Reviewing files that changed from the base of the PR and between 16fcea1 and 843c689.

• .yarn/plugins/plugin-prepare-lifecycle.cjs is excluded by !**/.yarn/**
• .yarn/releases/yarn-4.8.1.cjs is excluded by !**/.yarn/**
• packages/pkg/test/__snapshots__/test.spec.ts.snap is excluded by !**/*.snap
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

• .codesandbox/ci.json (1 hunks)
• .eslintrc (0 hunks)
• .gitattributes (1 hunks)
• .github/workflows/autofix.yml (1 hunks)
• .github/workflows/ci.yml (3 hunks)
• .github/workflows/codeql.yml (0 hunks)
• .github/workflows/pkg-pr-new.yml (1 hunks)
• .github/workflows/pkg-size.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/size-limit.yml (1 hunks)
• .gitignore (1 hunks)
• .lintstagedrc.cjs (0 hunks)
• .lintstagedrc.js (1 hunks)
• .npmrc (0 hunks)
• .prettierignore (1 hunks)
• .renovaterc (1 hunks)
• .simple-git-hooks.cjs (0 hunks)
• .simple-git-hooks.js (1 hunks)
• .yarnrc.yml (1 hunks)
• README.md (1 hunks)
• auto-imports.d.ts (0 hunks)
• docs/App.tsx (1 hunks)
• docs/index.tsx (1 hunks)
• docs/package.json (0 hunks)
• docs/tsconfig.json (0 hunks)
• eslint.config.js (1 hunks)
• package.json (2 hunks)
• packages/autocorrect/README.md (1 hunks)
• packages/autocorrect/package.json (2 hunks)
• packages/autocorrect/src/index.ts (1 hunks)
• packages/pkg/package.json (1 hunks)
• packages/pkg/src/index.ts (1 hunks)
• packages/pkg/src/types.ts (1 hunks)
• packages/pkg/test/fixtures/fixture1.json (1 hunks)
• packages/pkg/test/fixtures/fixture2.json (1 hunks)
• packages/pkg/test/test.spec.ts (1 hunks)
• packages/sh/README.md (1 hunks)
• packages/sh/package.json (1 hunks)
• packages/sql/README.md (1 hunks)
• packages/sql/package.json (2 hunks)
• packages/sql/src/index.ts (2 hunks)
• packages/toml/package.json (2 hunks)
• packages/toml/src/options.ts (1 hunks)
• pnpm-workspace.yaml (0 hunks)
• test/global.d.ts (1 hunks)
• test/tsconfig.json (1 hunks)
• tsconfig.base.json (1 hunks)
• vitest.config.ts (1 hunks)

• docs/package.json
• docs/tsconfig.json
• .lintstagedrc.cjs
• pnpm-workspace.yaml
• .simple-git-hooks.cjs
• .eslintrc
• .github/workflows/codeql.yml
• auto-imports.d.ts
• .npmrc

• GitHub Check: Codacy Static Code Analysis

.simple-git-hooks.js (1)

1-1: Clean and Modern Export

The file correctly re-exports the default export from @1stg/simple-git-hooks using ES module syntax. Please ensure that all references to the old .simple-git-hooks.cjs file are updated to use this new file. Also, verify that your project configuration and build tooling are correctly set up to handle ES modules.

.lintstagedrc.js (1)

1-2: Concise and Clear Export Statement

This new lint-staged configuration file correctly re-exports the default export from @1stg/lint-staged/tsc, matching the updated housekeeping objectives. The file is simple and adheres to modern module syntax.

docs/App.tsx (1)

10-10: SCSS to CSS migration looks good.

The change from importing SCSS to CSS files aligns with the housekeeping objective of the PR. This is likely part of the broader dependency updates and build process modernization mentioned in the PR title.

packages/pkg/test/fixtures/fixture2.json (1)

7-7: Author field format standardization looks good.

The author field format has been updated to follow the standard format of "Name (url)" which is consistent with the npm package.json specification.

docs/index.tsx (1)

3-3: Extension in import path is a good practice.

Adding the .js extension to the import statement aligns with ECMAScript Modules (ESM) best practices, where explicit file extensions improve module resolution reliability. This change supports better compatibility with modern JavaScript tooling.

eslint.config.js (1)

1-11: Good adoption of ESLint flat config format.

