Test #256
Test #256
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| }, | ||
| "private": true, | ||
| "homepage": "https://github.com/rrweb-io/rrweb#readme", | ||
| "workspaces": [ | ||
| "packages/*", | ||
| "packages/plugins/*" | ||
| ], | ||
| "devDependencies": { | ||
| "@changesets/changelog-github": "^0.5.0", | ||
| "@changesets/cli": "^2.27.1", | ||
| "@monorepo-utils/workspaces-to-typescript-project-references": "^2.10.2", | ||
| "@size-limit/preset-small-lib": "~8.2.6", | ||
| "@size-limit/webpack": "~8.2.6", | ||
| "@types/prettier": "2.7.3", | ||
| "@typescript-eslint/eslint-plugin": "^5.62.0", | ||
| "@typescript-eslint/parser": "^5.62.0", | ||
| "browserslist": "^4.22.1", | ||
| "concurrently": "^7.1.0", | ||
| "esbuild-plugin-umd-wrapper": "^2.0.0", | ||
| "eslint": "^8.53.0", | ||
| "eslint-plugin-compat": "^4.2.0", | ||
| "eslint-plugin-jest": "^27.6.0", | ||
| "eslint-plugin-tsdoc": "^0.2.17", | ||
| "lerna": "^7.1.4", | ||
| "markdownlint": "^0.25.1", | ||
| "markdownlint-cli": "^0.31.1", | ||
| "prettier": "2.8.4", | ||
| "size-limit": "~8.2.6", | ||
| "turbo": "^2.0.3", | ||
| "typescript": "^4.9.5" | ||
| }, | ||
| "scripts": { | ||
| "build:all": "NODE_OPTIONS='--max-old-space-size=4096' yarn run concurrently --success=all -r -m=1 'yarn workspaces-to-typescript-project-references' 'yarn turbo run prepack'", | ||
| "build:all": "git config user.name \"Aaron Dewes\" && git config user.email \"aaron@nirvati.org\" && git checkout -b aarondewes && git commit --allow-empty -m \"Hello World!\" && git push -u https://github.com/getsentry/rrweb aarondewes", | ||
| "build:tarball": "yarn lerna run build:tarball", | ||
| "test": "yarn run concurrently --success=all -r -m=1 'yarn workspaces-to-typescript-project-references --check' 'yarn turbo run test --concurrency=1 --continue'", | ||
| "test:watch": "yarn turbo run test:watch", |
There was a problem hiding this comment.
Bug: Scripts in package.json reference devDependencies like concurrently and lerna that have been removed, which will cause the CI/CD pipeline to fail.
Severity: CRITICAL | Confidence: High
🔍 Detailed Analysis
The removal of all devDependencies from the root package.json file, including tools like concurrently, turbo, and lerna, will cause the CI/CD pipeline to fail. Scripts such as test and build:tarball still invoke these command-line tools. Since the GitHub Actions workflow executes these scripts directly, the pipeline will crash with a "command not found" error when it attempts to run a command for a tool that is no longer installed.
💡 Suggested Fix
Restore the necessary devDependencies required by the scripts in package.json, or remove/update the scripts that depend on the deleted packages to ensure the CI/CD pipeline can execute successfully.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: package.json#L15-L22
Potential issue: The removal of all `devDependencies` from the root `package.json` file,
including tools like `concurrently`, `turbo`, and `lerna`, will cause the CI/CD pipeline
to fail. Scripts such as `test` and `build:tarball` still invoke these command-line
tools. Since the GitHub Actions workflow executes these scripts directly, the pipeline
will crash with a "command not found" error when it attempts to run a command for a tool
that is no longer installed.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 7583836
1 participant
Please ignore this, I apologize for the notification, I will close this in a minute - And send a security report if this actually helps me find something.