ci: split configs

[TobiTenno]

What did you fix?

upgrade pre-commit frameworks

---

Reproduction steps

Commit some change

---

Evidence/screenshot/link to line

Considerations

• Does this contain a new dependency? [Yes]
• Does this introduce opinionated data formatting or manual data entry? [No]
• Does this pr include updated data files in a separate commit that can be reverted for a clean code-only pr? [No]
• Have I run the linter? [Yes]
• Is is a bug fix, feature request, or enhancement? [Maintenance]

Summary by CodeRabbit

• New Features

  • Introduced several configuration files for enhanced development and linting processes.
  • Added a new versioning scheme and updated project metadata in package.json.

• Bug Fixes

  • Updated hash and timestamp values in the data/hash.json file.
  • Updated version information in data/version.json and data/version.txt.

• Documentation

  • Added a homepage and bugs URL in package.json.

• Chores

  • Enhanced linting and testing configurations for improved code quality and consistency across the project.
  • Improved GitHub Actions workflows for validation and linting processes.

[coderabbitai]

Walkthrough

The pull request introduces several configuration files and updates existing ones to enhance the development workflow for a TypeScript project. Key changes include the addition of Babel and ESLint configurations, commit linting rules, and a Mocha testing setup. The project also sees updates to versioning information in JSON files, as well as enhancements in the package.json to include metadata and new dependencies. Overall, these changes aim to improve code quality, maintainability, and testing practices.

Changes

File	Change Summary
.babelrc.json	New configuration file added with presets for Babel and plugins for class properties and private methods.
.commitlintrc.ts	New configuration file added to set commit linting rules, extending conventional rules and disabling specific checks.
.eslintignore	Entries added to ignore dist/** and tsup.config.ts in ESLint linting.
.eslintirc.yml	ESLint configuration extended to include TypeScript support with specified parser options.
.husky/commit-msg	Command added to validate commit messages using commitlint.
.husky/pre-commit	Command added to run lint-staged on staged files before commit.
.lintstagedrc.yml	Configuration added to specify linting and formatting rules for various file types.
.mocharc.yml	New configuration file for Mocha with settings for test execution and TypeScript support.
.nycrc.yml	New configuration file for coverage reporting, specifying exclusions and reporting formats.
.releaserc.yml	Configuration added for semantic release with specified plugins and branch settings.
data/hash.json	Key-value pairs updated, including hash and timestamps.
data/version.json	Version number and title updated to reflect a new release.
data/version.txt	Version number updated from 32.0.11 to 37.0.11.
package.json	Multiple fields added, including metadata, new dependencies, and scripts for integration with Husky.
tsup.config.ts	New configuration file added for tsup with settings for TypeScript declaration generation and build options.
.github/workflows/release.yml	New step added to validate commit messages using commitlint.
.github/workflows/static.yml	New step added to validate commit messages during the linting process for pull requests.

Poem

🐰 In the garden of code, we hop and play,
With Babel and ESLint leading the way.
Commit messages tidy, our tests all run,
With each little change, we’re having such fun!
So here’s to the updates, both clever and bright,
A project that flourishes, taking flight! 🌼✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (4)

.nycrc.yml (1)

5-7: Consider adding HTML reporter for local development

The current reporters (lcov and text) are good for CI integration and command-line feedback. However, adding the HTML reporter could enhance local development by providing detailed, navigable coverage reports.

 reporter:
   - lcov
   - text
+  - html

.lintstagedrc.yml (2)

3-5: Consider optimizing the test execution strategy.

Running the full test suite (npm test) on every TypeScript file change might significantly slow down commits, especially in larger codebases. Consider running only affected tests or moving full test runs to pre-push hooks.

'src/*.ts':
  - eslint --cache --fix
-  - npm test
+  - npm test -- --findRelatedTests

---

6-9: Reconsider package.json processing frequency.

