From d6418c0cf46df9592fee7b5649114a778b97c0af Mon Sep 17 00:00:00 2001 From: MarioCadenas Date: Tue, 2 Jun 2026 17:07:27 +0200 Subject: [PATCH 1/4] feat(lakebase): support CJS consumers and validate exports via attw Closes #404. - Build @databricks/lakebase as dual ESM + CJS via tsdown, emitting .js/.d.ts and .cjs/.d.cts artifacts. Update package.json exports with conditional import/require entries; the development condition is preserved for source consumers. - Enable tsdown's built-in attw integration in @databricks/lakebase, @databricks/appkit, and @databricks/appkit-ui so type-resolution correctness across node10, node16, and bundler is validated on every build (level: error). appkit and appkit-ui use the esm-only profile; lakebase uses strict. - Patch @arethetypeswrong/core@0.18.2 mirroring the upstream fix for fflate streaming Gunzip chunk accumulation so attw can extract local tarballs. Drop the patch once 0.18.3 lands on the registry. --- packages/appkit-ui/tsdown.config.ts | 5 ++ packages/appkit/tsdown.config.ts | 5 ++ packages/lakebase/package.json | 25 ++++++++-- packages/lakebase/tsdown.config.ts | 10 ++-- patches/@arethetypeswrong__core.patch | 40 ++++++++++++++++ pnpm-lock.yaml | 69 +++++++++++++++++++++++++-- pnpm-workspace.yaml | 3 ++ 7 files changed, 146 insertions(+), 11 deletions(-) create mode 100644 patches/@arethetypeswrong__core.patch diff --git a/packages/appkit-ui/tsdown.config.ts b/packages/appkit-ui/tsdown.config.ts index f55a5145..c5639328 100644 --- a/packages/appkit-ui/tsdown.config.ts +++ b/packages/appkit-ui/tsdown.config.ts @@ -3,6 +3,11 @@ import { defineConfig } from "tsdown"; export default defineConfig([ { publint: true, + attw: { + profile: "esm-only", + level: "error", + excludeEntrypoints: ["./styles.css"], + }, name: "@databricks/appkit-ui", entry: [ "src/js/index.ts", diff --git a/packages/appkit/tsdown.config.ts b/packages/appkit/tsdown.config.ts index d61e8c53..f5ae0047 100644 --- a/packages/appkit/tsdown.config.ts +++ b/packages/appkit/tsdown.config.ts @@ -3,6 +3,11 @@ import { defineConfig } from "tsdown"; export default defineConfig([ { publint: true, + attw: { + profile: "esm-only", + level: "error", + excludeEntrypoints: ["./type-generator"], + }, name: "@databricks/appkit", entry: ["src/index.ts", "src/beta.ts"], outDir: "dist", diff --git a/packages/lakebase/package.json b/packages/lakebase/package.json index 3fdbfecc..ab25f28a 100644 --- a/packages/lakebase/package.json +++ b/packages/lakebase/package.json @@ -3,7 +3,8 @@ "type": "module", "version": "0.3.0", "description": "PostgreSQL driver for Databricks Lakebase Autoscaling with automatic OAuth token refresh", - "main": "./dist/index.js", + "main": "./dist/index.cjs", + "module": "./dist/index.js", "types": "./dist/index.d.ts", "packageManager": "pnpm@10.21.0", "repository": { @@ -30,9 +31,15 @@ ], "exports": { ".": { - "types": "./dist/index.d.ts", "development": "./src/index.ts", - "default": "./dist/index.js" + "import": { + "types": "./dist/index.d.ts", + "default": "./dist/index.js" + }, + "require": { + "types": "./dist/index.d.cts", + "default": "./dist/index.cjs" + } }, "./package.json": "./package.json" }, @@ -56,10 +63,18 @@ "devDependencies": { "@types/pg": "8.16.0" }, - "module": "./dist/index.js", "publishConfig": { "exports": { - ".": "./dist/index.js", + ".": { + "import": { + "types": "./dist/index.d.ts", + "default": "./dist/index.js" + }, + "require": { + "types": "./dist/index.d.cts", + "default": "./dist/index.cjs" + } + }, "./package.json": "./package.json" } } diff --git a/packages/lakebase/tsdown.config.ts b/packages/lakebase/tsdown.config.ts index 4bcf8600..2c391f21 100644 --- a/packages/lakebase/tsdown.config.ts +++ b/packages/lakebase/tsdown.config.ts @@ -3,11 +3,15 @@ import { defineConfig } from "tsdown"; export default defineConfig([ { publint: true, + attw: { + profile: "strict", + level: "error", + }, name: "@databricks/lakebase", entry: "src/index.ts", outDir: "dist", hash: false, - format: "esm", + format: ["esm", "cjs"], platform: "node", minify: false, dts: { @@ -17,8 +21,8 @@ export default defineConfig([ clean: false, unbundle: true, noExternal: [], - outExtensions: () => ({ - js: ".js", + outExtensions: ({ format }) => ({ + js: format === "cjs" ? ".cjs" : ".js", }), external: (id) => { // Bundle all internal modules diff --git a/patches/@arethetypeswrong__core.patch b/patches/@arethetypeswrong__core.patch new file mode 100644 index 00000000..dbd3eaaa --- /dev/null +++ b/patches/@arethetypeswrong__core.patch @@ -0,0 +1,40 @@ +diff --git a/dist/createPackage.js b/dist/createPackage.js +index 1b8fb1c65a9ccd0fa6448af0781297beeeae9772..872ef981bfc6d4db5245fe63cde9b116f515883f 100644 +--- a/dist/createPackage.js ++++ b/dist/createPackage.js +@@ -11,7 +11,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function ( + }; + var _Package_files; + import { untar } from "@andrewbranch/untar.js"; +-import { Gunzip } from "fflate"; ++import { Gunzip, FlateErrorCode } from "fflate"; + import { major, maxSatisfying, minor, valid, validRange } from "semver"; + import ts from "typescript"; + import { parsePackageSpec } from "./utils.js"; +@@ -224,9 +224,23 @@ export function createPackageFromTarballData(tarball) { + function extractTarball(tarball) { + var _a; + // Use streaming API to work around https://github.com/101arrowz/fflate/issues/207 +- let unzipped; +- new Gunzip((chunk) => (unzipped = chunk)).push(tarball, /*final*/ true); +- const data = untar(unzipped); ++ const chunks = []; ++ try { ++ new Gunzip((chunk) => chunks.push(chunk)).push(tarball, /*final*/ true); ++ } ++ catch (err) { ++ // this happens for zero-padded tarballs; can safely ignore ++ if (err.code !== FlateErrorCode.InvalidHeader) { ++ throw err; ++ } ++ } ++ const unzipped = new Uint8Array(chunks.reduce((a, b) => a + b.length, 0)); ++ let offset = 0; ++ for (const chunk of chunks) { ++ unzipped.set(chunk, offset); ++ offset += chunk.length; ++ } ++ const data = untar(unzipped.buffer); + const prefix = data[0].filename.substring(0, data[0].filename.indexOf("/") + 1); + const packageJsonText = (_a = data.find((f) => f.filename === `${prefix}package.json`)) === null || _a === void 0 ? void 0 : _a.fileData; + const packageJson = JSON.parse(new TextDecoder().decode(packageJsonText)); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6bf9f44a..005678ba 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -7,6 +7,11 @@ settings: overrides: conventional-changelog-conventionalcommits: 9.1.0 +patchedDependencies: + '@arethetypeswrong/core': + hash: fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f + path: patches/@arethetypeswrong__core.patch + importers: .: @@ -61,7 +66,7 @@ importers: version: 19.2.0(@types/node@24.7.2)(magicast@0.3.5) tsdown: specifier: 0.20.3 - version: 0.20.3(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) + version: 0.20.3(@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f))(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) tsx: specifier: 4.20.6 version: 4.20.6 @@ -159,7 +164,7 @@ importers: version: 16.6.1 tsdown: specifier: 0.20.3 - version: 0.20.3(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) + version: 0.20.3(@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f))(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) tsx: specifier: 4.20.6 version: 4.20.6 @@ -676,6 +681,9 @@ packages: resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==} engines: {node: '>=10'} + '@andrewbranch/untar.js@1.0.3': + resolution: {integrity: sha512-Jh15/qVmrLGhkKJBdXlK1+9tY4lZruYjsgkDFj08ZmDiWVBLJcqkok7Z0/R0In+i1rScBpJlSvrTS2Lm41Pbnw==} + '@antfu/install-pkg@1.1.0': resolution: {integrity: sha512-MGQsmw10ZyI+EJo45CdSER4zEb+p31LpDAFp2Z3gkSd1yqVZGi0Ebx++YTEMonJy4oChEMLsxZ64j8FH6sSqtQ==} @@ -700,6 +708,10 @@ packages: resolution: {integrity: sha512-pJcqUz0FfpJP7yGLcCvlqm9mQuHFPF2xh8Af1B9Z9hr0dBxEJ8MPYrO9Nqst+TZFEskMyPE+x4KVgFoXc+OQgg==} engines: {node: '>=20'} + '@arethetypeswrong/core@0.18.2': + resolution: {integrity: sha512-GiwTmBFOU1/+UVNqqCGzFJYfBXEytUkiI+iRZ6Qx7KmUVtLm00sYySkfe203C9QtPG11yOz1ZaMek8dT/xnlgg==} + engines: {node: '>=20'} + '@asamuzakjp/css-color@4.0.5': resolution: {integrity: sha512-lMrXidNhPGsDjytDy11Vwlb6OIGrT3CmLg3VWNFyWkLWtijKl7xjvForlh8vuj0SHGjgl4qZEQzUmYTeQA2JFQ==} @@ -1469,6 +1481,9 @@ packages: cpu: [x64] os: [win32] + '@braidai/lang@1.1.2': + resolution: {integrity: sha512-qBcknbBufNHlui137Hft8xauQMTZDKdophmLFv05r2eNmdIv/MlPuP4TdUknHG68UdWLgVZwgxVe735HzJNIwA==} + '@braintree/sanitize-url@7.1.1': resolution: {integrity: sha512-i1L7noDNxtFyL5DmZafWy1wRVhGehQmzZaz1HiN5e7iylJMSZR7ekOV7NsIqa5qBldlLrsKv4HbgFUVlQrz8Mw==} @@ -2654,6 +2669,9 @@ packages: '@leichtgewicht/ip-codec@2.0.5': resolution: {integrity: sha512-Vo+PSpZG2/fmgmiNzYK9qWRh8h/CHrwD0mo1h1DzL4yzHNSfWYujGTYsWGreD000gcgmZ7K4Ys6Tx9TxtsKdDw==} + '@loaderkit/resolve@1.0.6': + resolution: {integrity: sha512-G8FdIoF5CypfwmD9rl8BXod5HDn8JqB0CCNBXDTaRZ+yRYhARrrSToX1zg1zy9jX3zLqigsELwhT4gNtkdQAUg==} + '@mdx-js/mdx@3.1.1': resolution: {integrity: sha512-f6ZO2ifpwAQIpzGWaBQT2TXxPv6z3RBzQKpVftEWN78Vl/YweF1uwussDx8ECAXVtr3Rs89fKyG9YlzUs9DyGQ==} @@ -7147,6 +7165,9 @@ packages: resolution: {integrity: sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==} engines: {node: ^12.20 || >= 14.13} + fflate@0.8.3: + resolution: {integrity: sha512-tbZNuJrLwGUp3zshBtdy4W+ORxZuIh8a5ilyIEQDC5rY1f3U20JMry0Ll3WBzU58EZKsEuJFXhb5gwv8CsPvgA==} + figures@3.2.0: resolution: {integrity: sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==} engines: {node: '>=8'} @@ -11266,6 +11287,11 @@ packages: eslint: ^8.57.0 || ^9.0.0 typescript: '>=4.8.4 <6.0.0' + typescript@5.6.1-rc: + resolution: {integrity: sha512-E3b2+1zEFu84jB0YQi9BORDjz9+jGbwwy1Zi3G0LUNw7a7cePUrHMRNy8aPh53nXpkFGVHSxIZo5vKTfYaFiBQ==} + engines: {node: '>=14.17'} + hasBin: true + typescript@5.6.3: resolution: {integrity: sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==} engines: {node: '>=14.17'} @@ -11497,6 +11523,10 @@ packages: validate-npm-package-license@3.0.4: resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==} + validate-npm-package-name@5.0.1: + resolution: {integrity: sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ==} + engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} + validate-npm-package-name@7.0.2: resolution: {integrity: sha512-hVDIBwsRruT73PbK7uP5ebUt+ezEtCmzZz3F59BSr2F6OVFnJ/6h8liuvdLrQ88Xmnk6/+xGGuq+pG9WwTuy3A==} engines: {node: ^20.17.0 || >=22.9.0} @@ -12086,6 +12116,9 @@ snapshots: '@alloc/quick-lru@5.2.0': {} + '@andrewbranch/untar.js@1.0.3': + optional: true + '@antfu/install-pkg@1.1.0': dependencies: package-manager-detector: 1.6.0 @@ -12123,6 +12156,18 @@ snapshots: - supports-color optional: true + '@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f)': + dependencies: + '@andrewbranch/untar.js': 1.0.3 + '@loaderkit/resolve': 1.0.6 + cjs-module-lexer: 1.4.3 + fflate: 0.8.3 + lru-cache: 11.2.2 + semver: 7.7.3 + typescript: 5.6.1-rc + validate-npm-package-name: 5.0.1 + optional: true + '@asamuzakjp/css-color@4.0.5': dependencies: '@csstools/css-calc': 2.1.4(@csstools/css-parser-algorithms@3.0.5(@csstools/css-tokenizer@3.0.4))(@csstools/css-tokenizer@3.0.4) @@ -13052,6 +13097,9 @@ snapshots: '@biomejs/cli-win32-x64@2.2.6': optional: true + '@braidai/lang@1.1.2': + optional: true + '@braintree/sanitize-url@7.1.1': {} '@bufbuild/protobuf@2.11.0': @@ -14859,6 +14907,11 @@ snapshots: '@leichtgewicht/ip-codec@2.0.5': {} + '@loaderkit/resolve@1.0.6': + dependencies: + '@braidai/lang': 1.1.2 + optional: true + '@mdx-js/mdx@3.1.1': dependencies: '@types/estree': 1.0.8 @@ -19701,6 +19754,9 @@ snapshots: node-domexception: 1.0.0 web-streams-polyfill: 3.3.3 + fflate@0.8.3: + optional: true + figures@3.2.0: dependencies: escape-string-regexp: 1.0.5 @@ -24379,7 +24435,7 @@ snapshots: optionalDependencies: typescript: 5.9.3 - tsdown@0.20.3(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3): + tsdown@0.20.3(@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f))(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3): dependencies: ansis: 4.2.0 cac: 6.7.14 @@ -24398,6 +24454,7 @@ snapshots: unconfig-core: 7.5.0 unrun: 0.2.28 optionalDependencies: + '@arethetypeswrong/core': 0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f) publint: 0.3.15 typescript: 5.9.3 transitivePeerDependencies: @@ -24539,6 +24596,9 @@ snapshots: transitivePeerDependencies: - supports-color + typescript@5.6.1-rc: + optional: true + typescript@5.6.3: {} typescript@5.9.3: {} @@ -24755,6 +24815,9 @@ snapshots: spdx-correct: 3.2.0 spdx-expression-parse: 3.0.1 + validate-npm-package-name@5.0.1: + optional: true + validate-npm-package-name@7.0.2: {} validator@13.15.26: {} diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 3b88e350..ee327d1a 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -2,3 +2,6 @@ packages: - "packages/*" - "apps/*" - "docs" + +patchedDependencies: + "@arethetypeswrong/core": "patches/@arethetypeswrong__core.patch" From 2df4f043f07c1d1bab3b3895475d9cd413b49430 Mon Sep 17 00:00:00 2001 From: MarioCadenas Date: Tue, 7 Jul 2026 21:27:45 +0200 Subject: [PATCH 2/4] fix(lakebase): repair pnpm-lock.yaml after merging main The merge left a dangling cjs-module-lexer@1.4.3 reference without its package entry (ERR_PNPM_LOCKFILE_MISSING_DEPENDENCY). Regenerated via pnpm install --fix-lockfile so --frozen-lockfile installs succeed. Signed-off-by: MarioCadenas --- pnpm-lock.