vp migrate beta test#7
Conversation
There was a problem hiding this comment.
Code Review
This pull request migrates the project's toolchain to Vite+, updating configuration files, documentation, and package dependencies (including overrides for vite and vitest). Additionally, test files have been updated to import from vite-plus/test instead of vitest. Feedback on these changes highlights the security and stability risks of committing a temporary registry bridge to .npmrc and using commit-specific dependency versions in package.json.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| # pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh) | ||
| registry=https://pkg-pr-registry-bridge.void.app/ |
There was a problem hiding this comment.
Committing a temporary registry bridge (https://pkg-pr-registry-bridge.void.app/) to .npmrc is risky. This registry is likely meant only for local testing or temporary PR builds. Merging this will force all developers and CI/CD pipelines to route package installations through this bridge, which can lead to build failures, slow installations, or security vulnerabilities (e.g., dependency hijacking). Please remove this file or revert these changes before merging.
| "vite-plus": "0.0.0-commit.333e612a4d9d966e79724c336ba7bf422f79b442", | ||
| "vitest": "4.1.9" | ||
| }, | ||
| "overrides": { | ||
| "esbuild": "0.28.1" | ||
| "esbuild": "0.28.1", | ||
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.333e612a4d9d966e79724c336ba7bf422f79b442", |
There was a problem hiding this comment.
Using commit-specific versions (0.0.0-commit.333e612a4d9d966e79724c336ba7bf422f79b442) for vite-plus and the vite override is acceptable for a beta test, but it is highly unstable for a production or main branch. These commit-specific packages might be pruned or modified on the registry, leading to reproducible build issues in the future. Once the beta testing is successful, please update these to point to a stable, tagged release version.
No description provided.