chore: housekeeping, bump all (dev) deps

[JounQin]

Summary by CodeRabbit

• Documentation

  • Updated README to include new badges and a Benchmark section that highlights improved performance metrics.

• New Features

  • Introduced automated workflows for code formatting, package publishing, package size reporting, and autofixing.
  • Added support for global variables and coverage reporting in the testing configuration.
  • Implemented a new configuration file for Yarn package management.
  • Added a new line in the .gitattributes file to suppress diff output for the yarn.lock file.

• Refactor

  • Transitioned package management from pnpm to Yarn and restructured export definitions, enhancing dependency handling and build stability.
  • Enhanced JSON processing function naming conventions for clarity and consistency.
  • Streamlined benchmarking setup and improved error handling in WebAssembly context.
  • Improved TypeScript configuration for better module resolution and type clarity.
  • Updated ESLint configuration to customize ignore rules while maintaining foundational settings.

• Bug Fixes

  • Removed ESLint disable comments to clean up code and enhance clarity.
  • Fixed incorrect typing for the cjs entry.

• Chores

  • Bumped dependencies for mvdan/sh and easyjson.
  • Upgraded the Go programming language to version v1.23.

[changeset-bot]

🦋 Changeset detected

Latest commit: f1f19f6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
sh-syntax	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This pull request applies widespread adjustments across configuration files, workflows, source code, and benchmarks. Repository references and package settings have been updated, including a migration from pnpm to Yarn. Multiple GitHub Actions workflows are added or modified to automate tasks such as autofixing, publishing, and size reporting. Legacy linting and npm configuration files have been removed in favor of newer setups, and benchmark results along with JSON processing function names have been updated. Testing, TypeScript, and Go/WebAssembly runtime configurations have been refined with minor code and comment improvements.

Changes

File(s)	Change Summary
.changeset/config.json, package.json, README.md, go.mod, index.d.cts	Updated repository references, author/funding URLs, dependency versions, export structures, added Benchmark section, and bumped Go version/dependency revisions.
.editorconfig, .gitignore, .prettierignore	Removed extra spaces in editor settings, added Yarn-specific ignore rules, and updated ignore patterns (e.g. no longer ignoring pnpm-lock).
.eslintignore, .eslintrc, eslint.config.js	Removed legacy ESLint configuration files and introduced a new ESLint config extending @1stg/eslint-config with custom ignore rules.
.lintstagedrc.cjs, .lintstagedrc.js, .simple-git-hooks.cjs, .simple-git-hooks.js	Deleted old lint-staged and simple-git-hooks configs; added new files that export settings from @1stg/lint-staged/tsc and @1stg/simple-git-hooks respectively.
.npmrc, .yarnrc.yml	Removed the npm configuration file; added a new Yarn configuration file with telemetry disabled, node-modules linker, plugin and yarnPath settings.
.github/workflows/* (autofix.yml, ci.yml, codeql.yml, pkg-pr-new.yml, pkg-size.yml, release.yml, size-limit.yml)	Added new workflows (autofix, pkg-pr-new, pkg-size) and updated CI/release workflows to use Yarn instead of pnpm, new concurrency settings, Node version updates, and caching adjustments; removed the CodeQL workflow.
benchmark/benchmark.txt, benchmark/index.js	Updated benchmark performance metrics and reformatted benchmarking calls using a consolidated summary function and baseline chaining.
processor/structs_easyjson.go	Renamed JSON encode/decode functions from RxTsSh* to UnTsSh* across multiple data types.
src/index.ts, src/processor.ts, src/shim.ts	Added an import for getProcessor, updated type-only import syntax in processor, and refined TS error suppression comments in shim.
test/basic.spec.ts, test/fixtures.spec.ts, test/global.d.ts, vitest.config.ts	Removed explicit Vitest imports from tests, added a global Vitest type reference, and enabled globals and coverage reporting in the Vitest config.
tsconfig.json	Changed base configuration from @1stg/tsconfig/lib.json to @1stg/tsconfig/node16, replaced baseUrl with rootDir, updated module paths, and removed exclusion for lib.
vendors/wasm_exec.cjs, vendors/wasm_exec.d.cts	Modified exit handling and asynchronous scheduling in the Go/WebAssembly runtime; removed extraneous ESLint directive comments in the TypeScript definitions.

Sequence Diagram(s)

sequenceDiagram
  participant GH as GitHub Event
  participant WF as Autofix Workflow
  participant CO as Checkout Action
  participant ND as Node.js Setup
  participant YI as Yarn Install
  participant CF as Code Formatter
  participant AF as Autofix Action

  GH->>WF: PR opened/reopened/synchronized
  WF->>CO: Checkout repository
  CO-->>WF: Repository code ready
  WF->>ND: Set up Node.js LTS environment
  ND-->>WF: Node environment ready
  WF->>YI: Run "yarn --immutable" to install dependencies
  YI-->>WF: Dependencies installed
  WF->>CF: Execute build & format commands
  CF-->>WF: Code formatted
  WF->>AF: Apply autofix (with fail-fast: false)
  AF-->>WF: Autofix completed

Loading

Possibly related PRs

• chore: housekeeping, bump all (dev) deps #97: The changes in the main PR are directly related to those in the retrieved PR, as both modify the repository reference in the .changeset/config.json file from "repo": "rx-ts/sh-syntax" to "repo": "un-ts/sh-syntax".

Poem

I'm a bunny hopping through each line,
Updating configs, oh so fine.
Workflows spring to life with every commit,
Code and benchmarks now perfectly fit.
I twirl through changes with a joyful leap,
Celebrating refinements that run so deep.
Hop on, code friends—let's watch our project shine! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb948c3 and f1f19f6.

📒 Files selected for processing (2)

• .changeset/short-seahorses-look.md (1 hunks)
• .changeset/tough-spies-join.md (1 hunks)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[Copilot]

Copilot reviewed 37 out of 44 changed files in this pull request and generated no comments.