The introduction of the new flat config format (eslint.config.js) is a positive change that replaces the legacy .eslintrc configuration. This format was introduced in ESLint v8.21.0 and represents the modern approach to ESLint configuration.

The specific rule disabling @eslint-react/jsx-uses-react for TypeScript React files is appropriate for projects using React 17+ where the JSX transform makes importing React unnecessary.

packages/pkg/test/fixtures/fixture1.json (1)

7-7: Author field format standardization looks good.

The author field format has been updated to follow the standard format of "Name (url)" which aligns with the npm package.json specification and ensures consistency across all package files in the repository.

.prettierignore (1)

1-3: Prettier Ignore Adjustments are Consistent with Dependency Migration
The addition of .yarn reflects the move away from pnpm and ensures that Yarn’s local directory is properly ignored. Removing entries like coverage, dist, and pnpm-lock.yaml fits well with the housekeeping objectives.

packages/pkg/package.json (1)

8-8: Standardized Author Field Format
Reformatting the author string to "JounQin <[email protected]> (https://www.1stG.me)" improves consistency across the repository. Ensure this format is uniformly applied in all package manifests.

packages/sh/package.json (1)

8-8: Consistent Author Field Update
The update to the author field to "JounQin <[email protected]> (https://www.1stG.me)" aligns with the changes in other packages. This consistency helps maintain a uniform project identity.

README.md (3)

28-29: Enhanced Visual Cue for Sponsors
Adding the sponsor image link at the top of the sponsors section is a nice touch for visual engagement. Please verify that the image URL and hyperlink render correctly across different devices and platforms.

---

32-34: Reformatted Sponsors Table
The revised table structure for sponsors improves clarity and readability. Confirm that the table aligns as expected in various markdown renderers.

---

38-40: Updated Backers Table for Improved Readability
The backers table appears clear and consistent with the sponsors section. No issues found.

🧰 Tools

🪛 LanguageTool

[style] ~40-~40: Using many exclamation marks might seem excessive (in this case: 16 exclamation marks for a text that’s 5793 characters long)
Context: ...----------------------------------- | | | | [![UnTS Open Collective backers](https://o...

(EN_EXCESSIVE_EXCLAMATION)

tsconfig.base.json (1)

1-5: Modernized TypeScript Configuration
Changing the extends property to "@1stg/tsconfig/node16" simplifies the configuration and likely aligns with updated compiler defaults. The removal of explicit moduleResolution and target settings is acceptable if they are adequately handled by the new base config. Note: The static analysis hints (e.g., "End of file expected") appear to be false positives for TS config files with comments.

🧰 Tools

🪛 Biome (1.9.4)

[error] 2-2: Expected a property but instead found '// used by all files but do not include paths'.

Expected a property here.

(parse)

---

[error] 3-3: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

---

[error] 3-3: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

---

[error] 3-3: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

---

[error] 3-4: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

packages/pkg/test/test.spec.ts (2)

14-21: Good implementation of the Fisher-Yates shuffle algorithm to replace lodash dependency.

The custom shuffle function is a well-implemented replacement for what was likely _.shuffle from lodash. The eslint-disable comment for sonarjs/pseudo-random is appropriate since this is for testing purposes and doesn't require cryptographically secure randomness.

---

25-25: LGTM: Successfully replaced lodash dependency with custom implementation.

The change to use the custom shuffle function maintains the same functionality while removing the external dependency, which is a good practice for reducing package size and dependencies.

packages/sql/src/index.ts (2)

8-8: Improved type-only import for better type safety.

Using type DialectOptions instead of just DialectOptions clarifies that you're only importing the type definition, which is a good practice in TypeScript.

---

11-12: LGTM: Import reorganization.

Reorganizing the imports for format and formatDialect improves code consistency and readability.

.codesandbox/ci.json (1)

2-2: Good upgrade to Node.js 22.

Upgrading from Node.js 18 to 22 keeps the project up to date with the latest LTS version, which provides performance improvements, security fixes, and new features.

test/global.d.ts (1)

1-1: Good addition of Vitest type references.

Adding the reference to Vitest global types ensures that TypeScript recognizes testing functions like describe, it, and expect without requiring explicit imports in each test file.

.renovaterc (1)

1-5: Good addition of Renovate configuration

Adding Renovate configuration helps automate dependency updates, which aligns well with the PR objective of dependency housekeeping. Using a shared configuration from 1stG/configs is a good practice for maintaining consistency.

