vp migrate beta test#9
Conversation
|
Hi @fengmk2, thanks for your contribution! To ensure quality reviews, we limit how many concurrent PRs new contributors can open:
This PR is currently on hold. We will automatically move this into the review queue once your existing PRs are merged or closed. Please see our Contributing Guidelines for details on our tiered quota policy. |
There was a problem hiding this comment.
Code Review
This pull request migrates the project's toolchain from Vite, Vitest, Husky, and lint-staged to Vite+, updating configuration files, scripts, and test imports across the repository to use the vp CLI. Feedback on these changes highlights a security risk regarding the addition of a temporary registry bridge in .npmrc, recommends using npx for the pre-commit hook to avoid requiring a global installation of vp, and advises updating the pinned commit-hash version of vite-plus to a stable public release.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
|
||
| # pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh) | ||
| registry=https://pkg-pr-registry-bridge.void.app/ |
There was a problem hiding this comment.
The registry bridge https://pkg-pr-registry-bridge.void.app/ was added to .npmrc. This appears to be a temporary registry bridge used for testing prerelease packages (e.g., via pkg.pr.new). Committing this to the repository forces all package installations to go through this bridge, which poses security risks and can cause build failures once the temporary bridge is offline. Please remove this configuration and use stable npm registry versions before merging.
| "${HOME}/.config/git/hooks/pre-commit" || exit $? | ||
| fi | ||
| npx lint-staged | ||
| vp staged |
There was a problem hiding this comment.
| "openapi-zod-client": "1.18.3", | ||
| "typescript": "6.0.2", | ||
| "vite-plus": "0.2.1", | ||
| "vite-plus": "0.0.0-commit.4f61f920640a17d1ebd019f516e883f6de6a9811", |
There was a problem hiding this comment.
The dependency vite-plus is pinned to a temporary commit-hash version (0.0.0-commit.4f61f920640a17d1ebd019f516e883f6de6a9811). Please ensure this is updated to a stable public release version before merging this pull request to the main branch.
| "vite-plus": "0.0.0-commit.4f61f920640a17d1ebd019f516e883f6de6a9811", | |
| "vite-plus": "^0.2.1", |
No description provided.