feat: add preflight check for package installation compatibility #177
+340
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds a fast preflight check that verifies package-lock.json can be installed in the current environment. This helps contributors catch issues before submitting PRs when their npm registry configuration differs from the public registry. Motivation: #176 addressed compatibility issues with @oven/bun-* packages by widening version ranges. This script provides tooling to detect and fix such issues proactively. Usage: npm run preflight # Check if lockfile is installable (~2 sec) npm run preflight:fix # Regenerate lockfile via Docker The script uses `npm install --dry-run` for fast detection and provides context-aware recommendations based on the environment. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
commit: |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
- Use proper URL parsing to check registry hostname (prevents spoofing via subdomains or paths containing "registry.npmjs.org") - Validate projectRoot path before using in shell command to prevent command injection via malicious path characters 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds a fast preflight check that verifies
package-lock.jsoncan be installed in the current environment. This helps contributors catch dependency issues before submitting PRs.Motivation
Addresses the issue fixed in #176 — contributors with different npm registry configurations may encounter install failures when the lockfile contains package versions not yet available in their registry. This script provides tooling to detect and fix such issues proactively.
Usage
Additional options:
How it works
npm install --dry-runto quickly validate all packages (~2 seconds)Test plan
npm run preflightpasses on current lockfile--helpshows usage information🤖 Generated with Claude Code