Skip to content

fix(migrate): support guarded package installs#2185

Closed
wan9chi wants to merge 2 commits into
mainfrom
fix/preview-install-policies
Closed

fix(migrate): support guarded package installs#2185
wan9chi wants to merge 2 commits into
mainfrom
fix/preview-install-policies

Conversation

@wan9chi

@wan9chi wan9chi commented Jul 16, 2026

Copy link
Copy Markdown
Member

Summary

  • add exact pnpm trust-policy exclusions for preview Vite+ packages, including native platform artifacts, and remove them for stable releases
  • preserve npm and Bun minimum-release-age policies while exempting only Vite+-managed packages
  • temporarily relax the npm age gate only for the migration child install when pinned npm versions predate package exclusions

Validation

  • pnpm -F vite-plus exec vitest run src/utils src/migration (552 tests)
  • vp check
  • just snapshot-test migration (133 passed concurrently; every stale-build or registry-timeout case passed when rerun in isolation)
  • clean preview install verification for oxc-walker, vitepress-plugin-group-icons, pdfme, and zerobyte
  • single-version vp why verification for Vite+ core, vite-plus, and Vitest in all four projects

@netlify

netlify Bot commented Jul 16, 2026

Copy link
Copy Markdown

Deploy Preview for viteplus-preview canceled.

Name Link
🔨 Latest commit 58f1da6
🔍 Latest deploy log https://app.netlify.com/projects/viteplus-preview/deploys/6a583aba29881600077f5003

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 734bffb2de

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

'@vitest/web-worker',
'@vitest/ws-client',
] as const;
const MANAGED_AGE_GATE_EXCLUDES = [...PREVIEW_TRUST_PACKAGES, ...MANAGED_VITEST_PACKAGES];

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include direct CLI tool deps in age-gate excludes

With npm or Bun age gates, this combined list is the complete set of package-name exclusions written before vp install. It covers Vite+/native packages and Vitest, but omits direct toolchain dependencies that the published vite-plus package installs (oxfmt, oxlint, oxlint-tsgolint, @oxlint/plugins, @oxc-project/types; see packages/cli/package.json:361-377), while the existing pnpm age-gate code already treats the ox family as Vite+-managed (packages/cli/src/migration/migrator/catalog.ts:62-72). If one of those exact bundled versions is still younger than the user's npm/Bun release-age gate, migrate/create installs will still be rejected despite this reconciliation.

Useful? React with 👍 / 👎.

const body = excludesMatch[2];
const trailingWhitespace = body.match(/\s*$/)?.[0] ?? '';
const content = body.slice(0, body.length - trailingWhitespace.length);
const separator = content.trim().length === 0 ? '' : content.trimEnd().endsWith(',') ? '' : ',';

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve commas before appending to commented TOML arrays

For Bun projects whose existing minimumReleaseAgeExcludes is a multiline array with an inline comment on the last item and no trailing comma, for example "@demo/*" # keep local, this computes a comma but appends it after the comment text. TOML treats that comma as part of the comment, so the next inserted package is not comma-separated and the rewritten bunfig.toml becomes invalid; insert the separator before any inline comment or parse the TOML instead of splicing the string.

Useful? React with 👍 / 👎.

@wan9chi wan9chi closed this Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant