ^17.2.1.packages/sourcing/src/files/LocalFileSystem.ts (1)
2-3: LGTM: normalized to node:fs/node:path.Import consolidation is correct and aligns with the repo-wide move to node: specifiers.
package.json (2)
23-35: Root devDeps cleanup/bump matches the workspace objective.Removing bundlers from root and keeping shared tooling (typescript, vitest, rimraf, turbo, ESLint) centralized aligns with Issue #679 and prior repo conventions.
23-35: Rollup deps scoped correctly
Root package.json contains no rollup-related dependencies; all bundler deps reside solely in packages/jitar/package.json.
| 'mime-types', | ||
| 'dotenv', | ||
| 'path' | ||
| 'dotenv' |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Ensure Node built-ins remain externalized after switching to node: specifiers.
Dropping 'path' can accidentally inline/polyfill unless your Rollup config handles node: built-ins generically. Minimum fix: add 'node:path'.
export const SERVER_EXTERNALS =
[
'express',
'glob',
'mime-types',
- 'dotenv'
+ 'dotenv',
+ 'node:path'
];Alternatively, externalize all built-ins:
// At top of config file
import { builtinModules } from 'node:module';
const NODE_BUILTINS = [...new Set(builtinModules.concat(builtinModules.map(m => `node:${m}`)))];
// Then
export const SERVER_EXTERNALS = [
...NODE_BUILTINS,
'express', 'glob', 'mime-types', 'dotenv'
];Quick check to confirm config behavior:
🏁 Script executed:
#!/bin/bash
# Expect: either 'node:path' present in externals or rollup config uses builtinModules.
rg -n -C2 -g 'packages/jitar/**' -e 'SERVER_EXTERNALS|external|builtinModules|node:path'Length of output: 875
Add missing node:path to SERVER_EXTERNALS
Without this, Rollup may inline or polyfill the core path module instead of treating it as external.
packages/jitar/rollup.definitions.js
export const SERVER_EXTERNALS = [
'express',
'glob',
'mime-types',
- 'dotenv'
+ 'dotenv',
+ 'node:path'
];📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 'dotenv' | |
| export const SERVER_EXTERNALS = [ | |
| 'express', | |
| 'glob', | |
| 'mime-types', | |
| 'dotenv', | |
| 'node:path' | |
| ]; |
🤖 Prompt for AI Agents
In packages/jitar/rollup.definitions.js around line 7, SERVER_EXTERNALS is
missing the Node core specifier for path; add 'node:path' to the
SERVER_EXTERNALS array so Rollup treats the core path module as external
(preventing inlining/polyfills) and keep the existing 'path' or other entries
as-is to preserve compatibility.
| import fs, { promises as fsp } from 'node:fs'; | ||
| import path from 'node:path'; |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify TS/ESM config and bundling externals handle node: specifiers.
Ensure tsconfig uses moduleResolution "Bundler" or "NodeNext" and Rollup externals (or plugin config) treat built-ins when referenced as node:*. This avoids false bundling or resolution issues.
Run to check moduleResolution and any remaining legacy imports:
🏁 Script executed:
#!/bin/bash
# 1) Confirm moduleResolution across all tsconfig files
rg -nP '"moduleResolution"\s*:\s*"(Bundler|NodeNext)"' -g '**/tsconfig*.json'
# 2) Find any lingering core imports without node: prefix
rg -nP "from ['\"](fs|path)['\"]" -g 'packages/**/src/**/*.{ts,tsx,js,mjs}'Length of output: 161
🏁 Script executed:
#!/bin/bash
# 1) Locate all TS configs and inspect moduleResolution settings
echo "=== TSConfig Files ==="
fd -g 'tsconfig*.json'
for cfg in $(fd -g 'tsconfig*.json'); do
echo "----- $cfg -----"
rg -nP '"moduleResolution"\s*:' -n "$cfg" || echo "[no moduleResolution] in $cfg"
done
# 2) Locate Rollup config files and inspect externals & nodeResolve plugin
echo "=== Rollup Configs ==="
fd -g 'rollup.config.*'
for cfg in $(fd -g 'rollup.config.*'); do
echo "----- $cfg -----"
rg -nP 'external\s*[:=]' -n "$cfg" || echo "[no external] in $cfg"
rg -nP 'nodeResolve' -n "$cfg" || echo "[no nodeResolve plugin] in $cfg"
doneLength of output: 11551
Switch TS configs to NodeNext/Bundler and verify bundler handles node: imports as externals
- In
packages/sourcing/tsconfig.json, change
moduleResolution: "node"→"nodenext"or"bundler"to enable proper ESMnode:specifier support. - Confirm your bundler (e.g. Rollup in
packages/jitar/rollup.config.js) marksnode:*modules as externals (e.g.preferBuiltins: true,exportConditions: ["node"]) so built-ins aren’t inlined.