.gitattributes (1)

2-2: Correctly updated Git attributes for yarn.lock

Updating the Git attributes to apply the -diff flag to yarn.lock instead of pnpm-lock.yaml is appropriate for the package manager transition. This ensures that lock file changes don't clutter diffs, which is a good practice for repository maintenance.

packages/toml/src/options.ts (1)

3-3: Correctly updated import path with .js extension

Adding the .js extension to the import path is necessary for proper module resolution in ES modules. Since this package uses "type": "module", explicit file extensions are required for local imports. This change ensures compatibility with the ES modules system.

packages/toml/package.json (2)

10-10: Standardized contributor format

The contributor information format has been standardized to follow conventional patterns, maintaining the same information but in a more structured order.

---

38-38: Upgraded @taplo/lib from alpha to stable release

Upgrading @taplo/lib from ^0.4.0-alpha.2 to ^0.5.0 is a significant improvement as it moves from an alpha (pre-release) version to a stable release. This aligns with the PR objective of dependency housekeeping and is recommended for production code.

packages/pkg/src/types.ts (1)

45-45: Improved type export precision

Changing export { StringLiteral } to export type { StringLiteral } is a good TypeScript practice. This explicitly marks StringLiteral as a type-only export, ensuring it's only used for type checking at compile-time and not at runtime. This improves type safety and can help with tree-shaking.

.yarnrc.yml (1)

1-11: Yarn Configuration Set Up
This new configuration file correctly sets up Yarn by disabling telemetry, selecting the node-modules linker, and defining a plugin with a pinned checksum and source. The specified yarnPath clearly points to the intended Yarn release. This configuration aligns well with the objective of migrating from pnpm to Yarn.

.github/workflows/size-limit.yml (3)

14-18: Switch to Yarn Caching
The workflow now specifies cache: yarn under the Node.js setup, which is appropriate given the transition from pnpm. This ensures that dependency caching is handled by Yarn, optimizing build times for this job.

---

20-22: Update Dependency Installation Command
Changing the installation command from pnpm i to yarn i is correct and consistent with the overall migration.

---

24-27: Update Size Limit Script Command
Replacing the command from pnpm size-limit --json to yarn size-limit --json ensures that the size-limit check uses Yarn. This correctly reflects the updated dependency management strategy.

test/tsconfig.json (1)

1-12: New TypeScript Test Configuration
The newly introduced tsconfig.json for tests extends the base configuration properly. The compiler options (especially "noEmit": true and setting "rootDir" correctly) and the inclusion of test and fixture files are well defined. This configuration will help maintain type safety across test files.

packages/autocorrect/src/index.ts (1)

5-5: Adopt Type-Only Import
Switching to import type { Plugin } from 'prettier' is a best practice that ensures the import is only used for type-checking. This minimizes any unintended runtime overhead and clarifies that Plugin is solely for TypeScript purposes.

.gitignore (1)

7-9: Refine Yarn Directory Ignore Rules
The updated rules now ignore all files within .yarn while explicitly allowing .yarn/plugins and .yarn/releases to be tracked. This is optimal because it keeps critical configuration and release artifacts under version control, especially important during the migration from pnpm to Yarn.

packages/sh/README.md (1)

101-103: Updated Link References for Consistency
The external link identifiers have been updated to use proper casing ([1stG.me], [JounQin], and [MIT]), which improves readability and consistency across documentation.

packages/autocorrect/package.json (2)

8-8: Standardized Author Field Format
The author field is now reformatted to "JounQin <[email protected]> (https://www.1stG.me)" for consistency with other packages. This change enhances clarity in metadata across the repository.

---

35-37: Bumped Dependency: autocorrect-node
The dependency version has been updated to "^2.13.3", aligning it with the overall dependency upgrade strategy. Please verify that the new version is backward compatible by running the appropriate tests.

packages/pkg/src/index.ts (1)

16-16: Adopted Type-Only Import for Clarity
Modifying the import to use import type clarifies that ObjectExpression and ObjectProperty are used solely for type checking and prevents any unintended runtime inclusion.

.github/workflows/pkg-size.yml (1)

1-24: Introduced Package Size Report Workflow
The new GitHub Actions workflow is well-structured:

• It uses concurrency controls with cancellation of in-progress jobs.
• It checks out the repository using a specific commit.
• It invokes the pkg-size/action with proper error handling (continue-on-error) and passes the GITHUB_TOKEN through the environment.