Files not reviewed (7)

• .changeset/config.json: Language not supported
• .eslintignore: Language not supported
• .eslintrc: Language not supported
• .gitattributes: Language not supported
• .github/workflows/codeql.yml: Language not supported
• .npmrc: Language not supported
• .prettierignore: Language not supported

Comments suppressed due to low confidence (2)

.yarn/plugins/plugin-prepare-lifecycle.cjs:1

• [nitpick] Consider formatting the code for better readability. Splitting it into multiple lines with proper indentation will improve maintainability.

module.exports={name:"plugin-prepare-lifecycle",factory:e=>({hooks:{afterAllInstalled(r){if(!r.topLevelWorkspace.manifest.scripts.get("prepare"))return;e("@yarnpkg/shell").execute("yarn prepare")}}})};

.github/workflows/ci.yml:39

• Verify that 'yarn run-s' is defined in your scripts or as an alias, since it is not standard Yarn behavior and could lead to runtime errors if undefined.

run: yarn run-s build lint test typecov

[github-actions]

size-limit report 📦

Path	Size
lib/browser.js	121 B (0%)
lib/index.js	387 B (0%)

[socket-security]

Report too large to display inline

View full report↗︎

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/sh-syntax@97

commit: f1f19f6

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

src/index.ts (1)

13-13: 💡 Verification agent

🧩 Analysis chain

Address ESBuild compatibility warning for import.meta

There's a pipeline warning about import.meta not being available in the configured ES2015 target environment. This could cause issues at runtime in environments that don't support this feature.

---

🏁 Script executed:

#!/bin/bash
# Check which TypeScript target is configured
grep -r "target" tsconfig*.json
# Also check for any potential polyfills or workarounds for import.meta
grep -r "import.meta" --include="*.ts" --include="*.js" .

Length of output: 401

---

ESBuild Compatibility: Update Target for import.meta Support

The pipeline warning appears because the code uses import.meta.url (as seen in src/index.ts and other parts of the codebase) while the TypeScript target is configured to ES2015. ES2015 doesn’t fully support import.meta, which can lead to runtime issues in environments without native ESM support. To resolve this:

• Update the build configuration: Consider updating the target in your tsconfig.json (or adjusting your ESBuild configuration) to ES2020/ESNext where import.meta is fully supported.
• Provide documentation or a polyfill: If you need to maintain compatibility with older environments, add a polyfill or clear documentation regarding the expected runtime environment.

This change should eliminate the ESBuild warning and ensure consistent behavior at runtime.

🧰 Tools

🪛 GitHub Actions: CI

[warning] 13-13: "import.meta" is not available in the configured target environment ("es2015") and will be empty

♻️ Duplicate comments (2)

.github/workflows/pkg-pr-new.yml (1)

15-29: Workflow Steps and Missing Permissions

All steps (checkout, Node.js setup, dependency installation, and publish command) are configured consistently with other workflows. However, similar to previous reviews, this workflow does not set an explicit permissions block. For improved security, please consider adding a minimal permissions section.

.github/workflows/autofix.yml (1)

14-37: Autofix Steps and Missing Permissions

The workflow steps—from checkout to code formatting and applying autofix—are well organized and consistent with other workflows. Note, however, that no explicit permissions are set for this workflow. For enhanced security, consider adding a minimal permissions block as noted in previous reviews.

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 16-36: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

🧹 Nitpick comments (6)

tsconfig.json (1)

2-2: Update extends to Node16 Configuration
The "extends" property has been updated from "@1stg/tsconfig/lib.json" to "@1stg/tsconfig/node16". This indicates a switch to a configuration tailored for Node16. Please verify that all compiler settings and features provided by the new base configuration align with your project’s needs.

src/processor.ts (1)

47-47: Clean Up Unnecessary ESLint Overrides
Removal of outdated ESLint disable comments (e.g., for sonarjs/cognitive-complexity and no-void) contributes to a cleaner codebase. This encourages adherence to ESLint recommendations where applicable.

.github/workflows/pkg-size.yml (1)

12-23: Set Workflow Permissions
Static analysis warns that explicit permissions are not set for this workflow. Consider adding a permissions block to restrict the scope of the GITHUB_TOKEN for enhanced security. For example:

permissions:
  contents: read

This is optional but recommended for tightening security policies.

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 12-23: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

benchmark/benchmark.txt (1)

9-9: Grammar Note on Data Range

Static analysis flagged a potential grammar issue on line 9 regarding the noun following “711.16 kb”. Please double-check that the singular/plural usage here is intentional and correct (e.g., “kb” vs. “kbs” if needed).

🧰 Tools

🪛 LanguageTool

[grammar] ~9-~9: Make sure that the singular noun after the number ‘711.16’ is correct.
Context: ... (601.05 kb … 711.16 kb) 641.13 kb █▁▁██▁▁▁█▁▁██▁█▁▁▁▁██ ...

(CD_POINT_CD_NN)

vendors/wasm_exec.cjs (1)

308-321: Finalizing references
Decrementing _goRefCounts[id] and cleaning up _values[id] & _ids helps manage memory. The console warning for unknown IDs is valuable for debugging. However, consider verifying in tests that references are fully dropped when expected.

package.json (1)

50-63: Scripts reorganization
Consolidating build steps (build:*), introducing build:tsc, and adding new commands (easyjson, format) is logical. Just confirm that your new and renamed scripts (e.g., build:r) are needed and documented for team usage.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6c5f0bf and 782cc64.

⛔ Files ignored due to path filters (7)

• .yarn/plugins/plugin-prepare-lifecycle.cjs is excluded by !**/.yarn/**
• .yarn/releases/yarn-4.8.1.cjs is excluded by !**/.yarn/**
• go.sum is excluded by !**/*.sum
• main.wasm is excluded by !**/*.wasm
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• test/__snapshots__/fixtures.spec.ts.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (38)

• .changeset/config.json (1 hunks)
• .editorconfig (1 hunks)
• .eslintignore (0 hunks)
• .eslintrc (0 hunks)
• .gitattributes (1 hunks)
• .github/workflows/autofix.yml (1 hunks)
• .github/workflows/ci.yml (2 hunks)
• .github/workflows/codeql.yml (0 hunks)
• .github/workflows/pkg-pr-new.yml (1 hunks)
• .github/workflows/pkg-size.yml (1 hunks)
• .github/workflows/release.yml (2 hunks)
• .github/workflows/size-limit.yml (1 hunks)
• .gitignore (1 hunks)
• .lintstagedrc.cjs (0 hunks)
• .lintstagedrc.js (1 hunks)
• .npmrc (0 hunks)
• .prettierignore (1 hunks)
• .simple-git-hooks.cjs (0 hunks)
• .simple-git-hooks.js (1 hunks)
• .yarnrc.yml (1 hunks)
• README.md (4 hunks)
• benchmark/benchmark.txt (1 hunks)
• benchmark/index.js (2 hunks)
• eslint.config.js (1 hunks)
• go.mod (1 hunks)
• index.d.cts (1 hunks)
• package.json (1 hunks)
• processor/structs_easyjson.go (21 hunks)
• src/index.ts (1 hunks)
• src/processor.ts (3 hunks)
• src/shim.ts (1 hunks)
• test/basic.spec.ts (0 hunks)
• test/fixtures.spec.ts (0 hunks)
• test/global.d.ts (1 hunks)
• tsconfig.json (1 hunks)
• vendors/wasm_exec.cjs (5 hunks)
• vendors/wasm_exec.d.cts (0 hunks)
• vitest.config.ts (1 hunks)

💤 Files with no reviewable changes (9)

• .github/workflows/codeql.yml
• test/basic.spec.ts
• test/fixtures.spec.ts
• .eslintignore
• .simple-git-hooks.cjs
• .eslintrc
• vendors/wasm_exec.d.cts
• .npmrc
• .lintstagedrc.cjs

🧰 Additional context used

🧬 Code Definitions (2)

benchmark/index.js (1)

src/index.ts (1)

• print (25-38)

processor/structs_easyjson.go (3)

src/types.ts (8)

• Word (56-59)
• Stmt (75-84)
• Redirect (67-73)
• Pos (41-45)
• Node (47-50)
• Lit (61-65)
• File (86-89)
• Comment (52-54)

processor/structs.go (10)

• Word (25-30)
• Stmt (50-61)
• Result (76-81)
• Redirect (40-48)
• Pos (7-11)
• ParseError (71-74)
• Node (13-16)
• Lit (32-38)
• File (63-69)
• Comment (18-23)

src/processor.ts (1)

• ParseError (8-25)

🪛 GitHub Actions: CI

src/index.ts

[warning] 13-13: "import.meta" is not available in the configured target environment ("es2015") and will be empty

🪛 GitHub Check: CodeQL

.github/workflows/pkg-size.yml

[warning] 12-23: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

.github/workflows/pkg-pr-new.yml

[warning] 12-28: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

.github/workflows/autofix.yml

[warning] 16-36: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

🪛 LanguageTool

README.md

[style] ~130-~130: Using many exclamation marks might seem excessive (in this case: 13 exclamation marks for a text that’s 3731 characters long)
Context: ...----------------------------------- | | | | [![UnTS Open Collective backers](https://o...

(EN_EXCESSIVE_EXCLAMATION)

benchmark/benchmark.txt

[grammar] ~9-~9: Make sure that the singular noun after the number ‘711.16’ is correct.
Context: ... (601.05 kb … 711.16 kb) 641.13 kb █▁▁██▁▁▁█▁▁██▁█▁▁▁▁██ ...

(CD_POINT_CD_NN)

🔇 Additional comments (73)

.simple-git-hooks.js (1)

1-1: Concise Re-export Declaration

The file correctly re-exports the default export from @1stg/simple-git-hooks using ES6 module syntax. This approach is clean and aligns with modern JavaScript module best practices. Ensure that the package @1stg/simple-git-hooks is properly listed in your dependencies so that the export functions as intended.

eslint.config.js (1)

1-8: Modern ESLint configuration approach looks good!

The transition to the flat config format (eslint.config.js) from the legacy .eslintrc and .eslintignore files aligns with ESLint's recommended practices. The approach of extending a base configuration and adding project-specific ignores is clean and maintainable.

Since this change removes the previous .eslintignore file which also ignored the coverage directory and .cjs files within vendors, please verify that these patterns are either:

1. Already covered by the @1stg/eslint-config base configuration, or
2. No longer needed to be ignored in your project

Similarly, check that any Jest-specific rules from the previous .eslintrc are included in the base configuration if still required.

.gitattributes (1)

2-2: Review: Suppress Diff for Yarn Lock File
Adding yarn.lock -diff ensures that changes to the Yarn lock file do not clutter diffs. This is a good housekeeping practice when using Yarn as the package manager.

.lintstagedrc.js (1)

1-1: LGTM: Modern Lint-Staged Configuration
The file correctly re-exports the default configuration from @1stg/lint-staged/tsc, aligning with the project's migration to a modern linting setup.

.prettierignore (2)

1-1: Review: Exclude .yarn Directory from Prettier
Including .yarn in the ignore list prevents Prettier from formatting generated files, which is appropriate given the switch to Yarn.

---

4-4: *Review: Ignore .mod Files
Adding *.mod helps in excluding module files (or similar artifacts) from being formatted, which is consistent with the project's updated configuration.

.gitignore (1)

6-8: Review: Yarn Directory Rules in .gitignore
The rules added at lines 6–8 correctly ignore all files in the .yarn directory while tracking essential subdirectories (plugins and releases). This selective ignore strategy is well-suited for Yarn-managed projects.

go.mod (2)

3-3: Review: Bump Go Version
Updating the Go version to 1.23 ensures the project leverages the latest language features and improvements.

---

6-7: Review: Update Dependency Versions
The dependency upgrades for github.com/mailru/easyjson (to v0.9.0) and mvdan.cc/sh/v3 (to v3.11.0) seem suitable for maintaining compatibility with the project's code. Please double-check downstream usage for any potential breaking changes.

tsconfig.json (2)

4-4: Replace baseUrl with rootDir
Switching from "baseUrl": "." to "rootDir": "." ensures that the TypeScript compiler uses the project root for module resolution. Double-check that all module paths are still resolved correctly after this change.

---

6-6: Clarify the sh-syntax Path
Updating the path from "src" to "./src" makes the reference explicitly relative to the current directory. Confirm that this change reflects the actual project structure and that there are no side effects on module imports.

processor/structs_easyjson.go (1)

20-1167: Consistent Renaming in EasyJSON Functions
All auto-generated easyjson functions have been renamed to replace the prefix "RxTsSh" with "UnTsSh" across all data types (Word, Stmt, Result, Redirect, Pos, ParseError, Node, Lit, File, and Comment). This renaming does not change the functionality but is critical for namespace consistency. Please ensure that every reference—both in this file and in any other module that calls these functions—has been updated accordingly. Running comprehensive JSON serialization/deserialization tests is recommended to prevent potential regressions.

test/global.d.ts (1)

1-1: Add Vitest Global Types Reference
Introducing /// <reference types="vitest/globals" /> enhances type checking and autocompletion for tests written using Vitest. Ensure that this global inclusion integrates well with your existing test configuration and does not conflict with other global type declarations.

index.d.cts (1)

1-3: Set Up TypeScript Declaration File
This new file imports all exports from ./lib/index.js under the alias shSyntax and re-exports it as the default export. This approach aligns with the new "types" field in package.json, providing a clear entry point for TypeScript consumers.

