templates(web-apps/next-auth-ts): updated robo dependencies #458
Conversation
WalkthroughUpdated the Next.js + Auth TypeScript template's package.json to migrate from Robo's authentication system to Prisma with SQLite. Added Prisma adapter, better-sqlite3 driver, and corresponding type definitions. Updated Robo.js dependencies and introduced pnpm dependency overrides for better-sqlite3 version consistency. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
templates/web-apps/next-auth-ts/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
templates/web-apps/next-auth-ts/package.json(1 hunks)
🔇 Additional comments (2)
templates/web-apps/next-auth-ts/package.json (2)
39-48: Verify Prisma + better-sqlite3 integration and version compatibility.The migration to Prisma with SQLite adapter introduces several new dependencies. Please verify:
- Prisma v7.0.0 and @prisma/adapter-better-sqlite3 v7.0.0 are compatible
- better-sqlite3 v12.4.6 works correctly with the Prisma adapter
- The @auth/prisma-adapter is compatible with your auth flow
Consider running
pnpm installand testing the integration locally to catch any runtime issues.
52-52: LGTM!Type definitions and CLI tooling for the new dependencies are appropriately included. The
@types/better-sqlite3andprismaCLI additions support development workflow well.Also applies to: 59-59
| "pnpm": { | ||
| "overrides": { | ||
| "@prisma/adapter-better-sqlite3>better-sqlite3": "^12.4.6", | ||
| "better-sqlite3": "^12.4.6" | ||
| } | ||
| }, |
There was a problem hiding this comment.
Fix indentation in pnpm overrides block.
The pnpm.overrides block uses spaces for indentation while the rest of the file uses tabs, creating inconsistency. Please align the formatting with the file's tab-based convention.
Apply this diff to fix the indentation:
- "pnpm": {
- "overrides": {
- "@prisma/adapter-better-sqlite3>better-sqlite3": "^12.4.6",
- "better-sqlite3": "^12.4.6"
- }
+ "pnpm": {
+ "overrides": {
+ "@prisma/adapter-better-sqlite3>better-sqlite3": "^12.4.6",
+ "better-sqlite3": "^12.4.6"
+ }
},📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "pnpm": { | |
| "overrides": { | |
| "@prisma/adapter-better-sqlite3>better-sqlite3": "^12.4.6", | |
| "better-sqlite3": "^12.4.6" | |
| } | |
| }, | |
| "pnpm": { | |
| "overrides": { | |
| "@prisma/adapter-better-sqlite3>better-sqlite3": "^12.4.6", | |
| "better-sqlite3": "^12.4.6" | |
| } | |
| }, |
🤖 Prompt for AI Agents
In templates/web-apps/next-auth-ts/package.json around lines 32 to 37, the
pnpm.overrides block is indented with spaces while the rest of the file uses
tabs; change the indentation of the "pnpm", "overrides" and their nested keys to
use tabs to match the file's tab-based convention so the block aligns with
surrounding lines.
| "@robojs/auth": "https://pkg.pr.new/Wave-Play/robo.js/@robojs/auth@3ec5b2a", | ||
| "@robojs/server": "https://pkg.pr.new/Wave-Play/robo.js/@robojs/server@3ec5b2a", |
There was a problem hiding this comment.
🧩 Analysis chain
Replace temporary pkg.pr.new URLs with stable versions before merging.
The dependencies are using pkg.pr.new temporary preview URLs, which are designed for testing pull requests and will break once the source PR is closed or merged. This is problematic for a template that needs to remain functional and reproducible.
For a production-ready template, either:
- Use the stable published versions from npm (if available)
- Ensure these changes are merged to main and reference the stable commits directly
- Document the temporary nature and add a migration plan if this is intentional
Can you clarify the intent of using pkg.pr.new URLs? If these are meant to reference a specific pending PR, ensure the source PR is merged before this template is released.
Also applies to: 48-48
I'll verify the concerns raised in this review comment by examining the file and researching the nature of pkg.pr.new URLs.Now let me examine the actual package.json file to verify the details mentioned:
Let me search the repository to find the file:
Temporary pkg.pr.new URLs will break once packages are removed; unsuitable for stable template.
pkg.pr.new publishes unreleased packages to a temporary npm-compatible registry. pkg.pr.new stays true to its purpose of providing temporary, on-demand preview releases rather than serving as a permanent registry, automatically removing unused or old builds—packages are automatically removed if they haven't been downloaded in over a month, or are older than six months.
Using these temporary URLs in a released template creates a reliability problem:
- When a commit is pushed or pull request created, pkg.pr.new creates an instantly usable version that can be installed from a unique npm compatible URL, allowing users and contributors to test changes before official release. This is appropriate for PR testing but not for distributed templates.
- Once the cleanup policy removes the packages (unused for 1+ month or older than 6 months), users and cloners of this template will encounter installation failures.
Recommendation: Replace these URLs with either stable npm package versions or ensure the source changes are merged to main and reference commits that remain available long-term.
Lines affected: 42-43, 48
🏁 Script executed:
#!/bin/bash
# Examine the package.json file to verify the pkg.pr.new URLs and indentation
cat templates/web-apps/next-auth-ts/package.json | head -60Length of output: 1506
🏁 Script executed:
#!/bin/bash
# Find the package.json file
find . -type f -name "package.json" -path "*next-auth-ts*" 2>/dev/null | head -5Length of output: 46
Replace temporary pkg.pr.new URLs with stable versions before merging.
The @robojs/auth, @robojs/server, and robo.js dependencies reference temporary pkg.pr.new URLs, which will break when packages are automatically removed. pkg.pr.new publishes unreleased packages to a temporary npm-compatible registry, and packages are automatically removed if they haven't been downloaded in over a month, or are older than six months. Using these temporary URLs in a template compromises reproducibility and will cause installation failures for users who clone this template after the packages are removed.
Action required: Replace with either stable npm versions (if available) or ensure the source changes are merged and reference commits that will remain accessible long-term.
Lines affected: 42-43, 48
Automated PR for... Branch: templates/web-apps/next-auth-ts
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.