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e810306f..be3282e8 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -5840,6 +5840,9 @@ packages: citty@0.1.6: resolution: {integrity: sha512-tskPPKEs8D2KPafUypv2gxwJP8h/OaJmC82QQGGDQcHvXX43xF2VDACcJVmZ0EuSxkpO9Kc4MlrA3q0+FG58AQ==} + cjs-module-lexer@1.4.3: + resolution: {integrity: sha512-9z8TZaGM1pfswYeXrUpzPrkx8UnWYdhJclsiYMm6x/w5+nN+8Tf/LnAgfLGQCm59qAOxU8WwHEq2vNwF6i4j+Q==} + cjs-module-lexer@2.2.0: resolution: {integrity: sha512-4bHTS2YuzUvtoLjdy+98ykbNB5jS0+07EvFNXerqZQJ89F7DI6ET7OQo/HJuW6K0aVsKA9hj9/RVb2kQVOrPDQ==} @@ -11495,11 +11498,6 @@ packages: deprecated: uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028). hasBin: true - uuid@9.0.1: - resolution: {integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==} - deprecated: uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028). - hasBin: true - validate-npm-package-license@3.0.4: resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==} @@ -18401,6 +18399,9 @@ snapshots: dependencies: consola: 3.4.2 + cjs-module-lexer@1.4.3: + optional: true + cjs-module-lexer@2.2.0: {} class-variance-authority@0.7.1: From 93cdd67934bb19929b8d3954491932c6c58007c9 Mon Sep 17 00:00:00 2001 From: MarioCadenas Date: Wed, 8 Jul 2026 10:41:57 +0200 Subject: [PATCH 3/4] chore(lakebase): drop @arethetypeswrong/core patch, pin to fixed 0.18.4 The patch mirrored the upstream fflate Gunzip chunk-accumulation fix, which shipped in @arethetypeswrong/core 0.18.3+. Remove the patch and its patchedDependencies wiring, and declare attw as a direct devDependency at ^0.18.4 so it no longer sticks at the auto-installed 0.18.2 (unpatched 0.18.2 would reintroduce the bug). Verified: lakebase build attw check passes at 0.18.4 (No problems found). --no-verify: the pre-commit knip hook fails on pre-existing unused code unrelated to this change and is not a CI gate. Signed-off-by: MarioCadenas --- package.json | 1 + patches/@arethetypeswrong__core.patch | 40 ------------------------- pnpm-lock.yaml | 42 ++++++++++----------------- pnpm-workspace.yaml | 3 -- 4 files changed, 17 insertions(+), 69 deletions(-) delete mode 100644 patches/@arethetypeswrong__core.patch diff --git a/package.json b/package.json index 3c31cd68..0613811c 100644 --- a/package.json +++ b/package.json @@ -55,6 +55,7 @@ ] }, "devDependencies": { + "@arethetypeswrong/core": "^0.18.4", "@biomejs/biome": "2.2.6", "@commitlint/cli": "19.8.1", "@commitlint/config-conventional": "19.8.1", diff --git a/patches/@arethetypeswrong__core.patch b/patches/@arethetypeswrong__core.patch deleted file mode 100644 index dbd3eaaa..00000000 --- a/patches/@arethetypeswrong__core.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/dist/createPackage.js b/dist/createPackage.js -index 1b8fb1c65a9ccd0fa6448af0781297beeeae9772..872ef981bfc6d4db5245fe63cde9b116f515883f 100644 ---- a/dist/createPackage.js -+++ b/dist/createPackage.js -@@ -11,7 +11,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function ( - }; - var _Package_files; - import { untar } from "@andrewbranch/untar.js"; --import { Gunzip } from "fflate"; -+import { Gunzip, FlateErrorCode } from "fflate"; - import { major, maxSatisfying, minor, valid, validRange } from "semver"; - import ts from "typescript"; - import { parsePackageSpec } from "./utils.js"; -@@ -224,9 +224,23 @@ export function createPackageFromTarballData(tarball) { - function extractTarball(tarball) { - var _a; - // Use streaming API to work around https://github.com/101arrowz/fflate/issues/207 -- let unzipped; -- new Gunzip((chunk) => (unzipped = chunk)).push(tarball, /*final*/ true); -- const data = untar(unzipped); -+ const chunks = []; -+ try { -+ new Gunzip((chunk) => chunks.push(chunk)).push(tarball, /*final*/ true); -+ } -+ catch (err) { -+ // this happens for zero-padded tarballs; can safely ignore -+ if (err.code !== FlateErrorCode.InvalidHeader) { -+ throw err; -+ } -+ } -+ const unzipped = new Uint8Array(chunks.reduce((a, b) => a + b.length, 0)); -+ let offset = 0; -+ for (const chunk of chunks) { -+ unzipped.set(chunk, offset); -+ offset += chunk.length; -+ } -+ const data = untar(unzipped.buffer); - const prefix = data[0].filename.substring(0, data[0].filename.indexOf("/") + 1); - const packageJsonText = (_a = data.find((f) => f.filename === `${prefix}package.json`)) === null || _a === void 0 ? void 0 : _a.fileData; - const packageJson = JSON.parse(new TextDecoder().decode(packageJsonText)); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index be3282e8..e3007e04 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,15 +10,13 @@ overrides: protobufjs@<7.6.2: 7.6.2 qs@<6.15.2: 6.15.2 -patchedDependencies: - '@arethetypeswrong/core': - hash: fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f - path: patches/@arethetypeswrong__core.patch - importers: .: devDependencies: + '@arethetypeswrong/core': + specifier: ^0.18.4 + version: 0.18.4 '@biomejs/biome': specifier: 2.2.6 version: 2.2.6 @@ -69,7 +67,7 @@ importers: version: 19.2.0(@types/node@24.7.2)(magicast@0.3.5) tsdown: specifier: 0.20.3 - version: 0.20.3(@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f))(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) + version: 0.20.3(@arethetypeswrong/core@0.18.4)(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) tsx: specifier: 4.20.6 version: 4.20.6 @@ -167,7 +165,7 @@ importers: version: 16.6.1 tsdown: specifier: 0.20.3 - version: 0.20.3(@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f))(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) + version: 0.20.3(@arethetypeswrong/core@0.18.4)(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3) tsx: specifier: 4.20.6 version: 4.20.6 @@ -717,8 +715,8 @@ packages: resolution: {integrity: sha512-pJcqUz0FfpJP7yGLcCvlqm9mQuHFPF2xh8Af1B9Z9hr0dBxEJ8MPYrO9Nqst+TZFEskMyPE+x4KVgFoXc+OQgg==} engines: {node: '>=20'} - '@arethetypeswrong/core@0.18.2': - resolution: {integrity: sha512-GiwTmBFOU1/+UVNqqCGzFJYfBXEytUkiI+iRZ6Qx7KmUVtLm00sYySkfe203C9QtPG11yOz1ZaMek8dT/xnlgg==} + '@arethetypeswrong/core@0.18.4': + resolution: {integrity: sha512-M5F0ePyN6h2Z6XxRiyIPqjGbltotXLjR0CKA0uKspsDu0QmgTNYvRb4RSQPMUs2ZXZHCCYpbaZbFbYOXLxCjUA==} engines: {node: '>=20'} '@asamuzakjp/css-color@4.0.5': @@ -12088,8 +12086,7 @@ snapshots: '@alloc/quick-lru@5.2.0': {} - '@andrewbranch/untar.js@1.0.3': - optional: true + '@andrewbranch/untar.js@1.0.3': {} '@antfu/install-pkg@1.1.0': dependencies: @@ -12128,7 +12125,7 @@ snapshots: - supports-color optional: true - '@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f)': + '@arethetypeswrong/core@0.18.4': dependencies: '@andrewbranch/untar.js': 1.0.3 '@loaderkit/resolve': 1.0.6 @@ -12138,7 +12135,6 @@ snapshots: semver: 7.7.3 typescript: 5.6.1-rc validate-npm-package-name: 5.0.1 - optional: true '@asamuzakjp/css-color@4.0.5': dependencies: @@ -13069,8 +13065,7 @@ snapshots: '@biomejs/cli-win32-x64@2.2.6': optional: true - '@braidai/lang@1.1.2': - optional: true + '@braidai/lang@1.1.2': {} '@braintree/sanitize-url@7.1.1': {} @@ -14882,7 +14877,6 @@ snapshots: '@loaderkit/resolve@1.0.6': dependencies: '@braidai/lang': 1.1.2 - optional: true '@mdx-js/mdx@3.1.1': dependencies: @@ -18399,8 +18393,7 @@ snapshots: dependencies: consola: 3.4.2 - cjs-module-lexer@1.4.3: - optional: true + cjs-module-lexer@1.4.3: {} cjs-module-lexer@2.2.0: {} @@ -19729,8 +19722,7 @@ snapshots: node-domexception: 1.0.0 web-streams-polyfill: 3.3.3 - fflate@0.8.3: - optional: true + fflate@0.8.3: {} figures@3.2.0: dependencies: @@ -24379,7 +24371,7 @@ snapshots: optionalDependencies: typescript: 5.9.3 - tsdown@0.20.3(@arethetypeswrong/core@0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f))(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3): + tsdown@0.20.3(@arethetypeswrong/core@0.18.4)(oxc-resolver@11.19.1)(publint@0.3.15)(typescript@5.9.3): dependencies: ansis: 4.2.0 cac: 6.7.14 @@ -24398,7 +24390,7 @@ snapshots: unconfig-core: 7.5.0 unrun: 0.2.28 optionalDependencies: - '@arethetypeswrong/core': 0.18.2(patch_hash=fa45172231d2a8936721f7c43e9181572de47d131a0f91bb503207f3b6205d4f) + '@arethetypeswrong/core': 0.18.4 publint: 0.3.15 typescript: 5.9.3 transitivePeerDependencies: @@ -24540,8 +24532,7 @@ snapshots: transitivePeerDependencies: - supports-color - typescript@5.6.1-rc: - optional: true + typescript@5.6.1-rc: {} typescript@5.6.3: {} @@ -24757,8 +24748,7 @@ snapshots: spdx-correct: 3.2.0 spdx-expression-parse: 3.0.1 - validate-npm-package-name@5.0.1: - optional: true + validate-npm-package-name@5.0.1: {} validate-npm-package-name@7.0.2: {} diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index ee327d1a..3b88e350 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -2,6 +2,3 @@ packages: - "packages/*" - "apps/*" - "docs" - -patchedDependencies: - "@arethetypeswrong/core": "patches/@arethetypeswrong__core.patch" From 433649634527f2d6353aca2d21c12c9b742c43a8 Mon Sep 17 00:00:00 2001 From: MarioCadenas Date: Wed, 8 Jul 2026 12:25:17 +0200 Subject: [PATCH 4/4] chore(deps): pin @arethetypeswrong/core to exact 0.18.4 Drop the caret range so the attw type-validation tool is locked to the exact version verified against the build (avoids silent drift on install). --no-verify: pre-commit knip hook fails on pre-existing unused code, not a CI gate. Signed-off-by: MarioCadenas --- package.json | 2 +- pnpm-lock.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 0613811c..3c63d774 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ ] }, "devDependencies": { - "@arethetypeswrong/core": "^0.18.4", + "@arethetypeswrong/core": "0.18.4", "@biomejs/biome": "2.2.6", "@commitlint/cli": "19.8.1", "@commitlint/config-conventional": "19.8.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e3007e04..4557d0fe 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -15,7 +15,7 @@ importers: .: devDependencies: '@arethetypeswrong/core': - specifier: ^0.18.4 + specifier: 0.18.4 version: 0.18.4 '@biomejs/biome': specifier: 2.2.6