.changeset/config.json (1)

6-6: Update Repository Reference in Changeset Config
The repository reference in the changelog configuration has been updated to "un-ts/sh-syntax", reflecting the new repository name/ownership. Please verify that this change is consistent with all documentation and configuration files (including package.json and README.md).

src/index.ts (1)

7-8: Imported getProcessor function from processor.js

The import of the getProcessor function is now properly added, which is being used on line 16. This import aligns with the refactoring mentioned in the PR objectives for housekeeping.

.editorconfig (1)

1-10: Editor config formatting standardized

The spaces around equal signs have been removed in the EditorConfig file, making it more consistent with standard EditorConfig formatting. This is a harmless stylistic change that improves consistency.

vitest.config.ts (2)

12-12: Added globals support to Vitest configuration

Enabling globals for Vitest is a good addition as it allows using testing functions like describe, it, and expect without explicit imports, making test files cleaner and more concise.

---

14-14: Activated code coverage reporting

Enabling coverage reporting is beneficial for tracking test coverage metrics. This will help maintain and improve test quality over time.

.yarnrc.yml (4)

1-2: Disabled telemetry in Yarn configuration

Disabling telemetry is a good privacy practice and aligns with modern development standards for respecting user privacy.

---

3-4: Configured node-modules linker

Using the node-modules nodeLinker setting ensures compatibility with tools that expect the traditional node_modules directory structure.

---

5-8: Added prepare-lifecycle plugin

The prepare-lifecycle plugin is being added with proper checksum verification, which is a security best practice. This plugin likely helps with package lifecycle scripts execution.

---

10-10: Pinned Yarn version

Pinning the Yarn version to 4.8.1 ensures build reproducibility across different environments, which is a good practice for dependency management.

src/shim.ts (2)

12-15: Clarify TypeScript Error Suppression for Crypto
The updated comment now reads “@ts-expect-error -- incompatible types” which clearly explains why the TS error is suppressed when assigning getRandomValues. This added clarity helps future maintainers quickly grasp the rationale behind the override.

---

18-21: Clarify TypeScript Error Suppression for Performance
Similarly, the comment for globalThis.performance now includes “-- incompatible types” to document the discrepancy between expected and actual types. This improves contextual documentation without altering functionality.

src/processor.ts (1)

1-6: Improve TypeScript Type Imports
By prefixing imported interfaces with the type keyword, the code now clearly distinguishes type-only imports. This not only optimizes bundle size but also enhances clarity during type checking.

.github/workflows/ci.yml (7)

7-10: Implement Concurrency Control
Adding the concurrency group (with cancellation of in-progress runs) prevents overlapping CI jobs and efficiently utilizes CI resources.

---

16-19: Expand Node.js Version Support
Extending the Node.js matrix to include version 22 ensures that the CI tests the project against a more modern runtime, which is a positive step for compatibility and future-proofing.

---

29-33: Transition to Yarn Package Manager
The configuration now caches using Yarn and updates the Node.js setup accordingly. This is consistent with the broader migration from pnpm to Yarn and should enhance dependency installation speed and stability.

---

35-37: Update Dependency Installation Command
Using yarn --immutable enforces the strict dependency tree defined in your lockfile. This change reduces the risk of unintended dependency changes during CI runs.

---

38-42: Consolidate Build, Lint, and Test Commands
Using yarn run-s to run build, lint, and test tasks in a single step streamlines the workflow. It’s a helpful housekeeping update that keeps the CI configuration neat.

---

46-50: Upgrade Codecov Action
Upgrading the Codecov action to v5 leverages the latest improvements for better performance and integration. Please verify that the token configuration continues to work as intended.

---

51-55: Integrate Codacy Coverage Reporter
Introducing the Codacy coverage reporter step expands your code quality feedback. Make sure that the CODACY_API_TOKEN secret is properly configured in your repository settings.

.github/workflows/pkg-size.yml (3)

1-9: Add New Package Size Report Workflow
This new workflow is a valuable addition for monitoring package size. The defined concurrency settings will help avoid redundant runs on pull requests.

---

15-17: Stable Checkout Action Reference
Using a specific commit hash for the checkout action ensures reproducibility. Verify that this version adheres to current security and compatibility standards.

---

19-23: Automate Package Size Reporting
Integrating the pkg-size/action enables automated feedback on package size. The inclusion of continue-on-error is pragmatic, ensuring that non-critical failures do not block the workflow.

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 12-23: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

README.md (3)

3-7: Add CodeRabbit Pull Request Reviews Badge
The new badge for CodeRabbit PR reviews offers additional insight into pull request activity. It’s a neat visual addition that supports transparency in code review processes.

---

81-115: Introduce Benchmark Section
Adding a dedicated benchmark section that compares runtime metrics enhances your documentation by providing performance insights. Ensure that these metrics are periodically updated as performance optimizations continue.

---

120-131: Refine Sponsors and Backers Sections
The updates in the sponsors and backers sections streamline acknowledgment and maintain consistency in presentation. A brief review of the URLs and image links would ensure all resources are current.

🧰 Tools

🪛 LanguageTool

[style] ~130-~130: Using many exclamation marks might seem excessive (in this case: 13 exclamation marks for a text that’s 3731 characters long)
Context: ...----------------------------------- | | | | [![UnTS Open Collective backers](https://o...

(EN_EXCESSIVE_EXCLAMATION)

.github/workflows/size-limit.yml (4)

8-11: Concurrency Block Added

The new concurrency settings will help prevent overlapping runs on the same ref. Please verify that canceling in-progress jobs aligns with the intended CI/CD flow.

---

19-22: Updated Node.js Setup Step

The workflow now uses actions/setup-node@v4 with caching set to Yarn, which is consistent with the overall shift to Yarn. Ensure that the LTS version and caching strategy work across all environments.

---

24-25: Dependency Installation Adjustment

Switching to yarn --immutable helps guarantee lockfile consistency. This change looks good; just double-check that all dependent workflows use the same installation method.

---

27-32: Size Limit Check Step Update

The revised step now calls the andresz1/size-limit-action at a specific commit and uses yarn size-limit --json instead of pnpm. This update supports the migration to Yarn. Verify that the chosen commit for the action meets your CI/CD security and compatibility requirements.

.github/workflows/pkg-pr-new.yml (1)

1-9: New Workflow with Concurrency Settings

The new pkg-pr-new workflow correctly defines concurrency to cancel in-progress runs for the same ref. This aligns with the broader changes across workflows.