🤖 Prompt for AI Agents
In packages/sourcing/src/files/LocalFileSystem.ts around lines 2-3, the file
uses node: specifier imports which require TypeScript moduleResolution to
support ESM node: specifiers and your bundler to treat node built-ins as
externals; update packages/sourcing/tsconfig.json to set
compilerOptions.moduleResolution to "nodenext" or "bundler" (and adjust module
to "nodenext" if needed) so TS accepts node: imports, then verify your bundler
config (e.g. packages/jitar/rollup.config.js) marks node:* built-ins as
externals (enable preferBuiltins: true and exportConditions: ["node"] or
equivalent) so node: imports are not inlined during bundle.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
packages/jitar/rollup.config.js (1)
21-24: Preserve Error class names and limit mangling to the browser build
Name mangling will rename all subclasses ofError(e.g.DatabaseError,ServerError,CustomError) and can break any code that inspectserror.name(e.g. in packages/serialization/src/serializers/ErrorSerializer.ts) as well as degrade stack traces in Node/CLI. Minification yields little benefit for server targets. Apply this instead:plugins: [terser({ module: true, - mangle: true + // Only mangle for the browser bundle; preserve Error names everywhere. + mangle: supportBrowser, + keep_classnames: /Error$/, + keep_fnames: /Error$/ })]
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
packages/jitar/rollup.config.js(1 hunks)
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (13)
examples/data-transportation/package.json (1)
19-19: Use workspace protocol for jitar dependency
The monorepo includes[email protected]underpackages/; update the example to link locally and avoid version skew:- "jitar": "0.10.0" + "jitar": "workspace:^"Or, to pin exactly while linking:
- "jitar": "0.10.0" + "jitar": "workspace:0.10.0"examples/load-balancing/package.json (1)
15-16: Add an engines field to lock Node version
All examples already pin jitar to 0.10.0 and the root package.json declares"packageManager": "[email protected]". To enforce consistent Node usage, add an"engines": { "node": "<your-supported-range>" }block in the root (or in each standalone example) so installs fail on unsupported Node versions.examples/multi-version/package.json (2)
12-13: Standardize example toolchain and lock Node environment
- Align TypeScript pin across all examples: most use 5.8.3, but “cors” & “access-protection” are on 5.9.3—either upgrade the others to 5.9.3 or revert those two to 5.8.3 for consistency.
- Add
"packageManager": "[email protected]"and an"engines": { "node": ">=20.0" }(or include a.nvmrc) to each example’s package.json to lock the Node/runtime version.
16-16: Ensure CI builds each example variant
All examples are consistently pinned to[email protected]; cross-example coherence confirmed across theexamples/directory. CI workflows currently lack any jobs targetingexamples/—add or update your GitHub Actions (e.g., in.github/workflows/nodejsci.yml) to build each example variant.examples/middleware/package.json (1)
12-13: Enforce correct Node engine range[email protected] requires Node 20.x or ≥22 and TypeScript ≥14.17; CI/node v24.3.0 meets both. Add to examples/middleware/package.json (or root) to prevent unsupported versions:
"engines": { "node": ">=20.0.0" }documentation/package.json (1)
18-20: Enforce Node ≥18 for documentation builds
- Add an engines field to
documentation/package.json:"type": "module", + "engines": { "node": ">=18.0.0" },
- Verify your CI workflows’
actions/setup-nodenode-versionis set to 18 or higher for the docs job.website/package.json (1)
16-19: Dev tool pinning SGTM.Locking cpx2/rimraf/minify reduces nondeterminism. If you hit minify CLI changes between 14.0.x and 14.1.0, add a tiny smoke test in CI to guard the output.
