chore: test on Node.js v20 #925
Conversation
Summary of ChangesHello @fengmk2, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request primarily focuses on improving the project's code quality checks by enabling type checking within the Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughRemoved a greetings GitHub Actions workflow, expanded the Node.js CI matrix to include Node 20, added Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Possibly related PRs
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request updates the lint script in package.json to include the --type-check flag for oxlint, which adds type checking to the linting process. This is a good enhancement for code quality. However, the pull request title, 'test: test on Node.js v20', seems unrelated to this change. My main feedback concerns the inconsistency this creates with the lint-staged configuration, which could cause commits to pass pre-commit hooks but fail in CI. Please see the detailed comment for more information.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #925 +/- ##
==========================================
- Coverage 95.37% 95.26% -0.12%
==========================================
Files 197 197
Lines 22139 22139
Branches 2432 2441 +9
==========================================
- Hits 21116 21091 -25
- Misses 1023 1048 +25 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
package.json (1)
163-171: Consider aligning lint-staged config with the enhanced lint script (optional).The lint-staged configuration (line 169) still uses
oxlint --type-aware --fixwithout--type-check, whereas the main lint script now includes it. This discrepancy is likely intentional—pre-commit hooks typically avoid expensive type checking to keep feedback loops fast. However, if you want consistent behavior, you could add--type-checkhere as well, accepting the trade-off of slower pre-commit checks.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
.github/workflows/greetings.yml(0 hunks).github/workflows/nodejs.yml(3 hunks)package.json(1 hunks)
💤 Files with no reviewable changes (1)
- .github/workflows/greetings.yml
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Run `npm run typecheck` to verify TypeScript compilation without build
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Run `npm run lint:fix` before committing to fix all linting issues
Applied to files:
package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (19)
- GitHub Check: test on mysql (node@22, shard@0/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@22, shard@1/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@22, shard@0/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@24, shard@1/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@20, shard@0/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@22, shard@2/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@24, shard@2/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@22, shard@1/3, enableJSONBuilder@false)
- GitHub Check: test on postgresql (node@22, shard@2/3)
- GitHub Check: test on postgresql (node@22, shard@1/3)
- GitHub Check: test on postgresql (node@22, shard@0/3)
- GitHub Check: test on postgresql (node@20, shard@2/3)
- GitHub Check: test on postgresql (node@24, shard@1/3)
- GitHub Check: test on postgresql (node@24, shard@2/3)
- GitHub Check: test on postgresql (node@24, shard@0/3)
- GitHub Check: test on postgresql (node@20, shard@0/3)
- GitHub Check: test on postgresql (node@20, shard@1/3)
- GitHub Check: test-deployment
- GitHub Check: build-and-push-image
🔇 Additional comments (2)
.github/workflows/nodejs.yml (1)
122-122: ✅ Node.js v20 CI matrix expansion aligns with supported versions.Adding Node 20 to the test matrix is well-motivated: the package.json engines field (line 161 of package.json) already declares support for
^20.18.0 || ^22.18.0 || ^24.11.0. This change ensures CI coverage for all officially supported Node versions, fulfilling the PR objective to test on Node.js v20.Also applies to: 218-218, 278-278
package.json (1)
42-42: Lint script enhancement strengthens type checking.Adding
--type-checkto the lint script ensures type checking is performed during linting runs, complementing the separatenpm run typecheckstep used in CI. oxlint version 1.30.0+ supports this experimental flag when used with--type-aware, which is already present in your command.
There was a problem hiding this comment.
Pull request overview
This PR adds Node.js v20 to the CI test matrix and makes related configuration updates. The changes align with the project's existing engines requirement which already specifies ^20.18.0 as a supported version.
