fix: prevent auto-update from downgrading prerelease/dist-tag versions #615
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The auto-update checker was incorrectly updating pinned prerelease versions (e.g., 3.0.0-beta.1) and dist-tags (e.g., @beta) to the stable latest version from npm, effectively downgrading users who opted into beta. Added isPrereleaseOrDistTag() check that skips auto-update when: - Version contains '-' (prerelease like 3.0.0-beta.1) - Version is a dist-tag (non-semver like beta, next, canary) Fixes code-yeongyu#613
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
junhoyeo
requested changes
Jan 9, 2026
Collaborator
junhoyeo
left a comment
junhoyeo
left a comment
There was a problem hiding this comment.
Could we export isPrereleaseVersion, isDistTag, and isPrereleaseOrDistTag from index.ts (or perhaps a dedicated versioning.ts module) and import them in the tests? This would avoid duplicating the logic and ensure we have a single source of truth.
Address review feedback: export isPrereleaseVersion, isDistTag, and isPrereleaseOrDistTag from index.ts and import them in tests instead of duplicating the logic.
Contributor
Author
|
Done! Exported the functions from |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Confidence score: 3/5
- Tests in
src/hooks/auto-update-checker/index.test.tsreimplementisPrereleaseVersion/isDistTaghelpers, so they never exercise the real implementations and give false confidence if those helpers change. - Because the most relevant behaviors are effectively untested, regressions in the actual auto-update logic could slip through, so merge carries moderate risk.
- Pay close attention to
src/hooks/auto-update-checker/index.test.ts– ensure tests invoke the real helper functions instead of duplicates.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/hooks/auto-update-checker/index.test.ts">
<violation number="1" location="src/hooks/auto-update-checker/index.test.ts:3">
P1: Tests are validating duplicated helper functions instead of the actual implementation. The functions `isPrereleaseVersion`, `isDistTag`, and `isPrereleaseOrDistTag` are redefined locally in this test file rather than imported from `index.ts`. This means these tests don't verify the production code at all - if the implementation changes or has bugs, these tests will still pass.
Consider either:
1. Export these functions from `index.ts` and import them here
2. Test the exported `createAutoUpdateCheckerHook` behavior that uses these internal functions
3. Use a testing pattern that exposes internals for testing (e.g., a `__test__` export)</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
1 issue found across 2 files
Confidence score: 4/5
- Only concern is the misleading test in
src/hooks/auto-update-checker/index.test.ts; the name says it should return false while the assertion expects true, which can mislead future maintainers aboutisDistTag("latest")behavior. - Risk is limited to developer confusion rather than runtime impact, so the change overall still appears safe to merge.
- Pay close attention to
src/hooks/auto-update-checker/index.test.ts- test name/expectation mismatch may hide future regressions.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/hooks/auto-update-checker/index.test.ts">
<violation number="1" location="src/hooks/auto-update-checker/index.test.ts:96">
P2: Test name says "returns false" but assertion expects `true`. This misleading test name can confuse developers about the expected behavior of `isDistTag("latest")`.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| expect(result).toBe(false) | ||
| }) | ||
|
|
||
| test("returns false for latest (handled separately)", () => { |
There was a problem hiding this comment.
P2: Test name says "returns false" but assertion expects true. This misleading test name can confuse developers about the expected behavior of isDistTag("latest").
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/hooks/auto-update-checker/index.test.ts, line 96:
<comment>Test name says "returns false" but assertion expects `true`. This misleading test name can confuse developers about the expected behavior of `isDistTag("latest")`.</comment>
<file context>
@@ -0,0 +1,153 @@
+ expect(result).toBe(false)
+ })
+
+ test("returns false for latest (handled separately)", () => {
+ // #given latest tag
+ const version = "latest"
</file context>
Suggested change
| test("returns false for latest (handled separately)", () => { | |
| test("returns true for latest (handled separately)", () => { |
kdcokenny
pushed a commit
that referenced
this pull request
Jan 13, 2026
#615) * fix: prevent auto-update from downgrading prerelease/dist-tag versions The auto-update checker was incorrectly updating pinned prerelease versions (e.g., 3.0.0-beta.1) and dist-tags (e.g., @beta) to the stable latest version from npm, effectively downgrading users who opted into beta. Added isPrereleaseOrDistTag() check that skips auto-update when: - Version contains '-' (prerelease like 3.0.0-beta.1) - Version is a dist-tag (non-semver like beta, next, canary) Fixes #613 * refactor: export version helpers and import in tests Address review feedback: export isPrereleaseVersion, isDistTag, and isPrereleaseOrDistTag from index.ts and import them in tests instead of duplicating the logic.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Problem
When a user pins oh-my-opencode to a beta version (e.g.,
[email protected]or@beta), the auto-update checker would "update" it to the stablelatestversion from npm (e.g.,2.14.0), effectively downgrading their installation.Solution
Added
isPrereleaseOrDistTag()check that skips auto-update when the pinned version:-(prerelease like3.0.0-beta.1,1.0.0-alpha,2.0.0-rc.1)beta,next,canary)Changes
src/hooks/auto-update-checker/index.ts: Added helper functions and guard in update logicsrc/hooks/auto-update-checker/index.test.ts: Added 13 tests covering the new logicFixes #613
Summary by cubic
Prevent auto-update from downgrading pinned prerelease or dist-tag installs; users on beta/alpha/rc or dist-tags stay on their chosen channel. Fixes #613.
Written for commit a145be4. Summary will update on new commits.