Running npm dedupe on every commit might be excessive and could slow down the commit process. Consider moving this to a less frequent hook, such as pre-push or post-merge.

package*.json:
  - prettier --write
-  - npm dedupe
  - npx sort-package-json

.releaserc.yml (1)

6-13: Simplify asset management configuration.

The CHANGELOG.md file is listed as an asset in both the changelog and git plugins. While this works, it's redundant. The git plugin configuration is sufficient.

  - - '@semantic-release/changelog'
-    - assets:
-        - CHANGELOG.md
  - - '@semantic-release/git'
    - assets:
        - package.json
        - package-lock.json
        - CHANGELOG.md

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between e26632f and 7d06b9e.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (15)

• .babelrc.json (1 hunks)
• .commitlintrc.ts (1 hunks)
• .eslintignore (1 hunks)
• .eslintirc.yml (1 hunks)
• .husky/commit-msg (1 hunks)
• .husky/pre-commit (1 hunks)
• .lintstagedrc.yml (1 hunks)
• .mocharc.yml (1 hunks)
• .nycrc.yml (1 hunks)
• .releaserc.yml (1 hunks)
• data/hash.json (1 hunks)
• data/version.json (1 hunks)
• data/version.txt (1 hunks)
• package.json (1 hunks)
• tsup.config.ts (1 hunks)

✅ Files skipped from review due to trivial changes (10)

• .husky/pre-commit
• .eslintirc.yml
• data/version.txt
• .eslintignore
• data/version.json
• .babelrc.json
• tsup.config.ts
• .commitlintrc.ts
• .mocharc.yml
• data/hash.json

🔇 Additional comments (9)

.nycrc.yml (3)

1-3: LGTM! Exclusion patterns follow best practices

The exclusion patterns correctly ignore test files and build output from coverage reporting.

---

4-4: Verify if skipping full coverage reports is intended

Setting skip-full: true will omit full source code reporting from coverage output. While this makes reports more concise, it might hide useful information for debugging coverage issues.

✅ Verification successful

Skip-full setting aligns with the project's coverage reporting workflow

The skip-full: true setting is appropriate for this project because:

• Coverage reporting is primarily used with Coveralls (nyc report --reporter=text-lcov | coveralls)
• The project uses both local test coverage (nyc mocha) and CI coverage reporting
• Text-lcov reporter is used, which is designed for machine consumption rather than human reading, making full source reporting unnecessary

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if this setting aligns with existing coverage reporting practices

# Look for previous NYC configurations
fd -t f -e json -e yml -e yaml -e js -e ts '.nycrc' 

# Check CI workflow files for coverage reporting steps
fd -t f -g '*workflow*.{yml,yaml}' .github/workflows/

Length of output: 107

---

Script:

#!/bin/bash
# Let's try a broader search for coverage configuration and CI files

# Search for any NYC config files with different naming patterns
fd -t f -g '*nyc*' 

# Search for coverage-related configurations in package.json
rg -l "nyc" package.json

# Look for coverage reporting in workflow files with a broader pattern
fd -t f workflow .github/

# Search for coverage-related commands in package.json scripts
rg '"scripts"' -A 10 package.json

Length of output: 558

---

1-7: Verify NYC configuration compatibility with Mocha setup

Let's ensure this NYC configuration properly integrates with the project's Mocha test setup mentioned in the summary.

✅ Verification successful

Let me gather more information about the Mocha configuration and test setup.

---

Let me check the actual test file content and NYC setup to make a final verification.

