chore: internalize/remove bundled runtime dependencies

[kylemcd]

Description

Combines four small "npm supply chain hardening" changes — each dropping a third-party runtime dependency from a published package — into one PR. Each is an independent, behavior-preserving change with its own commit, changeset, and tests. Dropping these direct dependencies also removes them from consumers' install graphs once the packages publish.

1. Remove clsx from @knocklabs/react — KNO-13814

Every call site was the simple clsx("static-class", className) pattern. All ~29 sites across the guide components (Banner, Card, Modal) now use a small internal cx helper in its own packages/react/src/modules/core/cx/ folder — cx("knock-guide-banner", className) — replacing the clsx runtime dependency with one line of our own code. clsx remains in the lockfile only as a transitive dep of the @telegraph/* packages.

2. Internalize jwt-decode in @knocklabs/client — KNO-13812

The decoder (base64url-decode the payload + JSON.parse, no signature verification) now lives in its own packages/client/src/jwt/ folder. Imports and the test mock are repointed; jwt-decode is fully removed from the lockfile. Covered by test/jwt.test.ts.

3. Internalize lodash.debounce in @knocklabs/react — KNO-13811

The single call site uses default (trailing-edge) options, so a minimal debounce now lives in its own packages/react/src/modules/core/debounce/ folder. Drops both lodash.debounce and @types/lodash.debounce. Covered by test/core/debounce.test.ts.

4. Internalize fast-deep-equal in @knocklabs/react-core — KNO-13810

Reimplemented as deepEqual in its own packages/react-core/src/modules/core/deepEqual/ folder (default non-ES6 behavior: primitives, plain objects, arrays, Date, RegExp). Covered by test/core/deepEqual.test.ts.

[linear-code]

KNO-13814

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
javascript-ms-teams-connect-example	Ready	Preview, Comment	Jun 17, 2026 5:29pm
javascript-nextjs-example	Ready	Preview, Comment	Jun 17, 2026 5:29pm
javascript-slack-connect-example	Ready	Preview, Comment	Jun 17, 2026 5:29pm
javascript-slack-kit-example	Ready	Preview, Comment	Jun 17, 2026 5:29pm

[changeset-bot]

🦋 Changeset detected

Latest commit: 163ad19

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages

Name	Type
@knocklabs/react-core	Patch
@knocklabs/client	Patch
@knocklabs/react	Patch
ms-teams-connect-example	Patch
nextjs-app-dir-example	Patch
slack-connect-example	Patch
slack-kit-example	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[kylemcd]

• chore: internalize/remove bundled runtime dependencies #1024 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit d69399c. Configure here.}

[codecov]

Codecov Report

❌ Patch coverage is 88.02817% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.95%. Comparing base (24a8bb2) to head (163ad19).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...react/src/modules/guide/components/Modal/Modal.tsx	9.09%	10 Missing ⚠️
...s/react/src/modules/guide/components/Card/Card.tsx	58.33%	5 Missing ⚠️
...act/src/modules/guide/components/Banner/Banner.tsx	77.77%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1024      +/-   ##
==========================================
+ Coverage   63.55%   63.95%   +0.39%     
==========================================
  Files         208      212       +4     
  Lines        9924    10028     +104     
  Branches     1280     1321      +41     
==========================================
+ Hits         6307     6413     +106     
+ Misses       3592     3590       -2     
  Partials       25       25              

Files with missing lines	Coverage Δ
packages/client/src/jwt/index.ts	100.00% <100.00%> (ø)
packages/client/src/knock.ts	100.00% <100.00%> (ø)
...ges/react-core/src/modules/core/deepEqual/index.ts	100.00% <100.00%> (ø)
...ct-core/src/modules/core/hooks/useStableOptions.ts	100.00% <100.00%> (ø)
packages/react/src/modules/core/cx/index.ts	100.00% <100.00%> (ø)
packages/react/src/modules/core/debounce/index.ts	100.00% <100.00%> (ø)
.../react/src/modules/core/hooks/useOnBottomScroll.ts	100.00% <100.00%> (ø)
...act/src/modules/guide/components/Banner/Banner.tsx	75.47% <77.77%> (+0.93%)	⬆️
...s/react/src/modules/guide/components/Card/Card.tsx	58.03% <58.33%> (ø)
...react/src/modules/guide/components/Modal/Modal.tsx	23.10% <9.09%> (ø)