vp migrate beta test#8
Conversation
There was a problem hiding this comment.
Code Review
This pull request migrates the workspace to use vite-plus and configures a shared dependency catalog in pnpm-workspace.yaml. It updates test scripts, configuration files, and test imports across multiple packages to use vite-plus instead of vitest. The primary feedback concerns a security risk in .npmrc, where overriding the global registry to a temporary bridge could expose the project to dependency confusion; using a scoped registry configuration is recommended instead.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| # pkg.pr.new registry bridge (added by test-pkg-pr-new-migrate.sh) | ||
| registry=https://pkg-pr-registry-bridge.void.app/ |
There was a problem hiding this comment.
Overriding the global registry to a temporary/test registry bridge (https://pkg-pr-registry-bridge.void.app/) routes all package installations through this third-party service. This poses security risks (such as dependency confusion) and potential reliability/performance issues for public packages. If this registry is only needed for specific scoped packages (like @voidzero-dev), consider using a scoped registry configuration instead: @voidzero-dev:registry=https://pkg-pr-registry-bridge.void.app/. If unscoped packages like vite-plus also need to be fetched from this registry, ensure this override is temporary and removed before merging to production/main branches.
No description provided.