feat(cli/init): pick dependencies versions from our own package.json

[pkuczynski]

Description of change

Instead of manually updating peer dependencies version generated via init command, we could pull them from our own dependencies and devDependencies defined in package.json, which would lower maintenance effort on our side (single place to update, consistency in testing environment when bugs are reported).

Pull-Request Checklist

• Code is up-to-date with the master branch
• This pull request links relevant issues as Fixes #00000
• There are new or updated unit tests validating the change
• Documentation has been updated to reflect this change

Summary by CodeRabbit

• New Features

  • Project initialization now pulls dependency versions from the tool’s own manifest for consistent scaffolding.
  • Added optional Google Cloud Spanner driver support during project setup.
  • Enabled importing JSON files as modules in TypeScript.

• Chores

  • Packaging pipeline updated to rewrite internal manifest references so packaged commands point to the top-level manifest.
  • Added development dependency for the Google Cloud Spanner driver.

[coderabbitai]

Walkthrough

Adds a Gulp task that rewrites ../../package.json references to package.json and includes it in the package sequence; enables TypeScript JSON imports; reads dependency versions from local package.json in InitCommand; adds @google-cloud/spanner as a devDependency.

Changes

Cohort / File(s)	Summary
Build & Tooling gulpfile.ts, tsconfig.json, package.json	Adds public gulp task movePackageJsonReferenceLevelUp and inserts it after packageCopyShims in the packaging sequence; enables resolveJsonModule in TS config; adds devDependency @google-cloud/spanner.
Command Logic src/commands/InitCommand.ts	Imports local package.json (via resolveJsonModule) and replaces hardcoded dependency and devDependency version strings with values read from that file (TypeScript tooling, reflect-metadata, TypeORM, DB drivers, docker-related deps).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev
  participant Gulp as Gulp Tasks
  participant Pkg as Packaging Pipeline
  participant FS as File System

  Dev->>Gulp: run package
  Gulp->>Pkg: execute sequence
  Pkg->>Pkg: packageCopyShims
  Note over Pkg: New step
  Pkg->>FS: movePackageJsonReferenceLevelUp<br/>(rewrite ../../package.json -> package.json)
  Pkg->>Pkg: remaining packaging steps
  Pkg-->>Dev: packaged output

Loading

sequenceDiagram
  autonumber
  participant User as CLI User
  participant Init as InitCommand
  participant JSON as local package.json

  User->>Init: run init
  Init->>JSON: import versions (requires resolveJsonModule)
  Note over Init,JSON: Use local dependency versions for generated files
  Init->>Init: build dependency maps (TypeScript, reflect-metadata, TypeORM, DB drivers)
  Init-->>User: initialized project files with synced versions

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

A rabbit nudges paths to make them right,
Lifts package.json up into the light.
It reads our versions from a JSON bed,
Aligns the tools, then twitches its head.
Hop—builds and inits purr soft and tight. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit's high-level summary is enabled.
Title Check	✅ Passed	The title clearly and concisely describes the primary feature of the PR—updating the CLI init command to source dependency versions from the project’s own package.json—and follows conventional commit style without extraneous detail.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cf1b15d and b2a6079.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

typeorm-sql-js-example

npm i https://pkg.pr.new/typeorm/typeorm@11705

commit: b2a6079

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

gulpfile.ts (1)

229-237: LGTM with minor suggestion for comment clarity.

The regex pattern correctly transforms ../../package.json to ../package.json, which is the correct relative path from build/package/commands/InitCommand.js to build/package/package.json in the published package structure.

Consider clarifying the comment to better describe the transformation:

-    /**
-     * Move reference to package.json one level up
-     */
+    /**
+     * Adjusts package.json import path for the packaged structure.
+     * Transforms "../../package.json" to "../package.json" in compiled InitCommand.
+     */

Additionally, verify that no other commands import package.json:

#!/bin/bash
# Check for other imports of package.json in commands directory
rg -n --type=ts 'from.*package\.json' src/commands/

src/commands/InitCommand.ts (3)

9-9: LGTM with recommendations for robustness.

The import correctly sources dependency versions from the local package.json, centralizing version management as intended.