---

NYC configuration is properly aligned with the project setup

The NYC configuration is correctly set up and compatible with the project's Mocha test environment:

• The exclude patterns correctly target src/spec/** where test files are located
• The reporters (lcov and text) align with the coverage script in package.json
• The configuration works with TypeScript setup as evidenced by tsconfig.json and the existing test file
• Test patterns and NYC integration are properly configured in package.json scripts

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for potential configuration conflicts

# Look for Mocha configuration
fd -t f -e yml -e yaml -e js -e ts '.mocharc'

# Check if test files follow the excluded pattern
fd -t f -g '*.spec.ts' src/spec/

# Verify package.json test scripts
rg -A 5 '"test":|"coverage":' package.json

Length of output: 568

---

Script:

#!/bin/bash
# Check Mocha configuration and test patterns

# Look for mocha-specific configurations in package.json
rg '"mocha":' -A 10 package.json

# Check test file patterns and structure
fd -t f -g '*.spec.*' -g '*.test.*'

# Look for test-related imports and configurations
rg -g '*.spec.*' -g '*.test.*' 'describe|it|before|after'

Length of output: 609

---

Script:

#!/bin/bash
# Check test setup and NYC integration

# Check the test file content
cat src/spec/Build.spec.ts

# Look for any tsconfig or mocha configuration that might affect the test setup
fd -t f tsconfig.json
cat tsconfig.json

# Check if there are any other test files that might be affected
fd -t f -g '*spec*' -g '*test*' --exclude 'node_modules'

Length of output: 884

.husky/commit-msg (1)

1-1: LGTM! Verify commitlint installation.

The commit-msg hook is correctly implemented. The --no flag is a good practice to prevent automatic package installation.

Let's verify the commitlint setup:

✅ Verification successful

Let me gather more information about the commitlint configuration.

---

Let me check the content of the commitlint configuration file to ensure it's properly set up.

---

Commitlint setup is properly configured

The commit-msg hook is well-implemented and all required commitlint packages are correctly installed as dev dependencies:

• @commitlint/cli (^19.6.0)
• @commitlint/config-conventional (^19.6.0)
• @commitlint/types (^19.5.0)

The .commitlintrc.ts configuration extends the conventional commit standard with custom rules for line length limits.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if commitlint and its configuration are properly set up
if [ -f "package.json" ]; then
    echo "Checking commitlint dependencies..."
    cat package.json | jq '.dependencies["@commitlint/cli"], .devDependencies["@commitlint/cli"]'
    
    echo "Checking for commitlint config..."
    fd -e js -e json -e yml -e yaml -e ts "commitlint" --exec cat
fi

Length of output: 356

---

Script:

#!/bin/bash
# Check for commitlint config in common locations and package.json config
echo "Checking package.json for commitlint config..."
cat package.json | jq '.commitlint'

echo -e "\nChecking for commitlint config files..."
fd '(commitlint|.commitlintrc)' --hidden --no-ignore

echo -e "\nChecking for extends in package.json..."
cat package.json | jq '.dependencies["@commitlint/config-conventional"], .devDependencies["@commitlint/config-conventional"]'

Length of output: 603

---

Script:

#!/bin/bash
# Check content of .commitlintrc.ts
cat .commitlintrc.ts

echo -e "\nVerifying all required commitlint packages..."
cat package.json | jq '{
  dependencies: [.dependencies | to_entries[] | select(.key | startswith("@commitlint"))],
  devDependencies: [.devDependencies | to_entries[] | select(.key | startswith("@commitlint"))]
}'

Length of output: 899

.releaserc.yml (1)

14-14: Verify release branch strategy.

Using development as the release branch is unusual. Typically, releases are made from main or master branches. Please confirm if this is intentional.

✅ Verification successful

Release branch strategy aligns with repository configuration

The repository is intentionally configured to use development as both the default branch and the release branch. This is evidenced by:

• The default branch is set to development
• Recent releases (v2.0.16 through v2.0.18) have been successfully published
• The semantic-release configuration correctly aligns with this setup

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check current branch setup and recent releases
if [ -f "package.json" ]; then
    echo "Checking default branch..."
    gh repo view --json defaultBranchRef --jq .defaultBranchRef.name
    
    echo "Checking recent releases..."
    gh release list --limit 3
fi

Length of output: 380

package.json (4)

5-18: LGTM! Comprehensive package metadata added

The added metadata fields improve package discoverability and provide essential project information. All URLs are correctly configured.

