fix(npm): warn on old bun and pnpm for install_before#9232
Merged
Conversation
Contributor
Greptile SummaryAdds advisory warnings for Confidence Score: 5/5Safe to merge — no correctness or data-integrity issues found in the new warning logic or refactored semver helpers. All new code paths are well-guarded: version detection gracefully falls back when a semver string is unavailable, the semver helpers are thoroughly tested, and the warning is purely advisory so it cannot break existing behaviour. The one P2 note (flag still forwarded when version is too old) reflects a design choice rather than a defect. No files require special attention. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[install_version_ called with before_date] --> B{package_manager?}
B -->|npm| C[release_age_package_manager_requirement → None]
C --> D[skip version warning]
B -->|bun / pnpm| E[release_age_package_manager_requirement → tool, min_version, flag]
E --> F{toolset_package_manager_version in ctx.ts?}
F -->|found semver| G[use resolved/requested version]
F -->|not found| H{dependency_toolset available?}
H -->|yes| I{toolset_package_manager_version in dep_ts?}
I -->|found semver| G
I -->|not found| J[skip warning — version unknown]
H -->|error| J
G --> K{version < min_version?}
K -->|yes| L[warn! with upgrade hint]
K -->|no| M[no warning]
L --> N[build_transitive_release_age_args — flag still forwarded]
M --> N
D --> O[build_npm_release_age_args]
Reviews (2): Last reviewed commit: "fix(npm): warn on old bun and pnpm for i..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request adds a warning mechanism to the npm backend to notify users if their version of Bun or Pnpm is too old to support the install_before feature. It includes new logic for parsing and comparing semver versions. A review comment points out that the semver_triplet function does not handle partial version strings (e.g., "1.3"), which would cause the warning to be skipped, and suggests simplifying the approach by documenting minimum requirements instead.
risu729
force-pushed
the
codex/npm-install-before-pm-warning
branch
from
0cb720a to
7725352
Compare
jdx
pushed a commit
that referenced
this pull request
Apr 18, 2026
### 🐛 Bug Fixes - **(backend)** respect install_before in latest lookup by @risu729 in [#9193](#9193) - **(backend)** route explicit latest through stable lookup by @risu729 in [#9228](#9228) - **(backends)** deprecate b shorthand by @risu729 in [#9234](#9234) - **(config)** warn for deprecated env keys by @risu729 in [#9205](#9205) - **(config)** treat enable_tools empty as disable-all by @risu729 in [#9108](#9108) - **(github)** avoid auth on release asset downloads by @risu729 in [#9060](#9060) - **(gitlab)** warn when glab OAuth2 token is expired by @stanhu in [#9195](#9195) - **(npm)** honor install_before without day drift by @risu729 in [#9157](#9157) - **(npm)** warn on old bun and pnpm for install_before by @risu729 in [#9232](#9232) - **(pipx)** honor install_before for uv and pipx installs by @risu729 in [#9190](#9190) - **(registry)** allow shfmt on Windows by @zeitlinger in [#9191](#9191) ### 🚜 Refactor - **(backend)** remove unused rolling release helper by @risu729 in [#9175](#9175) - **(backend)** use file util for removals by @risu729 in [#9206](#9206) ### 📚 Documentation - **(config)** clarify always_keep_download behavior by @risu729 in [#9235](#9235) - **(configuration)** add rust to idiomatic version files by @jjt in [#9233](#9233) - **(contributing)** expand contribution guide introduction by @marianwolf in [#9208](#9208) - **(github)** document multiple release assets workaround by @risu729 in [#9236](#9236) ### 📦️ Dependency Updates - update