This addition should help automate and standardize package size checking as part of the CI process.

packages/autocorrect/README.md (1)

72-74: Refined Link Identifiers in README
The link reference identifiers at the bottom have been updated to use correct casing ([1stG.me], [JounQin], and [MIT]), ensuring consistent branding and easier navigation for contributors and users.

packages/sql/README.md (1)

188-190: Updated link references for consistent casing.

The changes to the link reference syntax improve consistency by using proper casing for all references ([1stG.me], [JounQin], and [MIT]), which matches how they're used in the document body on line 186. This is a good practice for maintaining documentation quality.

vitest.config.ts (2)

15-15: Enable global test helpers.

Setting globals: true makes Vitest test helpers (like describe, it, expect) available globally without explicit imports. This aligns with the removal of auto-imports configuration while maintaining the same functionality.

---

17-17: Explicitly enable test coverage.

The addition of enabled: true to the coverage configuration ensures that test coverage is always collected when running tests, making it more consistent across different environments.

.github/workflows/ci.yml (6)

7-9: Added workflow concurrency control.

Adding concurrency configuration prevents multiple workflow runs on the same branch from executing simultaneously, which saves CI resources by canceling outdated runs. This is a recommended GitHub Actions best practice.

---

20-20: Added Node.js 22 to test matrix.

Including Node.js 22 in the test matrix ensures compatibility with the latest LTS version, which aligns with the PR objective of modernizing dependencies and environments.

---

34-34: Updated cache configuration for Yarn.

Changing the cache configuration from pnpm to yarn is necessary as part of the package manager migration. This ensures proper caching of dependencies between workflow runs.

---

37-37: Updated dependency installation to use Yarn.

The command has been changed from using pnpm to yarn --immutable, which installs dependencies according to the lockfile without modifications. This is part of the package manager migration and ensures reproducible builds.

---

40-40: Updated build commands to use Yarn.

The script command has been changed to use yarn run-s instead of pnpm run-s while maintaining the same build, lint, and test sequence. This is consistent with the package manager migration.

---

45-47: Updated Codecov action and added authentication token.

The Codecov GitHub Action has been updated to v5 from v3, and a token has been added for authentication. This ensures that code coverage reports are properly uploaded and associated with the repository.

.github/workflows/pkg-pr-new.yml (3)

1-9: Added new workflow with concurrency controls.

This new workflow adds automation for publishing packages with proper concurrency settings. The configuration prevents redundant workflow runs and optimizes GitHub Actions resource usage.

---

10-23: Set up the workflow job with Node.js and Yarn.

The workflow is configured to use the latest LTS Node.js version with Yarn caching, which aligns with the project's migration from pnpm to Yarn across all workflows.

---

24-31: Added package build and publishing steps.

The workflow includes steps to install dependencies, build the project, and publish packages using pkg-pr-new. This automates the publishing process for any commit, which improves developer experience by providing pre-release packages for testing.

.github/workflows/autofix.yml (8)

1-2: Workflow Naming is Correct and Secure
The workflow is named “autofix.ci” as required for security. This naming convention ensures that the autofix action operates in its designated context.

---

3-9: PR Event Triggers are Configured Properly
The on.pull_request triggers (opened, reopened, and synchronize) ensure the workflow runs at appropriate PR events. This configuration is clear and complete.

---

10-13: Concurrency Settings are Well-Defined
The use of a concurrency group based on the workflow name and reference, with cancel-in-progress: true, is a good practice to prevent redundant runs.

---

14-20: Job and Checkout Step are Configured as Expected
The job autofix runs on ubuntu-latest and uses a pinned commit for the checkout action. This improves reproducibility and security.

---

21-26: Node.js Setup is Consistent with Yarn Adoption
The step for setting up Node.js uses the LTS version and caches Yarn, which aligns with the overall transition from pnpm to yarn.

---

27-29: Dependency Installation Step Uses Yarn Appropriately
Using yarn --immutable ensures that the dependency installation is lockfile-consistent. This is in line with best practices for predictable builds.

---

30-32: Code Formatting Step is Clear and Simple
Running yarn format in the workflow cleanly enforces code style. This helps maintain a consistent codebase.

---

33-37: Autofix Action is Integrated Correctly
The step using autofix-ci/action passes fail-fast: false, allowing the workflow to continue even if some fixes fail. This fulfills the intended behavior.

