Skip to content

vp migrate beta test#9

Draft
fengmk2 wants to merge 1 commit into
mainfrom
vp-migrate-test
Draft

vp migrate beta test#9
fengmk2 wants to merge 1 commit into
mainfrom
vp-migrate-test

Conversation

@fengmk2

@fengmk2 fengmk2 commented Jun 28, 2026

Copy link
Copy Markdown
Owner

No description provided.

@github-actions github-actions Bot added the pr-quota-reached PR is on hold due to quota limits for new contributors label Jun 28, 2026
@github-actions

Copy link
Copy Markdown

Hi @fengmk2, thanks for your contribution! To ensure quality reviews, we limit how many concurrent PRs new contributors can open:

  • Open: 9
  • Limit: 1

This PR is currently on hold. We will automatically move this into the review queue once your existing PRs are merged or closed.

Please see our Contributing Guidelines for details on our tiered quota policy.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request migrates the project's toolchain from Vite, Vitest, Husky, and lint-staged to Vite+, updating configuration files, scripts, and test imports across the repository to use the vp CLI. Feedback on these changes highlights a security risk regarding the addition of a temporary registry bridge in .npmrc, recommends using npx for the pre-commit hook to avoid requiring a global installation of vp, and advises updating the pinned commit-hash version of vite-plus to a stable public release.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread .npmrc
Comment on lines +2 to +4

# pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh)
registry=https://pkg-pr-registry-bridge.void.app/

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The registry bridge https://pkg-pr-registry-bridge.void.app/ was added to .npmrc. This appears to be a temporary registry bridge used for testing prerelease packages (e.g., via pkg.pr.new). Committing this to the repository forces all package installations to go through this bridge, which poses security risks and can cause build failures once the temporary bridge is offline. Please remove this configuration and use stable npm registry versions before merging.

Comment thread .vite-hooks/pre-commit
"${HOME}/.config/git/hooks/pre-commit" || exit $?
fi
npx lint-staged
vp staged

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Running vp staged directly requires the vp CLI to be installed globally on the developer's machine. To ensure the pre-commit hook works seamlessly for all developers without requiring a global installation, it is highly recommended to run it via npx.

npx vp staged

Comment thread package.json
"openapi-zod-client": "1.18.3",
"typescript": "6.0.2",
"vite-plus": "0.2.1",
"vite-plus": "0.0.0-commit.4f61f920640a17d1ebd019f516e883f6de6a9811",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The dependency vite-plus is pinned to a temporary commit-hash version (0.0.0-commit.4f61f920640a17d1ebd019f516e883f6de6a9811). Please ensure this is updated to a stable public release version before merging this pull request to the main branch.

Suggested change
"vite-plus": "0.0.0-commit.4f61f920640a17d1ebd019f516e883f6de6a9811",
"vite-plus": "^0.2.1",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr-quota-reached PR is on hold due to quota limits for new contributors

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant