feat(clerk-js): Filter undefined values from request body

[nikosdouvlis]

Description

Removes all undefined values from the body of requests fired through fapiClient
This shouldn't change existing behavior - it's something that we used to do manually in the resources but we decided to move the logic to a more central place as we had to constantly do extra checks for boolean values or params that could take null | '' as valid values

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Refactor
  • Non-FormData request bodies now omit top-level undefined fields for cleaner API payloads.
  • Sign-up flows send streamlined request bodies with consistent metadata normalization.
• Tests
  • Added comprehensive tests covering filtering behavior across objects, FormData, arrays, primitives, empty/undefined-only cases, and shallow (non-deep) behavior.
• Chores
  • Added a changeset entry and exported the new filtering utility.

[changeset-bot]

🦋 Changeset detected

Latest commit: c30b872

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Sep 23, 2025 10:16am

[coderabbitai]

Walkthrough

Adds a shallow filterUndefinedValues utility and re-exports it; applies it in fapiClient to remove top-level undefined properties from non-FormData object request bodies; refactors SignUp methods to spread params and normalize unsafeMetadata; adds unit tests (including a duplicated fapiClient suite); adds an empty changeset.

Changes

Cohort / File(s)	Summary
Request body filtering integration packages/clerk-js/src/core/fapiClient.ts, packages/clerk-js/src/core/__tests__/fapiClient.spec.ts	fapiClient.request now runs filterUndefinedValues on non-FormData object bodies before encoding. Tests cover plain objects, FormData, strings, empty objects, nested objects; the new test suite appears twice (duplicate insertion).
Undefined filtering utility + exports packages/clerk-js/src/utils/filterUndefinedValues.ts, packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts, packages/clerk-js/src/utils/index.ts	Adds filterUndefinedValues (shallow: remove top-level undefined keys, preserve other falsy values), unit tests for primitives/arrays/FormData/objects, and re-exports the utility; re-export order for beforeUnloadTracker moved below appearance.
SignUp body construction refactor packages/clerk-js/src/core/resources/SignUp.ts	create, update, and password now build request bodies via ...params and include normalized unsafeMetadata, replacing previous explicit per-field mappings.
Changeset metadata .changeset/fuzzy-books-win.md	Adds a changeset file containing an empty front-matter block (---) with no runtime/API changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor UI as UI
  participant SignUp as SignUp
  participant FApi as fapiClient
  participant Filter as filterUndefinedValues
  participant Net as Network

  UI->>SignUp: call create/update/password(params)
  SignUp->>SignUp: body = {...params, unsafeMetadata: normalized}
  SignUp->>FApi: request({ method, body })
  alt body instanceof FormData
    FApi->>Net: send FormData as-is
  else body is object (non-FormData)
    FApi->>Filter: filterUndefinedValues(body)
    Filter-->>FApi: filteredBody
    FApi->>Net: encode & send filteredBody
  else
    FApi->>Net: send non-object body as-is
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I nibble keys and tidy the nest,
Top-level undefineds I gently detest.
Sign-ups hop in with metadata neat,
Requests leap forward with cleaner feet.
Two tests clap twice — a double-skip beat. 🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely and accurately describes the main change — filtering undefined values from request bodies in clerk-js — and follows conventional commit style. It is specific, clear, and communicates the primary intent to reviewers without extraneous detail.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nikos/filter-undefined-values-from-body

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6776

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6776

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6776

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6776

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6776

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6776

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6776

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6776

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6776

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6776

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6776

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6776

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6776

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6776

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6776

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6776

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6776

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6776

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6776

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6776

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6776

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6776

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6776

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6776

commit: c30b872

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

packages/clerk-js/src/utils/filterUndefinedValues.ts (1)

1-6: Tiny docs touch‑up: clarify return value

 /**
  * Filters out undefined values from the first level of an object.
  * Preserves all other falsy values (null, false, 0, empty string).
  *
- * @param obj - The object to filter, or any other value
+ * @param obj - The value to filter; non-plain objects are returned unchanged
+ * @returns The same value if not a plain object; otherwise a shallow copy without undefined top-level properties
  */

packages/clerk-js/src/core/resources/SignUp.ts (1)

604-606: Remove redundant transfer assignment

transfer is also included via ...params, so this line is a no‑op and can be dropped.