.github/workflows/release.yml (4)

19-24: Node.js Setup Now Uses Yarn Caching
Adding cache: yarn (line 23) in the Setup Node.js LTS step is a good update. It standardizes dependency management across workflows by aligning with the yarn-based setup.

---

25-27: Dependency Installation Uses Yarn
Replacing the previous command with yarn --immutable (line 26) correctly reflects the migration from pnpm to yarn. This change will enforce consistency via the yarn lockfile.

---

28-36: Release Step Updated for Yarn-Based Publishing
The modifications in the “Create Release Pull Request or Publish to npm” step are notable:

• Publish Command: Changing to publish: yarn release (line 34) ensures the release command is executed by yarn.
• Version Command: Adding version: yarn run version (line 35) updates versioning accordingly.
  These updates are consistent with the overall dependency management migration.

---

36-38: New Environment Variable for Enhanced NPM Provenance
Adding NPM_CONFIG_PROVENANCE: true (line 38) is a strong move toward increased transparency in the publishing process.

packages/sql/package.json (2)

8-8: Author Field Format Standardized
Reformatting the author field to "JounQin <[email protected]> (https://www.1stG.me)" improves consistency and clarity. This adheres to common formatting practices in package metadata.

---

48-51: Dependency Versions are Updated
Updating dependency versions for:

• jsox to ^1.2.121
• node-sql-parser to ^5.3.8
• sql-formatter to ^15.5.2
• tslib to ^2.8.1
  ensures that the SQL package benefits from recent fixes and enhancements. Verify that these updates are compatible with existing code.

package.json (8)

7-7: Author Field Format is Consistent Across the Repo
The change in the author field to "JounQin <[email protected]> (https://www.1stG.me)" now matches the new standardized format used in other package files.

---

13-13: Updated Package Manager Specification
Specifying "packageManager": "[email protected]" reflects the strategic migration from pnpm to yarn. This ensures that developers and CI environments use the correct yarn version.

---

15-17: Script Adjustments for Consistent Build Processes

• The build script now uses run-p 'build:*' (line 15) for parallel task execution, which is clear and efficient.
• Ensure that the tools (e.g., npm-run-all2) are correctly configured in devDependencies.

---

30-32: Test and Version Scripts are Streamlined

• The test script uses vitest run (line 30) for simplicity.
• The version script now chains changeset version && yarn --no-immutable (line 32) to ensure proper versioning and dependency validation.

---

35-44: DevDependencies Upgrades Reflect Modernization
The updates to devDependencies (e.g., TypeScript, React types, ESLint, vitest, etc.) are in line with the overall upgrade strategy. Ensure that breaking changes from these dependency updates are accounted for in the codebase.

---

55-60: Resolutions Updated for Consistency
The resolutions field (lines 77-82) now ensures that consistent versions of Prettier plugins and Prettier itself are used. This prevents potential version conflicts across workspaces.

---

61-74: React and Related Libraries are Updated
Upgrading react, react-dom, and react-router-dom to their specified versions should be tested thoroughly for compatibility issues. The updates also include improvements to other front-end tooling which are consistent with the shift to a yarn-managed workspace.

---

77-83: Resolutions Section Ensures Consistent Prettier Plugin Versions
The updated resolutions confirm that all Prettier-related packages will use the specified versions, reducing the risk of version conflicts.

Reviewing files that changed from the base of the PR and between 843c689 and d2e1fa2.

• .yarn/plugins/plugin-prepare-lifecycle.cjs is excluded by !**/.yarn/**
• .yarn/releases/yarn-4.8.1.cjs is excluded by !**/.yarn/**
• packages/autocorrect/test/__snapshots__/fixtures.spec.ts.snap is excluded by !**/*.snap
• packages/pkg/test/__snapshots__/test.spec.ts.snap is excluded by !**/*.snap
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

• .codesandbox/ci.json (1 hunks)
• .eslintrc (0 hunks)
• .gitattributes (1 hunks)
• .github/workflows/autofix.yml (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/codeql.yml (0 hunks)
• .github/workflows/pkg-pr-new.yml (1 hunks)
• .github/workflows/pkg-size.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/size-limit.yml (1 hunks)
• .gitignore (1 hunks)
• .lintstagedrc.cjs (0 hunks)
• .lintstagedrc.js (1 hunks)
• .npmrc (0 hunks)
• .prettierignore (1 hunks)
• .renovaterc (1 hunks)
• .simple-git-hooks.cjs (0 hunks)
• .simple-git-hooks.js (1 hunks)
• .yarnrc.yml (1 hunks)
• README.md (1 hunks)
• auto-imports.d.ts (0 hunks)
• docs/App.tsx (1 hunks)
• docs/index.tsx (1 hunks)
• docs/package.json (0 hunks)
• docs/tsconfig.json (0 hunks)
• eslint.config.js (1 hunks)
• package.json (2 hunks)
• packages/autocorrect/README.md (1 hunks)
• packages/autocorrect/index.d.cts (1 hunks)
• packages/autocorrect/package.json (2 hunks)
• packages/autocorrect/src/index.ts (1 hunks)
• packages/autocorrect/test/fixtures/test.md (1 hunks)
• packages/autocorrect/test/fixtures/test0.js (1 hunks)
• packages/pkg/package.json (1 hunks)
• packages/pkg/src/index.ts (1 hunks)
• packages/pkg/src/rules/files.ts (1 hunks)
• packages/pkg/src/rules/sort.ts (1 hunks)
• packages/pkg/src/types.ts (1 hunks)
• packages/pkg/src/utils.ts (1 hunks)
• packages/pkg/test/fixtures/fixture1.json (1 hunks)
• packages/pkg/test/fixtures/fixture2.json (1 hunks)
• packages/pkg/test/test.spec.ts (1 hunks)
• packages/sh/README.md (1 hunks)
• packages/sh/package.json (2 hunks)
• packages/sh/src/index.ts (2 hunks)
• packages/sh/test/parser.spec.ts (1 hunks)
• packages/sql/README.md (1 hunks)
• packages/sql/package.json (2 hunks)
• packages/sql/src/index.ts (2 hunks)
• packages/toml/package.json (2 hunks)
• packages/toml/src/options.ts (1 hunks)
• pnpm-workspace.yaml (0 hunks)
• scripts/languages.ts (3 hunks)
• test/global.d.ts (1 hunks)
• test/tsconfig.json (1 hunks)
• tsconfig.base.json (1 hunks)
• vitest.config.ts (1 hunks)

• docs/package.json
• docs/tsconfig.json
• .eslintrc
• .simple-git-hooks.cjs
• .lintstagedrc.cjs
• pnpm-workspace.yaml
• auto-imports.d.ts
• .github/workflows/codeql.yml
• .npmrc

• packages/pkg/src/rules/files.ts
• packages/pkg/src/utils.ts
• packages/autocorrect/index.d.cts
• packages/autocorrect/test/fixtures/test.md
• packages/sh/src/index.ts
• scripts/languages.ts

• .codesandbox/ci.json
• .renovaterc
• test/global.d.ts
• .lintstagedrc.js
• .simple-git-hooks.js
• packages/pkg/test/fixtures/fixture2.json
• .gitattributes
• packages/pkg/test/test.spec.ts
• docs/index.tsx
• .yarnrc.yml
• packages/pkg/src/types.ts
• .gitignore
• .github/workflows/size-limit.yml
• test/tsconfig.json
• packages/autocorrect/src/index.ts
• packages/pkg/test/fixtures/fixture1.json
• .prettierignore
• packages/pkg/src/index.ts
• packages/toml/src/options.ts
• packages/sql/README.md
• packages/autocorrect/README.md
• packages/sh/README.md
• .github/workflows/ci.yml
• .github/workflows/release.yml
• packages/sql/src/index.ts
• packages/pkg/package.json
• packages/sh/package.json
• docs/App.tsx
• packages/sql/package.json
• package.json

• GitHub Check: Lint and Test with Node.js 22 on windows-latest
• GitHub Check: Lint and Test with Node.js 20 on windows-latest
• GitHub Check: Codacy Static Code Analysis

vitest.config.ts (2)

15-15: Enable Vitest globals for cleaner test code.

Adding globals: true simplifies test files by making Vitest's testing functions (describe, it, expect, etc.) globally available without explicit imports. This change aligns with the removal of auto-imports functionality mentioned in the summary, providing a more standard approach to handling test globals.

---

17-17: Explicitly enable test coverage.