Consider adding validation to ensure required properties exist, preventing silent failures if package.json structure changes:

 import ourPackageJson from "../../package.json"
+
+// Validate required package.json properties
+const requiredDevDeps = ["@types/node", "ts-node", "typescript", "mysql2", "pg", "sqlite3", "better-sqlite3", "oracledb", "mssql", "mongodb", "@google-cloud/spanner"];
+const requiredDeps = ["reflect-metadata"];
+const missingDevDeps = requiredDevDeps.filter(dep => !ourPackageJson.devDependencies?.[dep]);
+const missingDeps = requiredDeps.filter(dep => !ourPackageJson.dependencies?.[dep]);
+if (missingDevDeps.length > 0 || missingDeps.length > 0) {
+    throw new TypeORMError(
+        `Missing required dependencies in package.json: ${[...missingDevDeps, ...missingDeps].join(", ")}`
+    );
+}

---

685-687: Consider consistent property access notation.

The code mixes bracket notation (ourPackageJson.devDependencies["@types/node"]) and dot notation (ourPackageJson.devDependencies.typescript). While both are valid, bracket notation is safer for keys with special characters and provides consistency.

Apply this diff for consistency:

         packageJson.devDependencies = {
-            "@types/node": ourPackageJson.devDependencies["@types/node"],
-            "ts-node": ourPackageJson.devDependencies["ts-node"],
-            typescript: ourPackageJson.devDependencies.typescript,
+            "@types/node": ourPackageJson.devDependencies["@types/node"],
+            "ts-node": ourPackageJson.devDependencies["ts-node"],
+            typescript: ourPackageJson.devDependencies["typescript"],
             ...packageJson.devDependencies,
         }

---

701-732: LGTM with validation recommendation.

Database driver versions are correctly sourced from ourPackageJson.devDependencies, including the newly added @google-cloud/spanner.

To prevent silent failures if a driver dependency is missing from package.json, consider the validation suggested in the earlier comment on line 9.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2446bd0 and cf1b15d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• gulpfile.ts (2 hunks)
• package.json (1 hunks)
• src/commands/InitCommand.ts (2 hunks)
• tsconfig.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: tests-linux (20) / better-sqlite3
• GitHub Check: tests-linux (20) / sqljs
• GitHub Check: tests-linux (20) / mysql_mariadb_latest
• GitHub Check: tests-linux (20) / mysql_mariadb
• GitHub Check: tests-linux (20) / sap
• GitHub Check: tests-linux (18) / sap
• GitHub Check: tests-linux (18) / sqljs
• GitHub Check: tests-linux (18) / mysql_mariadb_latest
• GitHub Check: tests-linux (18) / postgres (14)
• GitHub Check: tests-linux (18) / better-sqlite3
• GitHub Check: tests-linux (18) / sqlite
• GitHub Check: tests-linux (18) / postgres (17)
• GitHub Check: tests-linux (18) / mysql_mariadb
• GitHub Check: tests-linux (18) / mssql
• GitHub Check: tests-linux (18) / oracle
• GitHub Check: tests-linux (18) / mongodb
• GitHub Check: tests-windows / sqljs
• GitHub Check: tests-windows / sqlite
• GitHub Check: tests-windows / better-sqlite3
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

tsconfig.json (1)

17-17: LGTM!

Enabling resolveJsonModule is necessary to support importing package.json as a module in InitCommand.ts. The change is correct and minimal.

src/commands/InitCommand.ts (1)

694-695: LGTM!

Sourcing reflect-metadata and the TypeORM version from ourPackageJson correctly centralizes version management.

gulpfile.ts (1)

256-257: Ensure movePackageJsonReferenceLevelUp runs after packageMoveCompiledFiles
The task is currently grouped in the final parallel array with packageCopyShims, so it may execute before compiled files are moved. Confirm that nested arrays map to parallel execution in your gulp sequence API and, if so, relocate movePackageJsonReferenceLevelUp to its own step immediately after packageMoveCompiledFiles.

[coveralls]

coverage: 76.433% (+0.002%) from 76.431%
when pulling b2a6079 on pkuczynski:feat/init-versions
into 2446bd0 on typeorm:master.

[gioboa]

Thanks, great idea 💡

[naorpeled]

LGTM 🔥