-        transfer: params.transfer,
         captchaToken,
         captchaWidgetType,
         captchaError,
         ...params,

Also applies to: 608-608

packages/clerk-js/src/core/__tests__/fapiClient.spec.ts (1)

354-382: Rename test for clarity: nested undefined aren’t preserved after JSON stringify

The expectation is that nested undefined keys are dropped by JSON.stringify. Update the title to avoid confusion.

-it('does not perform deep filtering - preserves nested undefined values', async () => {
+it('does not perform deep filtering — nested objects are JSON‑stringified (undefined omitted)', async () => {

packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts (1)

137-144: Add coverage for non‑plain objects (Date/Map/Set/URLSearchParams)

Ensure we don’t accidentally coerce these to {}. With the proposed plain‑object guard, they should round‑trip unchanged.

   it('creates a new object reference', () => {
     const input = { a: 1, b: undefined };
     const result = filterUndefinedValues(input);
 
     expect(result).not.toBe(input);
     expect(result).toEqual({ a: 1 });
   });
+
+  it('returns non-plain objects unchanged (Date/Map/Set/URLSearchParams)', () => {
+    const d = new Date();
+    const m = new Map([['a', 1]]);
+    const s = new Set([1, 2]);
+    const usp = new URLSearchParams({ a: '1' });
+    expect(filterUndefinedValues(d)).toBe(d);
+    expect(filterUndefinedValues(m as any)).toBe(m);
+    expect(filterUndefinedValues(s as any)).toBe(s);
+    expect(filterUndefinedValues(usp as any)).toBe(usp);
+  });
 });

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1ceedad and efb512c.

📒 Files selected for processing (7)

• .changeset/fuzzy-books-win.md (1 hunks)
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts (1 hunks)
• packages/clerk-js/src/core/fapiClient.ts (2 hunks)
• packages/clerk-js/src/core/resources/SignUp.ts (2 hunks)
• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts (1 hunks)
• packages/clerk-js/src/utils/filterUndefinedValues.ts (1 hunks)
• packages/clerk-js/src/utils/index.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (12)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/utils/filterUndefinedValues.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/fapiClient.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/utils/filterUndefinedValues.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/fapiClient.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/utils/filterUndefinedValues.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/fapiClient.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/utils/filterUndefinedValues.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/fapiClient.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/utils/filterUndefinedValues.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/fapiClient.ts

packages/**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Unit tests should use Jest or Vitest as the test runner.

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts

packages/{clerk-js,elements,themes}/**/*.{test,spec}.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Visual regression testing should be performed for UI components.

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/utils/filterUndefinedValues.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts
• packages/clerk-js/src/core/resources/SignUp.ts
• packages/clerk-js/src/core/fapiClient.ts

**/__tests__/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/typescript.mdc)

**/__tests__/**/*.{ts,tsx}: Create type-safe test builders/factories
Use branded types for test isolation
Implement proper mock types that match interfaces

Files:

• packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts
• packages/clerk-js/src/core/__tests__/fapiClient.spec.ts

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/fuzzy-books-win.md

packages/**/index.{js,ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use tree-shaking friendly exports

Files:

• packages/clerk-js/src/utils/index.ts

**/index.ts

📄 CodeRabbit inference engine (.cursor/rules/react.mdc)

Use index.ts files for clean imports but avoid deep barrel exports

Avoid barrel files (index.ts re-exports) as they can cause circular dependencies

Files:

• packages/clerk-js/src/utils/index.ts

🧬 Code graph analysis (3)

packages/clerk-js/src/utils/__tests__/filterUndefinedValues.spec.ts (1)

packages/clerk-js/src/utils/filterUndefinedValues.ts (1)

• filterUndefinedValues (7-22)

packages/clerk-js/src/core/resources/SignUp.ts (2)

packages/types/src/signUpFuture.ts (1)