actions/setup-node action to v6 by @renovate[bot] in [#9183](#9183) - update dependency @types/node to v25 by @renovate[bot] in [#9187](#9187) - update crazy-max/ghaction-import-gpg action to v7 by @renovate[bot] in [#9186](#9186) - update actions/cache action to v5 by @renovate[bot] in [#9181](#9181) - update amannn/action-semantic-pull-request action to v6 by @renovate[bot] in [#9184](#9184) - update apple-actions/import-codesign-certs action to v6 by @renovate[bot] in [#9185](#9185) - update dependency eslint to v10 by @renovate[bot] in [#9200](#9200) - update dependency toml to v4 by @renovate[bot] in [#9201](#9201) - update rust crate reqwest to 0.13 by @renovate[bot] in [#9171](#9171) - update ghcr.io/jdx/mise:deb docker digest to 523d826 by @renovate[bot] in [#9198](#9198) - update ghcr.io/jdx/mise:alpine docker digest to 05617e0 by @renovate[bot] in [#9196](#9196) - update ghcr.io/jdx/mise:rpm docker digest to c1992f9 by @renovate[bot] in [#9199](#9199) - update ghcr.io/jdx/mise:copr docker digest to 90db6cd by @renovate[bot] in [#9197](#9197) - update taiki-e/install-action digest to 58e8625 by @renovate[bot] in [#9209](#9209) - update fedora docker tag to v45 by @renovate[bot] in [#9213](#9213) - update docker/setup-buildx-action action to v4 by @renovate[bot] in [#9212](#9212) - update docker/metadata-action action to v6 by @renovate[bot] in [#9211](#9211) - update docker/login-action action to v4 by @renovate[bot] in [#9210](#9210) - update dependency typescript to v6 by @renovate[bot] in [#9202](#9202) - update docker/build-push-action action to v7 by @renovate[bot] in [#9203](#9203) - update github artifact actions (major) by @renovate[bot] in [#9215](#9215) - update rust crate duct to v1 by @renovate[bot] in [#9220](#9220) - update rust crate demand to v2 by @renovate[bot] in [#9219](#9219) - update rust crate clx to v2 by @renovate[bot] in [#9218](#9218) - update nick-fields/retry action to v4 by @renovate[bot] in [#9217](#9217) - update jdx/mise-action action to v4 by @renovate[bot] in [#9216](#9216) - update rust crate self_update to 0.44 by @renovate[bot] in [#9174](#9174) - migrate eslint config to flat format for v10 compat by @jdx in [#9222](#9222) - update actions/checkout action to v6 by @renovate[bot] in [#9182](#9182) - update rust crate toml to v1 by @renovate[bot] in [#9225](#9225) - update rust crate versions to v7 by @renovate[bot] in [#9226](#9226) - update rust crate which to v8 by @renovate[bot] in [#9227](#9227) - update rust crate rmcp to v1 by @renovate[bot] in [#9221](#9221) ### 📦 Registry - add sheldon by @3w36zj6 in [#9104](#9104) - add pocketbase by @ranfdev in [#9123](#9123) - add worktrunk ([aqua:max-sixty/worktrunk, cargo:worktrunk](https://github.com/max-sixty/worktrunk, cargo:worktrunk))#1 by @edouardr in [#8796](#8796) - add dependency-check ([aqua:dependency-check/DependencyCheck](https://github.com/dependency-check/DependencyCheck)) by @kapitoshka438 in [#9204](#9204) - add janet by @ranfdev in [#9241](#9241) ### New Contributors - @ranfdev made their first contribution in [#9241](#9241) - @jjt made their first contribution in [#9233](#9233) - @marianwolf made their first contribution in [#9208](#9208) - @edouardr made their first contribution in [#8796](#8796) ## 📦 Aqua Registry Updates #### New Packages (3) - [`LargeModGames/spotatui`](https://github.com/LargeModGames/spotatui) - [`android-sms-gateway/cli`](https://github.com/android-sms-gateway/cli) - [`velero-io/velero`](https://github.com/velero-io/velero) #### Updated Packages (1) - [`skim-rs/skim`](https://github.com/skim-rs/skim)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Tests
This PR was generated by an AI coding assistant.