Key changes:
- Added Node.js 20 to all three test job matrices in GitHub Actions CI (MySQL, PostgreSQL, and Elasticsearch tests)
- Enhanced the oxlint command with
--type-checkflag for stricter type checking - Removed the greetings workflow that provided automated welcome messages to first-time contributors
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
.github/workflows/nodejs.yml |
Added Node.js 20 to the test matrix for all three database test jobs (MySQL, PostgreSQL, Elasticsearch), expanding test coverage to include [20, 22, 24] |
package.json |
Enhanced lint command with --type-check flag to enable stricter type checking alongside --type-aware |
.github/workflows/greetings.yml |
Removed the entire greetings workflow that provided automated welcome messages to new contributors |
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
package.json(5 hunks)
🧰 Additional context used
🧠 Learnings (10)
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Run `npm run lint:fix` before committing to fix all linting issues
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Run `npm run typecheck` to verify TypeScript compilation without build
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Warn on console usage (from Oxlint configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Disallow anonymous default exports (from Oxlint configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Maximum of 6 function parameters (from Oxlint configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Maintain 120 character line width maximum (from Prettier configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Use single quotes in JavaScript/TypeScript code (from Prettier configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Use 2-space indentation (from Prettier configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Use trailing commas in ES5 syntax (from Prettier configuration)
Applied to files:
package.json
📚 Learning: 2025-11-29T15:42:37.586Z
Learnt from: CR
Repo: cnpm/cnpmcore PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-11-29T15:42:37.586Z
Learning: Applies to **/*.{js,ts,tsx,jsx} : Use ES modules (`import/export`) syntax throughout
Applied to files:
package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)
- GitHub Check: test on mysql (node@20, shard@1/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@20, shard@2/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@22, shard@2/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@20, shard@0/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@22, shard@1/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@24, shard@1/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@24, shard@2/3, enableJSONBuilder@true)
- GitHub Check: test on mysql (node@22, shard@0/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@24, shard@1/3, enableJSONBuilder@false)
- GitHub Check: test on mysql (node@20, shard@0/3, enableJSONBuilder@true)
- GitHub Check: test on postgresql (node@22, shard@1/3)
- GitHub Check: test on postgresql (node@20, shard@0/3)
- GitHub Check: test on postgresql (node@24, shard@0/3)
- GitHub Check: test on postgresql (node@22, shard@0/3)
- GitHub Check: test on postgresql (node@22, shard@2/3)
- GitHub Check: test on postgresql (node@20, shard@2/3)
- GitHub Check: test on postgresql (node@24, shard@2/3)
- GitHub Check: test on postgresql (node@20, shard@1/3)
- GitHub Check: test on postgresql (node@24, shard@1/3)
- GitHub Check: build-and-push-image
🔇 Additional comments (1)
package.json (1)
42-42: Good fix: lint and lint-staged consistency is now resolved.Both the
lintscript (line 42) andlint-stagedcommand (line 169) now include the--type-checkflag, addressing the inconsistency flagged in the prior review. This ensures code passes the pre-commit hook and CI consistently.The
--type-checkflag in oxlint is experimental (currently in alpha as of December 2025) but offers significant performance improvements—benchmarks show ~10× speedup compared to ESLint + typescript-eslint. Be aware that type-aware linting can increase memory usage on very large codebases.Also applies to: 169-169
| ], | ||
| "dependencies": { | ||
| "@cnpmjs/packument": "^1.5.0", | ||
| "@cnpmjs/packument": "^1.6.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat package.jsonRepository: cnpm/cnpmcore
Length of output: 5440
🌐 Web query:
ua-parser-js 2.0.7 security vulnerabilities CVE
💡 Result:
Short answer: No public CVE directly names ua-parser-js v2.0.7 as vulnerable. The published CVEs affect older 0.x/1.x ranges (ReDoS and the 2021 malicious-publish incident); v2.0.7 is listed as the current/latest release and Snyk/NPM show no known security issues for 2.0.7. [1][2][3][4]
Details & references:
- CVE-2021-27292 (ReDoS) — affected >=0.7.14 and fixed in 0.7.24. [1]
- GHSA-pjwm-rvh2-c87w (malicious/embedded malware) — affected exact published versions 0.7.29, 0.8.0, 1.0.0; patched in 0.7.30/0.8.1/1.0.1. [2]
- CVE-2022-25927 (ReDoS) — affected 0.7.30–<0.7.33 and equivalent 0.x/1.x ranges; patched in 0.7.33/1.0.33. [3]
- Snyk / npm package pages show latest version 2.0.7 and indicate no known direct security issues for that version. [4]
Recommendation: If you rely on ua-parser-js, ensure you’re using v2.0.7 (or later) and run dependency scans; if you have older 0.7.x / 0.8.x / 1.0.x installs, upgrade to the corresponding patched releases listed above.