• SignUpFutureUpdateParams (18-18)

packages/clerk-js/src/utils/runAsyncResourceTask.ts (1)

• runAsyncResourceTask (8-30)

packages/clerk-js/src/core/fapiClient.ts (1)

packages/clerk-js/src/utils/filterUndefinedValues.ts (1)

• filterUndefinedValues (7-22)

🔇 Additional comments (6)

packages/clerk-js/src/core/resources/SignUp.ts (3)

170-173: Whole‑object normalization: confirm normalizeUnsafeMetadata semantics

Passing the entire finalParams into normalizeUnsafeMetadata is tidy; confirm it only transforms unsafeMetadata and doesn’t touch captcha fields or other params.

---

614-617: LGTM: update body build is consistent and defers undefined filtering to fapiClient

Also applies to: 619-619

---

632-634: LGTM: password body build mirrors create/update pattern

Also applies to: 636-636

packages/clerk-js/src/core/fapiClient.ts (1)

8-13: Import looks good

.changeset/fuzzy-books-win.md (1)

1-2: Fix empty Changeset front‑matter — releases will be skipped or fail

File: .changeset/fuzzy-books-win.md (lines 1–2) — front‑matter is empty; specify package, bump type, and add a short summary.

Apply something like:

----
----
+---
+'@clerk/clerk-js': patch
+---
+
+Filter undefined values from non‑FormData request bodies in fapiClient; add filterUndefinedValues utility and export; normalize SignUp body builders.

Verify the exact package name in this repo (e.g., '@clerk/clerk-js').

packages/clerk-js/src/utils/index.ts (1)

2-2: No import-time side effects — beforeUnloadTracker safe to re-export.
beforeUnloadTracker.ts only declares factory functions; addEventListener is called inside startListening()/createBeforeUnloadTracker when enabled, not at import time (packages/clerk-js/src/utils/beforeUnloadTracker.ts; CLERK_BEFORE_UNLOAD_EVENT is a const in packages/clerk-js/src/utils/windowNavigate.ts).

[coderabbitai]

⚠️ Potential issue

Use the filtered body for encoding; current code reuses the stale body constant

requestInit.body is filtered, but the subsequent logic (content-type check and form-encoding) still references the original body, negating the filter. Use the updated requestInit.body (or mutate the local body) for all downstream checks/serialization.

-    const { method = 'GET', body } = requestInit;
+    let { method = 'GET', body } = requestInit;
@@
-    if (body && typeof body === 'object' && !(body instanceof FormData)) {
-      requestInit.body = filterUndefinedValues(body);
-    }
+    if (body && typeof body === 'object' && !(body instanceof FormData)) {
+      body = filterUndefinedValues(body as any);
+      requestInit.body = body as any;
+    }
@@
-    if (method !== 'GET' && !(body instanceof FormData) && !requestInit.headers.has('content-type')) {
+    if (method !== 'GET' && !(requestInit.body instanceof FormData) && !requestInit.headers.has('content-type')) {
       requestInit.headers.set('content-type', 'application/x-www-form-urlencoded');
     }
@@
-      requestInit.body = body
-        ? stringifyQueryParams(body as any as Record<string, string>, { keyEncoder: camelToSnake })
-        : body;
+      const payload = requestInit.body as any as Record<string, string> | undefined;
+      requestInit.body = payload ? stringifyQueryParams(payload, { keyEncoder: camelToSnake }) : payload;

Also applies to: 216-218, 224-230

[panteliselef]

If we want to handle instances of different classes not just FormData, we can do

Suggested change

	if (!obj || typeof obj !== 'object' || Array.isArray(obj) || obj instanceof FormData) {
	if (!obj || typeof obj !== 'object' || Object.getPrototypeOf(obj) !== Object.prototype) {

[nikosdouvlis]

I think thats better, let me change it

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/clerk-js/src/core/resources/SignUp.ts (1)

601-608: Prevent params from overriding computed captcha fields (move spread earlier; drop redundant transfer)

Placing ...params after the captcha fields allows callers to overwrite captchaToken, captchaWidgetType, and captchaError. Move the spread before computed fields so our computed values always win. Also, transfer is already included via the spread, so the explicit entry is redundant.