.github/workflows/release.yml (5)

8-11: Concurrency Configuration

The added concurrency section for the release workflow ensures that only one run per ref is active at a time. This update is in line with the overall CI/CD improvements.

---

12-16: Permissions Block Introduced

The workflow now explicitly grants contents, id-token, and pull-requests write permissions. This improvement enhances security and proper access control for release operations.

---

27-29: Setup Yarn Step for Releases

Switching to yarn/action-setup@v2 standardizes package management across workflows. Confirm that this action’s behavior integrates smoothly with other Node.js setup steps in your CI/CD pipeline.

---

34-37: Caching and Dependency Installation Updates

Using cache: yarn in the Node.js setup and yarn --immutable for dependency installation are consistent updates. These changes should improve build reproducibility.

---

39-49: Updated Publish Step

The publish step now uses publish: yarn release along with the NPM_CONFIG_PROVENANCE environment variable. This aligns with the move to Yarn for release actions. Double-check that these changes meet your release process requirements.

.github/workflows/autofix.yml (2)

1-2: Workflow Naming for Security

Naming the workflow as “autofix.ci” explicitly meets security recommendations. This is a good practice.

---

10-12: Concurrency in Autofix Workflow

The concurrency block here prevents simultaneous runs on the same PR reference, which is beneficial.

benchmark/benchmark.txt (5)

1-3: Updated Environment Details

The header now reflects the updated clock speed and runtime (Node v18.20.8 on arm64-darwin). Ensure that these details are accurate and consistent with your benchmarking environment.

---

5-11: Refined Benchmark Metrics for sh-syntax

The benchmark table for sh-syntax has been recalibrated with improved timings. Verify that these new numbers correctly capture the performance improvements.

🧰 Tools

🪛 LanguageTool

[grammar] ~9-~9: Make sure that the singular noun after the number ‘711.16’ is correct.
Context: ... (601.05 kb … 711.16 kb) 641.13 kb █▁▁██▁▁▁█▁▁██▁█▁▁▁▁██ ...

(CD_POINT_CD_NN)

---

13-17: Updated Metrics for sh-syntax (synckit)

The updated benchmark metrics for sh-syntax (synckit) indicate performance changes in iteration time, memory usage, and IPC. Confirm that these results are reproducible and accurately reported.

---

19-23: Revised Benchmark Numbers for mvdan-sh

The mvdan-sh benchmarks now show an increased average iteration time and memory usage. Ensure that this regression (if any) is expected or if further optimization is needed.

---

25-29: Updated Summary Comparison

The summary now reports that sh-syntax is “2.11x faster than mvdan-sh,” reflecting significant performance improvement. Please verify that these summary figures are consistent with the detailed metrics above.

benchmark/index.js (3)

8-8: New import from 'mitata'
The addition of bench, run, and summary from mitata provides a concise interface for organizing and running benchmarks. No issues noted here.

---

61-84: Consolidated benchmark summary
Wrapping the benchmarks inside summary(() => { ... }) is a neat pattern in mitata for generating a consolidated summary. The usage of .baseline() on "sh-syntax" and separate bench calls for "sh-syntax (synckit)" and "mvdan-sh" appears correct, with no immediate concerns.

---

59-60:

Details

✅ Verification successful

Synchronous worker creation
Using createSyncFn(new URL('worker.mjs', import.meta.url)) is a clean approach to spawn a synchronous function call for benchmarking. However, ensure that the worker.mjs path and file are included in distributions.

---

🏁 Script executed:

#!/bin/bash
# Verify worker.mjs is present in the final build artifacts or distribution files.
fd "worker.mjs" --type f

Length of output: 45

---

Synchronous Worker Creation Verified
The use of createSyncFn(new URL('worker.mjs', import.meta.url)) in benchmark/index.js is confirmed to be correct. Verification shows that worker.mjs is properly included (located at benchmark/worker.mjs) in the distribution.

vendors/wasm_exec.cjs (6)

1-1: File reference
A remark clarifying that this file is modified from TinyGo’s original wasm_exec.js is helpful for maintainers. No issue found with this reference.

---

137-137: Dedicated wasmExit sentinel
Introducing const wasmExit = {}; as a special object to signal a non-error exit is a good strategy to distinguish normal exits from thrown exceptions.

---

276-281: Refined proc_exit implementation
The new structure sets this.exited, this.exitCode, resolves the exit promise, and throws wasmExit. This approach is a clean solution for controlling exit flow without forcibly terminating the process (e.g. process.exit in Node).

---

296-303: Delayed scheduler invocation
The setTimeout approach in runtime.sleepTicks ensures the function reactivates the scheduler upon timeout, gracefully catching wasmExit. Implementation appears correct.

---

487-505: Async exit promise
Introducing an exit promise (_resolveExitPromise) in _start is an elegant pattern to await the program’s end without blocking. This change improves control flow and user experience in asynchronous contexts.

---

513-517: Wasm exit handling in _resume()
Catching wasmExit in _resume() aligns with the pattern established in proc_exit. No critical issues here.

package.json (8)

6-8: Repository, author, and funding updates
Changing the repository URL, author info, and funding link is straightforward metadata housekeeping. Looks consistent with your rebranding efforts.

---

10-10: Updated package manager
Switching to yarn@4.8.1 is fine; verify that instructions in documentation and CI workflows reflect Yarn usage where appropriate.

Would you like me to generate a script to confirm that Yarn is properly configured in your CI workflow files?

---

19-34: Expanded exports structure
Providing "browser", "import", "module-sync", and "require" named export conditions is a robust approach for different environments. The typed references for each condition ensure correct TypeScript declarations. Good job.

---

42-42: Including index.d.cts in the package
Adding "index.d.cts" to files ensures that the type definitions accompany the package distribution. This step aligns well with the new types field.

---

65-65: Bumping tslib version
Upgrading to ^2.8.1 is standard. No immediate concerns.

---

96-99: New resolutions
Pinning versions for es5-ext, prettier, and sh-syntax can help avoid unexpected breakage in nested dependencies. Periodically review these resolutions in case upstream updates address the underlying issues.

---

15-15:

Details

✅ Verification successful

New ‘types’ field for TypeScript
Pointing "types": "./index.d.cts" ensures TypeScript users get type definitions. Confirm that index.d.cts is correctly generated and included in your publication flow.

---

🏁 Script executed:

#!/bin/bash
# Check for existence of index.d.cts
fd "index.d.cts" --type f

Length of output: 37

---

Verified: TypeScript types file confirmed

The new "types": "./index.d.cts" field in your package.json correctly points to the type definitions, and the index.d.cts file was located in the repository. Please ensure that this file is properly included in your publication/build process so that TypeScript consumers receive the complete type information.

---

68-95:

Details

❓ Verification inconclusive

Extended devDependencies
Multiple new devDependencies like @1stg/common-config, eslint, lint-staged, etc. appear consistent with modern JavaScript/TypeScript tooling. Just ensure no duplicates or version conflicts.

---

🏁 Script executed:

#!/bin/bash
# Check for potential dependency duplication among devDependencies
yarn-berry-deduplicate --check

Length of output: 145

---

Dependency Duplication Check: Command Missing

The intended check using yarn-berry-deduplicate --check did not execute because the command wasn’t found. This suggests that either the deduplication tool isn’t installed or isn’t available in the current PATH. Please ensure one of the following:

• Install and configure yarn-berry-deduplicate if you want to automate duplication checks.
• Alternatively, perform a manual verification to confirm there are no duplicate dependencies or version conflicts among the devDependencies (e.g., @1stg/common-config, eslint, lint-staged, etc.).

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (2)

.github/workflows/pkg-pr-new.yml (1)

10-10: ⚠️ Potential issue

Invalid permissions configuration (Duplicate).
Using permissions: null is not acceptable per actionlint guidelines. As with other workflows, please update this to "read-all".

Apply this diff:

- permissions: null
+ permissions: read-all

🧰 Tools

🪛 actionlint (1.7.4)

10-10: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

.github/workflows/autofix.yml (1)

14-14: 🛠️ Refactor suggestion

⚠️ Potential issue

Invalid Permissions Value
The static analysis tool indicates that setting permissions: null is invalid. To restrict permissions safely, consider using an empty map instead. For example:

- permissions: null
+ permissions: {}

This change will ensure a valid configuration and prevent unintentional over-privileging of the workflow.

🧰 Tools

🪛 actionlint (1.7.4)

14-14: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

🧹 Nitpick comments (1)

package.json (1)

96-100: Introduction of the resolutions field.
Using the resolutions field to enforce specific dependency versions can help avoid subtle version conflicts. Consider reviewing whether the resolution for "sh-syntax": "link:." is necessary or might be streamlined in the future.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 782cc64 and 8fef103.

⛔ Files ignored due to path filters (7)

• .yarn/plugins/plugin-prepare-lifecycle.cjs is excluded by !**/.yarn/**
• .yarn/releases/yarn-4.8.1.cjs is excluded by !**/.yarn/**
• go.sum is excluded by !**/*.sum
• main.wasm is excluded by !**/*.wasm
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• test/__snapshots__/fixtures.spec.ts.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (38)

• .changeset/config.json (1 hunks)
• .editorconfig (1 hunks)
• .eslintignore (0 hunks)
• .eslintrc (0 hunks)
• .gitattributes (1 hunks)
• .github/workflows/autofix.yml (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/codeql.yml (0 hunks)
• .github/workflows/pkg-pr-new.yml (1 hunks)
• .github/workflows/pkg-size.yml (1 hunks)
• .github/workflows/release.yml (2 hunks)
• .github/workflows/size-limit.yml (1 hunks)
• .gitignore (1 hunks)
• .lintstagedrc.cjs (0 hunks)
• .lintstagedrc.js (1 hunks)
• .npmrc (0 hunks)
• .prettierignore (1 hunks)
• .simple-git-hooks.cjs (0 hunks)
• .simple-git-hooks.js (1 hunks)
• .yarnrc.yml (1 hunks)
• README.md (4 hunks)
• benchmark/benchmark.txt (1 hunks)
• benchmark/index.js (2 hunks)
• eslint.config.js (1 hunks)
• go.mod (1 hunks)
• index.d.cts (1 hunks)
• package.json (1 hunks)
• processor/structs_easyjson.go (21 hunks)
• src/index.ts (1 hunks)
• src/processor.ts (3 hunks)
• src/shim.ts (1 hunks)
• test/basic.spec.ts (0 hunks)
• test/fixtures.spec.ts (1 hunks)
• test/global.d.ts (1 hunks)
• tsconfig.json (1 hunks)
• vendors/wasm_exec.cjs (5 hunks)
• vendors/wasm_exec.d.cts (0 hunks)
• vitest.config.ts (1 hunks)

💤 Files with no reviewable changes (8)

• vendors/wasm_exec.d.cts
• .github/workflows/codeql.yml
• .eslintignore
• .simple-git-hooks.cjs
• .lintstagedrc.cjs
• .eslintrc
• test/basic.spec.ts
• .npmrc

✅ Files skipped from review due to trivial changes (1)

• .lintstagedrc.js

🚧 Files skipped from review as they are similar to previous changes (19)

• .gitignore
• test/global.d.ts
• .gitattributes
• .changeset/config.json
• index.d.cts
• eslint.config.js
• vitest.config.ts
• .yarnrc.yml
• src/shim.ts
• .prettierignore
• .editorconfig
• .github/workflows/release.yml
• src/index.ts
• tsconfig.json
• .simple-git-hooks.js
• go.mod
• src/processor.ts
• vendors/wasm_exec.cjs
• processor/structs_easyjson.go

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/size-limit.yml

12-12: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

.github/workflows/ci.yml

11-11: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

.github/workflows/autofix.yml

14-14: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

.github/workflows/pkg-pr-new.yml

10-10: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

.github/workflows/pkg-size.yml

10-10: "null" is invalid for permission for all the scopes. available values are "read-all" and "write-all"

(permissions)

🪛 LanguageTool

README.md

[style] ~130-~130: Using many exclamation marks might seem excessive (in this case: 13 exclamation marks for a text that’s 3731 characters long)
Context: ...----------------------------------- | | | | [![UnTS Open Collective backers](https://o...

(EN_EXCESSIVE_EXCLAMATION)

benchmark/benchmark.txt

[grammar] ~9-~9: Make sure that the singular noun after the number ‘711.16’ is correct.
Context: ... (601.05 kb … 711.16 kb) 641.13 kb █▁▁██▁▁▁█▁▁██▁█▁▁▁▁██ ...

(CD_POINT_CD_NN)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (54)

README.md (6)

3-3: LGTM! Updated GitHub Actions badge to be more descriptive

The badge now includes a more explicit "Workflow Status" label and specifically targets the main branch, making it clearer and more informative for users.

---

6-6: Great addition of CodeRabbit PR reviews badge!

This badge helps users see that the project is using automated code review tools, which enhances the project's credibility.

---

23-23: LGTM! Added Benchmark to TOC

This addition correctly reflects the new benchmark section added to the documentation.

---

81-116: Excellent addition of comprehensive benchmark information

The new benchmark section provides valuable performance metrics with detailed comparisons between different implementations. This information helps users understand the performance benefits of using sh-syntax and aligns well with the dependency updates in this PR.

---

118-130: LGTM! Updated sponsors and backers tables format

The tables now have a cleaner format with proper markdown alignment. This improves readability while maintaining all the important sponsor information.

🧰 Tools

🪛 LanguageTool

[style] ~130-~130: Using many exclamation marks might seem excessive (in this case: 13 exclamation marks for a text that’s 3731 characters long)
Context: ...----------------------------------- | | | | [![UnTS Open Collective backers](https://o...

(EN_EXCESSIVE_EXCLAMATION)

---

140-142: LGTM! Updated reference links

Links have been updated with proper formatting, maintaining consistency throughout the document.

benchmark/index.js (3)

8-8: Updated mitata import to include summary function

The import is now properly updated to include the summary function from mitata, which is used to encapsulate the benchmark calls below.

---

59-59: LGTM! Improved URL resolution for worker

Using new URL('worker.mjs', import.meta.url) is a modern approach that properly resolves the worker path relative to the current module, which is more reliable than path-based resolution.

---

61-84: Enhanced benchmark organization with summary function

The code has been restructured to use the summary function for better organization. Setting the sh-syntax benchmark as the baseline with .baseline() provides a clearer reference point for comparisons.

benchmark/benchmark.txt (3)

1-3: LGTM! Updated runtime information

The runtime information has been updated to show Node.js 18.20.8, reflecting the dependency upgrades mentioned in the PR title.

---

5-23: Improved benchmark reporting format

The new benchmark format provides more detailed performance metrics including memory usage, IPC data, and cache utilization, giving a more comprehensive view of the tool's performance characteristics.

🧰 Tools

🪛 LanguageTool

[grammar] ~9-~9: Make sure that the singular noun after the number ‘711.16’ is correct.
Context: ... (601.05 kb … 711.16 kb) 641.13 kb █▁▁██▁▁▁█▁▁██▁█▁▁▁▁██ ...

(CD_POINT_CD_NN)

---

28-28: Performance improvement confirmed

The summary now shows that sh-syntax is 2.11x faster than mvdan-sh, an improvement from the previous 1.66x. This validates the positive impact of the dependency updates in this PR.

test/fixtures.spec.ts (2)

8-8: Updated directory path resolution to use ES modules syntax.

The code has been updated to use import.meta.dirname instead of a previously defined _dirname variable (likely based on CommonJS's __dirname). This change is appropriate for ES modules, but ensure that all environments where this code runs support this syntax.

---

6-26:

Details

✅ Verification successful

Missing Vitest import but using Vitest functions.

The code is using Vitest functions (describe, it, expect) without importing them. The AI summary indicates that the import statement import { describe, expect, it } from 'vitest' was removed. This will only work if you've added a reference to Vitest globals in your test configuration.

---

🏁 Script executed:

#!/bin/bash
# Check if there's a reference to Vitest globals in test configuration files
echo "Checking for Vitest globals reference..."
cat test/global.d.ts 2>/dev/null | grep -E "reference types=\"vitest/globals\"" || echo "No explicit Vitest globals reference found in test/global.d.ts"

# Check package.json for Vitest configuration
echo -e "\nChecking package.json for Vitest configuration..."
cat package.json | grep -E "\"vitest\":" -A 10 || echo "No Vitest configuration found in package.json"

# Check for standalone Vitest configuration file
echo -e "\nChecking for vitest.config files..."
ls -la vitest.config.* 2>/dev/null || echo "No standalone Vitest config files found"

Length of output: 788

---

Vitest globals are correctly configured

The tests intentionally use Vitest's global functions without explicit imports because the global reference is properly set via the test/global.d.ts file (which includes /// <reference types="vitest/globals" />), and the Vitest setup is confirmed by the presence of a vitest.config.ts file and the configuration in package.json. No change is needed.

package.json (8)

6-8: Updated repository, author, and funding details.
The updated repository URL, author format, and funding URL now clearly reflect the new project branding. Please double-check that these values are correct and match the intended project information.

---

10-10: Switch package manager to Yarn.
The update from "pnpm@8.12.1" to "yarn@4.8.1" is correctly applied. Verify that all CI/CD scripts and local setups have been updated accordingly.

---

15-15: Addition of the 'types' field.
Adding "types": "./index.d.cts" improves TypeScript integration, ensuring consumers have proper type definitions.

---

17-34: Enhanced exports structure.
The new nested exports for browser, import, module-sync, and require provide better resolution for different module formats. Confirm that all file paths correctly point to the intended outputs.

---

42-42: Inclusion of index.d.cts in the files array.
Including "index.d.cts" in the package files ensures that the type declaration file is part of the published package.

---

49-60: Updated scripts and build commands.
Renaming build:ts to build:tsc and adding new scripts like easyjson and format enhance the project’s tooling and readability. Please verify that the revised commands (using single quotes around glob patterns) work as expected across environments.

---

65-65: Dependency upgrade for tslib.
Upgrading tslib to "^2.8.1" is a good housekeeping measure. Ensure this version remains compatible with other dependencies.

---

67-94: DevDependencies renaming and updates.
The renaming of @1stg/lib-config to @1stg/common-config and the addition of several new devDependencies support the overall project maintenance objective. Confirm that none of these changes introduce conflicts in your development environment.

.github/workflows/pkg-size.yml (4)

1-2: Workflow naming clarity.
The name "Package Size Report" clearly conveys the purpose of this workflow.

---

3-5: Appropriate event trigger.
Triggering on pull requests ensures the package size report runs during PR evaluations, which is ideal for catch-all size regressions.

---

6-9: Effective concurrency settings.
Using a concurrency group with cancellation of in-progress runs optimizes resource usage during frequent PR updates.

---

11-26: Well-defined job steps.
The job steps—from checkout to executing the pkg-size action—are clearly laid out. The use of continue-on-error: true in the action step is acceptable if size reporting failures should not block the workflow.

.github/workflows/ci.yml (9)

1-5: CI Workflow triggers and identification.
The workflow triggers on push and pull request events and is aptly named "CI," which keeps the purpose clear.