Sources:
- NVD — CVE-2021-27292. [NVD]. [turn0search1]
- GitHub Advisory — GHSA-pjwm-rvh2-c87w (embedded malware). [turn2search2]
- GitHub Advisory / CVE-2022-25927 (ReDoS). [turn2search0]
- Snyk / npm package info showing latest = 2.0.7 and no known issues. [turn1search1]
🌐 Web query:
@types/node 22.19.2 Node.js 20 compatibility
💡 Result:
Short answer: use the matching major — @types/[email protected] targets Node.js 22 APIs, so for Node.js 20 you should stick to @types/[email protected] to avoid typing for newer Node 22 APIs. [1][2][3]
Sources:
- @types/node release list (shows 22.19.2 exists). [1]
- DefinitelyTyped discussion recommending aligning @types/node major with your Node runtime. [2]
- TypeScript Node target mapping / guidance about Node targets. [3]
References:
[1] Release listing for @types/node.
[2] DefinitelyTyped discussion: "How to automatically install the correct version for the current Node.js environment."
[3] Microsoft/TypeScript Node Target Mapping (Node 20 / Node 22 guidance).
🏁 Script executed:
#!/bin/bash
# Check npm registry data for these packages to verify versions and any known issues
npm view [email protected] --json 2>/dev/null | jq '{version: .version, deprecated: .deprecated, engines: .engines}' || echo "ua-parser-js check failed"
echo "---"
npm view @types/[email protected] --json 2>/dev/null | jq '{version: .version, deprecated: .deprecated}' || echo "@types/node check failed"
echo "---"
npm view @types/[email protected] --json 2>/dev/null | jq '{version: .version, deprecated: .deprecated}' || echo "@types/pg check failed"Repository: cnpm/cnpmcore
Length of output: 244
🌐 Web query:
@types/node 20 Node.js 20 compatibility which version
💡 Result:
Use the @types/node 20.x line (e.g. @types/node@20 or the latest 20.* release). Example install: npm i -D @types/[email protected]. [1][2]
Sources:
[1] npm @types/node package (20.x releases).
[2] DefinitelyTyped types/node v20 (type declarations for Node.js 20).
🏁 Script executed:
#!/bin/bash
# Check if there are any type-checking errors or if the setup is intentional
# Look for any Node version targeting in tsconfig
if [ -f tsconfig.json ]; then
echo "=== tsconfig.json (first 50 lines) ==="
head -50 tsconfig.json
echo ""
fi
if [ -f tsconfig.prod.json ]; then
echo "=== tsconfig.prod.json (first 50 lines) ==="
head -50 tsconfig.prod.json
fiRepository: cnpm/cnpmcore
Length of output: 688
Fix @types/node version to match Node 20 support.
The project declares Node 20 support in engines but uses @types/[email protected], which provides type definitions for Node.js 22 APIs, not Node 20. This creates a type mismatch: TypeScript will provide incorrect type information for Node 20-specific APIs and may report false type errors.
For Node 20 compatibility, use @types/[email protected] instead (e.g., @types/[email protected] or the latest 20.* release).
The other updated dependencies are compatible:
- [email protected]: No known security vulnerabilities; historical CVEs only affected 0.x/1.x versions.
- @types/[email protected]: Current stable version, no issues.
- Dev tools (oxlint, prettier): Versions are compatible.
🤖 Prompt for AI Agents
In package.json around line 87, the project currently depends on
@types/[email protected] which targets Node 22 and conflicts with the declared Node
20 engines; change the @types/node entry to a Node 20.x release (for example
"20.19.0" or the latest 20.*), update package-lock.json/Yarn lock by running npm
install or yarn install, and re-run the TypeScript build/CI to verify no type
regressions; if tsconfig.json pins specific lib/typeRoots that assume Node 22,
adjust them to be compatible with Node 20 types.
[skip ci] ## 4.16.0 (2025-12-13) * feat: limit tgz file size through configuration (#926) ([a631fad](a631fad)), closes [#926](#926) [hi#level](https://github.com/hi/issues/level) * chore: test on Node.js v20 (#925) ([deb3748](deb3748)), closes [#925](#925) [hi#level](https://github.com/hi/issues/level)
|
🎉 This PR is included in version 4.16.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
https://github.com/eggjs/egg/releases/tag/v4.1.0-beta.35
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.