Apply this diff:

-      const body: Record<string, unknown> = {
-        transfer: params.transfer,
-        captchaToken,
-        captchaWidgetType,
-        captchaError,
-        ...params,
-        unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
-      };
+      const body: Record<string, unknown> = {
+        ...params,
+        unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
+        captchaToken,
+        captchaWidgetType,
+        captchaError,
+      };

🧹 Nitpick comments (1)

packages/clerk-js/src/core/resources/SignUp.ts (1)

616-621: Optional: inline normalization for consistency with create

You can simplify and align with create by inlining the call and letting the lower layer strip undefined.

-      const body: Record<string, unknown> = {
-        ...params,
-        unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
-      };
-
-      await this.resource.__internal_basePatch({ path: this.resource.pathRoot, body });
+      await this.resource.__internal_basePatch({
+        path: this.resource.pathRoot,
+        body: normalizeUnsafeMetadata(params),
+      });

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3d74404 and c30b872.

📒 Files selected for processing (3)

• packages/clerk-js/src/core/fapiClient.ts (2 hunks)
• packages/clerk-js/src/core/resources/SignUp.ts (2 hunks)
• packages/clerk-js/src/utils/index.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/clerk-js/src/utils/index.ts
• packages/clerk-js/src/core/fapiClient.ts

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/clerk-js/src/core/resources/SignUp.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/clerk-js/src/core/resources/SignUp.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/clerk-js/src/core/resources/SignUp.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/clerk-js/src/core/resources/SignUp.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/clerk-js/src/core/resources/SignUp.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/clerk-js/src/core/resources/SignUp.ts

🧬 Code graph analysis (1)

packages/clerk-js/src/core/resources/SignUp.ts (2)

packages/types/src/signUpFuture.ts (1)

• SignUpFutureUpdateParams (19-19)

packages/clerk-js/src/utils/runAsyncResourceTask.ts (1)

• runAsyncResourceTask (8-31)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Build Packages
• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: semgrep/ci
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (1)

packages/clerk-js/src/core/resources/SignUp.ts (1)

610-610: Confirmed: fapiClient strips top-level undefineds for non-FormData request bodies

fapiClient imports filterUndefinedValues and runs requestInit.body = filterUndefinedValues(body) for object bodies that are not FormData (packages/clerk-js/src/core/fapiClient.ts ≈ line 204), so the SignUp call is covered.

[coderabbitai]

⚠️ Potential issue

Ensure strategy: 'password' and captcha values cannot be overridden by params

Same precedence issue as in create: put the spread first so strategy and captcha fields aren’t overwritten by the caller.

-      const body: Record<string, unknown> = {
-        strategy: 'password',
-        captchaToken,
-        captchaWidgetType,
-        captchaError,
-        ...params,
-        unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
-      };
+      const body: Record<string, unknown> = {
+        ...params,
+        unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
+        strategy: 'password',
+        captchaToken,
+        captchaWidgetType,
+        captchaError,
+      };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const body: Record<string, unknown> = {
	strategy: 'password',
	password: params.password,
	captchaToken,
	captchaWidgetType,
	captchaError,
	...params,
	unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
	};
	const body: Record<string, unknown> = {
	...params,
	unsafeMetadata: params.unsafeMetadata ? normalizeUnsafeMetadata(params.unsafeMetadata) : undefined,
	strategy: 'password',
	captchaToken,
	captchaWidgetType,
	captchaError,
	};

🤖 Prompt for AI Agents

In packages/clerk-js/src/core/resources/SignUp.ts around lines 629 to 636, the
current body object puts ...params before explicit strategy and captcha fields
which allows a caller to override strategy and captcha values; to fix, construct
the body with the spread of params first, then set strategy: 'password' and the
captcha fields (captchaToken, captchaWidgetType, captchaError) and compute
unsafeMetadata after, so the explicit values win and cannot be overridden by
params.