---

7-10: Concurrency settings added.
Grouping runs by workflow name and reference and enabling cancellation of in-progress runs is a practical improvement to the CI process.

---

12-26: Job configuration and matrix updates.
The Node.js matrix now includes version 22, and using fail-fast: false ensures all jobs complete regardless of an early failure in one matrix entry. This configuration should provide robust testing coverage.

---

32-37: Node.js setup with yarn caching.
Setting up Node.js with the appropriate version and enabling caching with Yarn is a coherent enhancement.

---

38-40: Immutable dependency installation with Yarn.
Using yarn --immutable ensures a stable dependency state, which is essential for reproducible builds.

---

41-46: Combined build, lint, and test step.
The command yarn run-s build lint test typecov along with increased memory allocation via NODE_OPTIONS ensures that resource limitations do not cause unexpected failures during these tasks.

---

47-49: Benchmark step verification.
Running the benchmark step with node benchmark is straightforward—just ensure that benchmark failures or fluctuations don’t adversely affect overall CI outcomes.

---

50-54: Upgraded Codecov integration.
Switching to Codecov v5 is a positive update for improved coverage reporting. Validate that the secret token used is current and correct.

---

55-59: Codacy coverage reporter inclusion.
Integrating the Codacy coverage reporter adds another layer of quality assessment. Ensure that the corresponding API token (CODACY_API_TOKEN) is properly configured in your repository secrets.

.github/workflows/size-limit.yml (8)

1-2: Workflow naming for size limit.
The workflow name "Size Limit" is concise and descriptive.

---

3-7: Trigger configuration with branch filtering.
Triggering on pull_request_target for the main branch is suitable for ensuring size limit checks only run on intended changes.

---

8-11: Concurrency configuration improves run control.
The addition of a concurrency group minimizes redundant runs, which is beneficial during high-activity periods.

---

14-17: Job configuration review.
The runner configuration and job setup look standard and well-aligned with the project requirements.

---

18-19: Checkout step is properly implemented.
Using actions/checkout@v4 ensures that the workflow has the latest codebase snapshot.

---

20-24: Node.js setup with caching is well-configured.
The use of actions/setup-node@v4 with caching aligned to Yarn further standardizes dependency management across workflows.

---

26-27: Consistent dependency installation.
Utilizing yarn --immutable reinforces installation consistency with locked dependencies.

---

29-35: Size Limit check step enhanced.
Pinning the andresz1/size-limit-action to a specific commit improves reproducibility while the updated script reflects the migration from pnpm to yarn correctly.

.github/workflows/pkg-pr-new.yml (3)

1-5: Workflow triggers for publishing commits.
The workflow “Publish Any Commit” is configured to trigger on both push and pull_request events, which is ideal for continuous publishing scenarios.

---

6-9: Effective concurrency settings.
By grouping workflow runs and enabling cancel-in-progress, the workflow avoids redundant publish operations for the same commit/ref.

---

12-31: Publishing job configuration is complete.
The steps—including repository checkout, Node.js setup with caching, dependency installation using Yarn, and the final publish command (yarn dlx pkg-pr-new publish --compact)—appear well structured. Verify that the pkg-pr-new publish command functions as expected in your environment.

.github/workflows/autofix.yml (8)

1-2: Workflow Naming and Comment Clarity
The workflow name is set to "autofix.ci" as required by security constraints, and the inline comment clearly explains the rationale.

---

3-9: Well-Defined Trigger Events
The workflow is configured to trigger on pull request events (opened, reopened, synchronize), which is appropriate for an autofix workflow.

---

10-13: Effective Concurrency Configuration
The concurrency settings ensure that only one instance of this workflow runs at a time per reference, preventing potential conflicts.

---

16-22: Checkout Step Verification
The checkout step uses a pinned commit for actions/checkout, which aligns with best practices to ensure stability and security.

---

23-28: Node.js Setup is Configured Correctly
Using actions/setup-node with the LTS version and Yarn caching is optimal for consistent dependency management.

---

29-31: Dependency Installation Command is Sound
The use of yarn --immutable guarantees that the dependency tree remains consistent with the lockfile, a key practice in dependency management.

---

32-34: Formatting Step is Appropriately Defined
The command to run the build and format (yarn run-s build format) fits the goal of automating code style fixes.

---

35-38: Autofix Action Application is Correctly Implemented
The step employing autofix-ci/action with fail-fast: false is well-configured to apply code fixes without halting the workflow on individual failures.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.15%. Comparing base (102e245) to head (f1f19f6).
Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #97      +/-   ##
==========================================
+ Coverage   95.00%   96.15%   +1.15%     
==========================================
  Files           4        4              
  Lines          80       78       -2     
  Branches       30       30              
==========================================
- Hits           76       75       -1     
+ Misses          4        3       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7d3830c and 7f8d4c8.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/ci.yml

54-54: got unexpected character ' ' while lexing == operator, expecting '='

(expression)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (7)

.github/workflows/ci.yml (7)

7-10: Excellent use of concurrency options.
The newly added concurrency block groups runs by the workflow name and ref, which allows in-progress runs to be cancelled. This is an effective mechanism for optimizing CI resource utilization.

---

17-19: Node.js Matrix Update - Added Version 22.
Version 22 has been introduced into the Node.js matrix alongside existing versions. This ensures compatibility testing on the latest Node.js release. Please verify that your tests and all dependencies are fully compatible with Node.js 22.

---

24-24: Fail-fast Configuration Adjusted.
Setting fail-fast to false ensures that all matrix jobs complete even if one fails, providing comprehensive test results. Confirm that this behavior meets your CI strategy requirements.

---

34-34: Caching Strategy Updated to Yarn.
Using the cache: yarn parameter in the Node.js setup step aligns the caching mechanism with your Yarn-based dependency management. This change should enhance caching reliability.

---

37-37: Immutable Dependency Installation.
The command yarn --immutable ensures that the installation strictly follows the lockfile, thereby preventing any accidental dependency upgrades and enhancing build reproducibility.

---

40-40: Consolidated Build, Lint, Test, and Coverage Command.
The updated command chaining build, lint, test, and typecov using yarn run-s is efficient. Please ensure these scripts are defined in your package.json and execute as intended.

---

48-51: Codecov Action Upgrade to v5.
Upgrading to codecov/codecov-action@v5 and introducing a token via secrets is a solid update. Verify that this version integrates well with your reporting workflow and that the Codecov reports reflect the expected changes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud