vp migrate beta test#5
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces configuration files for Vite+ integration, including VS Code settings, a local registry bridge in .npmrc, and documentation in AGENTS.md. It also updates dependency catalogs in package.json and pnpm-workspace.yaml. However, two critical issues were identified: overriding the global registry in .npmrc to a third-party bridge poses a security risk, and the specified vitest version 4.1.9 in pnpm-workspace.yaml does not exist on the npm registry, which will cause installation failures.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| # pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh) | ||
| registry=https://pkg-pr-registry-bridge.render.vip/ |
There was a problem hiding this comment.
Overriding the global registry in .npmrc to a third-party bridge (https://pkg-pr-registry-bridge.render.vip/) routes all package installations (including public dependencies like react, typescript, zod, etc.) through this endpoint. This poses a significant security risk (potential MITM or dependency hijacking) and can cause performance/reliability issues if the bridge goes down.
If this bridge is only needed for @voidzero-dev packages, consider scoping it instead. If it is also needed for the unscoped vite-plus package, please ensure this temporary configuration is not merged into the main production branch.
# pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh)
@voidzero-dev:registry=https://pkg-pr-registry-bridge.render.vip/
| vitest: npm:@voidzero-dev/vite-plus-test@latest | ||
| vite: npm:@voidzero-dev/vite-plus-core@0.0.0-commit.d5c8d9e163733881a841c16ca1778868d65fe7ef | ||
| vite-plus: 0.0.0-commit.d5c8d9e163733881a841c16ca1778868d65fe7ef | ||
| vitest: 4.1.9 |
There was a problem hiding this comment.
The version 4.1.9 for vitest does not exist on the npm registry (the current major version of Vitest is 3.x). This will cause installation failures during pnpm install.
If you intended to use the vite-plus test package (as was previously configured with npm:@voidzero-dev/vite-plus-test@latest), you should point it to the corresponding commit-specific version, or use a valid Vitest version (e.g., 3.0.5 or 2.1.9).
vitest: npm:@voidzero-dev/vite-plus-test@0.0.0-commit.d5c8d9e163733881a841c16ca1778868d65fe7ef
🤖 Build Bot✅ Successful build ⬇️ Download: notero-1.2.4-11 |
No description provided.