examples/error-handling/package.json (1)
15-16: Pinning acknowledged; consider TS version standardization.Matches the pinning approach elsewhere. For smoother dev experience, align TypeScript version with other examples (or document intentional divergence).
Also applies to: 19-19
examples/cors/package.json (1)
14-16: Unify TypeScript version or document exceptions: examples/cors/package.json pins TS 5.9.3, whereas most examples (e.g. segmentation, hello-world) use 5.8.3; align all to a single version repo-wide or document why 5.9.3 is required here.examples/health-checks/package.json (1)
12-13: Standardize TypeScript version across examples
- Align all examples on a single TS version (currently split between 5.8.3 and 5.9.3) to prevent compiler drift—recommend bumping the 5.8.3 pins to 5.9.3.
- Jitar is already pinned at 0.10.0 across every example, matching the workspace package.
- Examples lack an “engines” field—either add one or ensure your CI Node version meets rimraf@6’s requirement (Node ≥12).
packages/init/templates/vue/package.json (2)
22-22: Mixed pinning policy (TS pinned, others caret). Choose and document the template policy.Either pin all deps for reproducibility or keep carets for scaffolds. Right now it’s inconsistent.
Option A — pin all shown here:
- "vue": "^3.5.22" + "vue": "3.5.22"- "@types/node": "^24.6.1", + "@types/node": "24.6.1", - "@vitejs/plugin-vue": "^6.0.1", + "@vitejs/plugin-vue": "6.0.1", - "vite": "^7.1.7", + "vite": "7.1.7", - "vue-tsc": "^3.1.10" + "vue-tsc": "3.1.10"Option B — unpin TS to match the caret approach:
- "typescript": "5.9.3", + "typescript": "^5.9.3",
18-18: Align @types/node major with intended Node runtime.If the template targets Node 20 LTS in CI/dev, prefer @types/node ^20 to match; if targeting Node 22/24, keep 24 and declare "engines" accordingly.
Proposed engines (adjust as needed):
"type": "module", + "engines": { + "node": ">=20" + },examples/access-protection/package.json (1)
19-19: Prefer workspace protocol for local-dev linkage
Rootpackage.jsondeclares workspaces and there’s a localpackages/jitar; change to"jitar": "workspace:*"to link examples to the in-repo CLI during development—otherwise keep the pinned
"0.10.0"for stable demos.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (3)
documentation/package-lock.jsonis excluded by!**/package-lock.jsonpackage-lock.jsonis excluded by!**/package-lock.jsonwebsite/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (20)
documentation/package.json(1 hunks)examples/access-protection/package.json(1 hunks)examples/cors/package.json(1 hunks)examples/data-transportation/package.json(1 hunks)examples/error-handling/package.json(1 hunks)examples/health-checks/package.json(1 hunks)examples/hello-world/package.json(1 hunks)examples/load-balancing/package.json(1 hunks)examples/middleware/package.json(1 hunks)examples/multi-version/package.json(1 hunks)examples/resources/package.json(1 hunks)examples/segmentation/package.json(1 hunks)package.json(1 hunks)packages/configuration/package.json(1 hunks)packages/http/package.json(1 hunks)packages/init/templates/react/package.json(1 hunks)packages/init/templates/vue/package.json(1 hunks)packages/jitar/package.json(2 hunks)packages/sourcing/package.json(1 hunks)website/package.json(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- packages/init/templates/react/package.json
- examples/segmentation/package.json
🚧 Files skipped from review as they are similar to previous changes (4)
- packages/sourcing/package.json
- packages/jitar/package.json
- package.json
- packages/configuration/package.json
🔇 Additional comments (7)
examples/resources/package.json (1)
16-16: Movejitarto devDependencies
examples/resources isn’t in the workspace and invokesjitaronly via npm scripts (no runtime imports), so it belongs indevDependenciesto keep runtime deps lean.--- a/examples/resources/package.json +++ b/examples/resources/package.json @@ - "dependencies": { - "jitar": "0.10.0" - }, + "dependencies": {}, "devDependencies": { "rimraf": "6.0.1", "typescript": "5.8.3", + "jitar": "0.10.0" }examples/data-transportation/package.json (1)
15-16: Align TypeScript version with workspace; rimraf is consistent.
Rimraf 6.0.1 matches across allpackage.jsonfiles; update TypeScript inexamples/data-transportation/package.jsonfrom 5.8.3 to 5.9.3 to align with the root and other examples. Consider adding anengines.nodefield in the root or this example to enforce Node.js version compatibility.⛔ Skipped due to learnings
Learnt from: basmasking PR: MaskingTechnology/jitar#678 File: packages/validation/package.json:16-16 Timestamp: 2025-07-28T19:44:53.054Z Learning: In the jitar monorepo, standardized tooling dependencies like rimraf, vitest, and typescript are intentionally defined once at the root level package.json and rely on npm hoisting rather than being duplicated in each individual package's package.json file. Package-specific dependencies should be in individual package.json files, but common tooling should be centralized.examples/load-balancing/package.json (1)
19-19: Approve jitar dependency pinning [email protected] is consistently pinned under dependencies across all examples.examples/middleware/package.json (1)
16-16: No change needed for the jitar dependency
examples/middleware/package.json isn’t covered by the monorepo’s workspaces (“packages/”, “tools/”), so keeping the exact "0.10.0" pin is correct and reproducible. Jitar v0.10.0 supportsjitar start --service=<path>as expected.examples/hello-world/package.json (1)
16-16: Use workspace protocol for internal packagejitar resides in this monorepo’s workspaces and should be linked locally to prevent version drift.
- "jitar": "0.10.0" + "jitar": "workspace:*"packages/http/package.json (1)
25-29: <!-- [scratchpad]
[task verify_internal_deps_1/1]
[observations]
- Original
rgscript failed due to unsupported PCRE lookahead in ripgrep.- We need to confirm all
@jitar/*deps inpackages/http/package.jsonuseworkspace:*.
[analysis]- Use a two-step grep: list all
@jitar/...lines, then filter out any lackingworkspace:.
[pending]- Run corrected script to verify no published versions sneak in.
[actions]- Execute improved script:
rg -n '"@jitar/(execution|middleware|runtime|services|sourcing|validation)"' -g 'packages/http/package.json' | grep -v 'workspace:' || echo "OK: all internal deps use workspace:*"#!/bin/bash # Check for any @jitar deps lacking workspace protocol rg -n '"@jitar/(execution|middleware|runtime|services|sourcing|validation)"' -g 'packages/http/package.json' | grep -v 'workspace:' || echo "OK: all internal deps use workspace:*"examples/access-protection/package.json (1)
15-16: Pinning devDeps is fine; manual verification needed
- No
engines.nodefield found in any package.json—please confirm the repo’s minimum Node version (must be ≥20 for rimraf 6.0.1 and ≥14.17.0 for TS 5.9.3).- No other TypeScript versions declared—ensure v5.9.3 is consistent across all packages or hoist TS at the workspace root.
- If
jitaris a local workspace package, switch its entry to"workspace:*"to avoid version drift.
examples/hello-world/package.json
Outdated
| "rimraf": "6.0.1", | ||
| "typescript": "5.8.3" |
There was a problem hiding this comment.
🧩 Analysis chain
Pinning OK; confirm Node/TS compatibility and lockfile updates.
Good for reproducibility. Ensure the repo’s Node version and CI match these pins (rimraf v6 is ESM and may require newer Node), and that the lockfile is refreshed.
🏁 Script executed:
#!/bin/bash
# Verify Node engines declared in the repo and CI node versions.
fd -a package.json | while read -r f; do printf "==> %s\n" "$f"; jq -r '.engines?.node // "(no engines.node)"' "$f"; done
echo "==> CI node versions (if any):"
fd -a .github/workflows | xargs rg -nP 'setup-node.+node-version:\s*["'\'']?([0-9x*.,\s]+)'
# Check latest published versions to ensure pins exist
curl -s https://registry.npmjs.org/rimraf | jq -r '.["dist-tags"].latest'
curl -s https://registry.npmjs.org/typescript | jq -r '.["dist-tags"].latest'Length of output: 2897
🏁 Script executed:
#!/bin/bash
echo "Root workspaces:"
jq .workspaces package.json
echo
echo "Jitar in examples/hello-world/package.json:"
jq '.dependencies.jitar' examples/hello-world/package.json
echo
echo "[email protected] engines:"
curl -s https://registry.npmjs.org/rimraf/6.0.1 | jq .enginesLength of output: 152
Require Node ≥20 for rimraf@6
Rimraf 6.0.1 declares "node": "20 || >=22", so add an engines.node: ">=20" entry to examples/hello-world/package.json, update your CI matrix to test on Node ≥20, and regenerate the lockfile.
🤖 Prompt for AI Agents
In examples/hello-world/package.json around lines 12 to 13, rimraf@6 requires
Node >=20 so add an "engines": { "node": ">=20" } entry to package.json, update
the repository CI matrix/workflow(s) to include Node 20 (and optionally 22+)
instead of older Node versions, and regenerate the project lockfile
(npm/yarn/pnpm lock) so the lockfile reflects the compatible dependency
resolution for Node >=20.
| "dependencies": { | ||
| "jitar": "^0.10.0", | ||
| "vue": "^3.5.16" | ||
| "vue": "^3.5.22" |
There was a problem hiding this comment.
🧩 Analysis chain
Version bump set looks reasonable; please verify cross-compat and engines.
Vue 3.5.22 + Vite 7 + @vitejs/plugin-vue 6 + vue-tsc 3.1 + TS 5.9 should work together, but confirm peerDeps and required Node version, then encode it via "engines". Also confirm @types/node 24 aligns with the Node version you target for this template.
Run:
If Node >=20 (or >=18) is required, add:
"type": "module",
+ "engines": {
+ "node": ">=20"
+ },Also applies to: 18-18, 20-20, 22-22, 23-23, 24-24
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Vite engines and peer deps"
npm view [email protected] engines peerDependencies
echo "plugin-vue peer deps"
npm view @vitejs/[email protected] peerDependencies
echo "vue-tsc peer deps"
npm view [email protected] peerDependencies
echo "vue version"
npm view [email protected] version
echo "@types/node 24 notes"
npm view @types/[email protected] versionLength of output: 816
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "All vue-tsc versions:"
npm view vue-tsc versions --json
LATEST=$(npm view vue-tsc version)
echo "Latest vue-tsc version: $LATEST"
npm view vue-tsc@$LATEST peerDependenciesLength of output: 4462
Fix invalid vue-tsc version and add Node engines
- [email protected] is not published; update to “^3.1.0” to match the latest 3.x release
- Add an “engines” field to enforce Node >= 20.19.0 (Vite 7 requires node: ^20.19.0 || >=22.12.0)
🤖 Prompt for AI Agents
In packages/init/templates/vue/package.json around line 15, the template pins an
invalid vue-tsc version and lacks Node engine constraints; update the vue-tsc
dependency from the unpublished "3.1.10" to a valid semver such as "^3.1.0" (to
match the latest 3.x release), and add an "engines" field to package.json
specifying "node": ">=20.19.0" (or "node": ">=20.19.0" to satisfy Vite 7's
requirement) so Node version enforcement is included.
|
Fixes #679
Changes proposed in this pull request:
@MaskingTechnology/jitar