---

23-29: LGTM! Proper TypeScript distribution configuration

The files array and entry points are correctly configured for both ESM and CommonJS consumption.

---

68-70: Verify security implications of package overrides

The overrides section typically indicates security fixes. Let's verify these versions address known vulnerabilities.

✅ Verification successful

Package overrides address known security vulnerabilities

The specified overrides are appropriate security measures:

• cross-spawn@^7.0.4: Overriding to version 7.0.4 or higher is secure as it's below the vulnerable range (7.0.0 to <7.0.5) identified in the latest ReDoS vulnerability from November 2024
• tough-cookie@^4.1.3: This version requirement matches exactly with the first patched version (4.1.3) that fixes the prototype pollution vulnerability from July 2023

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for security advisories for the overridden packages
for pkg in cross-spawn tough-cookie; do
  echo "Checking advisories for $pkg..."
  gh api graphql -f query='{
    securityVulnerabilities(first: 5, ecosystem: NPM, package: "'$pkg'") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }'
done

Length of output: 2093

---

48-50: LGTM! Proper commit linting setup

The added development dependencies establish a robust commit message and pre-commit checking system.

Let's verify these are the latest stable versions:

Also applies to: 58-59

✅ Verification successful

All dependencies are at their latest stable versions

The verification confirms that all the specified packages in package.json are using their latest stable versions:

• @commitlint/cli: 19.6.0 ✓
• @commitlint/config-conventional: 19.6.0 ✓
• @commitlint/types: 19.5.0 ✓

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check latest versions of added packages
for pkg in @commitlint/cli @commitlint/config-conventional @commitlint/types husky lint-staged; do
  echo "Checking $pkg..."
  npm view $pkg version
done

Length of output: 1031

[coderabbitai]

⚠️ Potential issue

Reconsider postinstall script implementation

The current postinstall script has potential issues:

1. Using npx in postinstall can be problematic as it requires network access
2. Installing the latest version with -S flag during postinstall could break the dependency tree
3. Installing peer dependencies automatically might conflict with user's preferences

Consider these alternatives:

1. Move peer dependencies to peerDependencies field
2. Document the required peer dependencies in README
3. If automation is necessary, use a separate script that users can run manually:

-"postinstall": "npx install-peerdeps @wfcd/eslint-config@latest -S",
+"setup-peers": "npx install-peerdeps @wfcd/eslint-config@latest -S",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"postinstall": "npx install-peerdeps @wfcd/eslint-config@latest -S",
	"setup-peers": "npx install-peerdeps @wfcd/eslint-config@latest -S",

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 7d06b9e and 6f577e3.

📒 Files selected for processing (2)

• .github/workflows/release.yml (1 hunks)
• .github/workflows/static.yml (2 hunks)

🔇 Additional comments (2)

.github/workflows/static.yml (2)

12-13: Verify the necessity of full history fetch

Setting fetch-depth: 0 fetches the complete repository history. While this is required for commitlint to work correctly, it increases workflow execution time and resource usage.

Consider using a shallow clone with a limited depth that covers your PR scope to optimize the workflow:

-  fetch-depth: 0
+  fetch-depth: 100  # Adjust based on your typical PR size

---

22-23: LGTM: Commitlint validation is properly configured

The commitlint step is well configured:

• Correctly uses PR's base and head SHAs for validation range
• Includes verbose flag for better debugging
• Runs after dependency installation

[coderabbitai]

🛠️ Refactor suggestion

Consider validating all new commits instead of just the last one

The current configuration with --last only validates the most recent commit. In case of multiple commits being pushed, intermediate commits might bypass validation.

Consider validating all new commits:

-  run: npx commitlint --last --verbose
+  run: npx commitlint --from HEAD~$(git rev-list --count HEAD ^origin/development) --to HEAD --verbose

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Validate with commitlint
	run: npx commitlint --last --verbose
	- name: Validate with commitlint
	run: npx commitlint --from HEAD~$(git rev-list --count HEAD ^origin/development) --to HEAD --verbose