Conversation
chenjiahan
commented
Mar 14, 2026
chenjiahan
commented
- replace npm commands with pnpm in package.json and CI workflows
- update README with pnpm installation instructions
- remove package-lock.json and add pnpm-lock.yaml to ignore list
- specify packageManager in package.json
- reorder imports in documentation examples
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request completes the migration of the project's package management system from npm to pnpm. The changes encompass updating script commands, documentation, and configuration files to reflect the new package manager, aiming to streamline dependency management and potentially improve performance and disk space usage. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Ignored Files
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request successfully migrates the project from npm to pnpm. The changes to scripts, configurations, and documentation are mostly well-executed. However, there are a few areas that need attention. The security audit script has been removed, which poses a security risk. The prebuild script for cleaning build artifacts has also been removed, potentially leading to stale builds. Lastly, the specified packageManager version in package.json appears to be invalid, which could cause setup issues for other developers.
| ], | ||
| "scripts": { | ||
| "commitlint": "commitlint --from=main", | ||
| "security": "npm audit --production", |
There was a problem hiding this comment.
The security script, which runs npm audit, has been removed. It's important to maintain a script for auditing dependencies for security vulnerabilities. Please add it back using the pnpm equivalent, which is pnpm audit --prod.
| "optional": true | ||
| } | ||
| }, | ||
| "packageManager": "pnpm@10.21.0", |
There was a problem hiding this comment.
The specified pnpm version 10.21.0 does not appear to be a valid, published version. This will likely cause issues for developers using Corepack. Please use a valid and recent version of pnpm that corresponds to lockfile version 9. For example, you could use a recent stable version such as 9.6.0.
"packageManager": "pnpm@9.6.0"| "fix:prettier": "pnpm run lint:prettier -- --write", | ||
| "fix": "npm-run-all -l fix:js fix:prettier", | ||
| "clean": "del-cli dist types", | ||
| "prebuild": "npm run clean", |
There was a problem hiding this comment.
The prebuild script, which cleans the build directories before a new build, has been removed. This is a good practice to prevent issues with stale build artifacts. Please consider adding it back as "prebuild": "pnpm run clean".
There was a problem hiding this comment.
Pull request overview
Migrates the repository’s Node.js tooling from npm to pnpm by updating scripts, CI workflows, and documentation, while aligning ancillary tooling (spelling/ignore lists) to the new lockfile.
Changes:
- Update
package.jsonscripts to usepnpm run, and declarepackageManageras pnpm. - Switch GitHub Actions workflow installs/caching from npm to pnpm.
- Update README install instructions and reorder documentation example imports; update cspell ignore paths/words for pnpm lockfile and project terms.
Reviewed changes
Copilot reviewed 4 out of 6 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| package.json | Replaces npm script invocations with pnpm and declares the pnpm package manager version. |
| README.md | Expands install instructions to include pnpm (and others) and reorders import/require lines in examples. |
| .github/workflows/nodejs.yml | Uses pnpm setup, pnpm caching, and pnpm install/run commands in CI jobs. |
| .cspell.json | Adds project words and ignores pnpm-lock.yaml for spellchecking. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "fix:js": "pnpm run lint:code -- --fix", | ||
| "fix:prettier": "pnpm run lint:prettier -- --write", | ||
| "fix": "npm-run-all -l fix:js fix:prettier", | ||
| "clean": "del-cli dist types", |
| "lint:code": "eslint --cache .", | ||
| "lint:spelling": "cspell --cache --no-must-find-files --quiet \"**/*.*\"", | ||
| "lint:types": "tsc --pretty --noEmit", | ||
| "lint": "npm-run-all -l -p \"lint:**\"", |
| run: if [ -n "$(git status types --porcelain)" ]; then echo "Missing types. Update types by running 'pnpm run build:types'"; exit 1; else echo "All types are valid"; fi | ||
|
|
||
| - name: Validate PR commits with commitlint | ||
| if: github.event_name == 'pull_request' | ||
| run: npx commitlint --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose | ||
| run: pnpm exec commitlint --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose | ||
|
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f6ddc0cfd5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "test:coverage": "pnpm run test:only -- --collectCoverageFrom=\"src/**/*.js\" --coverage", | ||
| "pretest": "pnpm run lint", | ||
| "test": "pnpm run test:coverage", | ||
| "prepare": "husky && pnpm run build", |
There was a problem hiding this comment.
This commit removed the prebuild clean step, but prepare still runs build, so installs/publish builds now execute build:types and build:code without clearing dist/types first. In that state, deleting or renaming source files can leave stale generated artifacts on disk, and those stale files can be shipped because the package publishes dist and types.
Useful? React with 👍 / 👎.
