Skip to content

vp migrate beta test#7

Draft
fengmk2 wants to merge 1 commit into
mainfrom
vp-migrate-test
Draft

vp migrate beta test#7
fengmk2 wants to merge 1 commit into
mainfrom
vp-migrate-test

Conversation

@fengmk2

@fengmk2 fengmk2 commented Jun 29, 2026

Copy link
Copy Markdown
Owner

No description provided.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request migrates the project's toolchain to Vite+, updating configuration files, documentation, and package dependencies (including overrides for vite and vitest). Additionally, test files have been updated to import from vite-plus/test instead of vitest. Feedback on these changes highlights the security and stability risks of committing a temporary registry bridge to .npmrc and using commit-specific dependency versions in package.json.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread .npmrc
Comment on lines +1 to +2
# pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh)
registry=https://pkg-pr-registry-bridge.void.app/

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Committing a temporary registry bridge (https://pkg-pr-registry-bridge.void.app/) to .npmrc is risky. This registry is likely meant only for local testing or temporary PR builds. Merging this will force all developers and CI/CD pipelines to route package installations through this bridge, which can lead to build failures, slow installations, or security vulnerabilities (e.g., dependency hijacking). Please remove this file or revert these changes before merging.

Comment thread package.json
Comment on lines +114 to +119
"vite-plus": "0.0.0-commit.333e612a4d9d966e79724c336ba7bf422f79b442",
"vitest": "4.1.9"
},
"overrides": {
"esbuild": "0.28.1"
"esbuild": "0.28.1",
"vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.333e612a4d9d966e79724c336ba7bf422f79b442",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using commit-specific versions (0.0.0-commit.333e612a4d9d966e79724c336ba7bf422f79b442) for vite-plus and the vite override is acceptable for a beta test, but it is highly unstable for a production or main branch. These commit-specific packages might be pruned or modified on the registry, leading to reproducible build issues in the future. Once the beta testing is successful, please update these to point to a stable, tagged release version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant