chore: vp migrate beta test#4
Conversation
There was a problem hiding this comment.
Code Review
This pull request updates the project's toolchain configuration, including adding VS Code formatter settings, simplifying the Vite+ documentation in AGENTS.md, and updating dependency versions in package.json to specific commit-based releases. The review feedback highlights a security and reliability risk with routing all package installations through a proxy registry bridge in .npmrc. Additionally, it identifies a critical typo in package.json where vitest and @vitest/coverage-v8 are set to a non-existent version 4.1.9 instead of 1.4.9, which will cause installation failures.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "@vitest/coverage-v8": "4.1.9", | ||
| "typescript": "^5.9.3", | ||
| "vite-plus": "^0.1.19" | ||
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | ||
| "vite-plus": "0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | ||
| "vitest": "4.1.9" |
There was a problem hiding this comment.
It appears that 4.1.9 is a transposition typo for 1.4.9 (and the previous ^4.1.0 was a typo for ^1.4.0).
Since there is no official version 4.x of vitest or @vitest/coverage-v8 on the public npm registry, attempting to install these versions will fail unless using a custom registry that specifically hosts them under these versions. Please correct these to 1.4.9 (or the intended version).
| "@vitest/coverage-v8": "4.1.9", | |
| "typescript": "^5.9.3", | |
| "vite-plus": "^0.1.19" | |
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | |
| "vite-plus": "0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | |
| "vitest": "4.1.9" | |
| "@vitest/coverage-v8": "1.4.9", | |
| "typescript": "^5.9.3", | |
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | |
| "vite-plus": "0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | |
| "vitest": "1.4.9" |
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | ||
| "vitest": "4.1.9" |
There was a problem hiding this comment.
Similarly, please update the vitest override version to 1.4.9 to match the corrected devDependency version and avoid resolution failures.
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | |
| "vitest": "4.1.9" | |
| "vite": "npm:@voidzero-dev/vite-plus-core@0.0.0-commit.1318359eba93dfc997012ce2801f02fbe5534902", | |
| "vitest": "1.4.9" |
| @@ -0,0 +1,2 @@ | |||
| # pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh) | |||
| registry=https://pkg-pr-registry-bridge.void.app/ | |||
There was a problem hiding this comment.
Setting the global registry to https://pkg-pr-registry-bridge.void.app/ routes all package installations (including public ones like react, typescript, etc.) through this proxy.
This introduces security risks (potential package tampering, credential leakage) and reliability risks (if the bridge goes down, all installs fail).
If this is only for temporary local testing, please ensure this file is not merged into the main branch. If you need to use pkg.pr.new builds, consider using direct tarball URLs from pkg.pr.new (e.g., https://pkg.pr.new/<owner>/<repo>/<package>@<commit>) instead of overriding the global registry.
READ AND DELETE THIS SECTION BEFORE SUBMITTING PR
Description
One Line Summary
REQUIRED - Very short description that summaries the changes in this PR.
Details
Motivation
REQUIRED - Why is this code change being made? Or what is the goal of this PR? Examples: Fixes a specific bug, provides additional logging to debug future issues, feature to allow X.
Scope
RECOMMEND - OPTIONAL - What is intended to be effected. What is known not to change. Example: Notifications are grouped when parameter X is set, not enabled by default.
OPTIONAL - Other
OPTIONAL - Feel free to add any other sections or sub-sections that can explain your PR better.
Testing
Unit testing
OPTIONAL - Explain unit tests added, if not clear in the code.
Manual testing
RECOMMEND - OPTIONAL - Explain what scenarios were tested and the environment.
Example: Tested opening a notification while the app was foregrounded, app build with Android Studio 2020.3 with a fresh install of the OneSignal example app on a Pixel 6 with Android 12.
Affected code checklist
Checklist
Overview
Testing
Final pass