Explicitly setting coverage.enabled: true ensures consistent behavior with the coverage configuration that follows. This makes the configuration more maintainable by clearly stating the intention to enable coverage reporting rather than relying on implicit behavior.

tsconfig.base.json (1)

3-3: Update the "extends" Property to Use the New Configuration

The change from "./node_modules/@1stg/tsconfig/lib.json" to "@1stg/tsconfig/node16" simplifies the configuration by delegating to a centralized, updated configuration file. This aligns well with the modernization goals outlined in the PR objectives. Additionally, using a string value for "extends" is correct per TypeScript's tsconfig specifications.

Note: The static analysis hints regarding "End of file expected" and the suggestion to "Use an array for a sequence of values" appear to be false positives. tsconfig files commonly allow JSON with comments (JSONC), so if your tooling is configured for JSONC, these warnings can be safely ignored.

🧰 Tools

🪛 Biome (1.9.4)

[error] 3-3: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

---

[error] 3-3: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

---

[error] 3-3: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

---

[error] 3-4: End of file expected

Use an array for a sequence of values: [1, 2]

(parse)

eslint.config.js (2)

1-14: Good migration to ESLint flat config format

This file introduces ESLint's newer flat configuration format, replacing the older .eslintrc file. The migration aligns with ESLint's recommended approach and future direction.

---

9-12: Good practice for modern React

Disabling @eslint-react/jsx-uses-react for TSX files is appropriate when using React 17+ where importing React is no longer necessary for JSX.

packages/autocorrect/test/fixtures/test0.js (3)

1-1: Appropriately disabled ESLint rules for test fixture

Adding specific ESLint disable directives helps maintain code quality standards while allowing necessary exceptions in test fixtures.

---

3-5: Consistent comment formatting

The comment format has been standardized, which improves code consistency.

---

7-7: Improved variable declaration with const

Changing from let to const is a good practice since the variable isn't reassigned later in the function. This makes the code more predictable and easier to reason about.

README.md (2)

28-29: Nice addition of the sponsors link!

The added sponsors link provides better visibility for project sponsorship opportunities.

---

32-40: Clean up of sponsors and backers sections

The updated formatting for sponsors and backers sections makes the README more consistent and cleaner by simplifying the image labels.

🧰 Tools

🪛 LanguageTool

[style] ~40-~40: Using many exclamation marks might seem excessive (in this case: 16 exclamation marks for a text that’s 5793 characters long)
Context: ...----------------------------------- | | | | [![UnTS Open Collective backers](https://o...

(EN_EXCESSIVE_EXCLAMATION)

packages/pkg/src/rules/sort.ts (1)

69-71: Good reorganization of TypeScript-related fields

Moving the TypeScript-related fields ('types', 'typings', 'typesVersions') to the entries section improves the organization by grouping them with related fields, enhancing the readability and maintainability of the package sorting logic.

.github/workflows/pkg-size.yml (1)

1-24: ⚠️ Potential issue

Add explicit permissions to the workflow

The workflow is missing explicit permissions declarations, which is a security best practice. Defining specific permissions follows the principle of least privilege and helps prevent potential security issues.

Add a permissions section to restrict the token scope:

name: Package Size Report

on:
  - pull_request

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+permissions:
+  contents: read
+  pull-requests: write

jobs:
  pkg-size-report:
    name: Package Size Report
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

      - name: Package Size Report
        uses: pkg-size/action@a637fb0897b6f14f18e776d8c3dbccb34a1ad27b # v1
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 12-23: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

.github/workflows/pkg-pr-new.yml (1)

1-32: ⚠️ Potential issue

Add explicit permissions to the workflow

The workflow is missing explicit permissions declarations, which is a security best practice. Defining specific permissions follows the principle of least privilege and helps prevent potential security issues.

Add a permissions section to restrict the token scope:

name: Publish Any Commit
on:
  - push
  - pull_request

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+permissions:
+  contents: read
+  packages: write

jobs:
  publish:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

      - name: Setup Node.js LTS
        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
        with:
          node-version: lts/*
          cache: yarn

      - name: Install dependencies
        run: yarn --immutable

      - name: Build
        run: yarn build

      - name: Publish
        run: yarn dlx pkg-pr-new publish --compact './packages/*'

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 12-31: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

.github/workflows/autofix.yml (2)

1-12: Workflow Trigger and Concurrency Configuration Approved

The workflow header is well-defined. The workflow name meets the security requirement for the autofix.ci action, and the pull request triggers along with the concurrency settings are properly configured. The use of pinned commitish values for actions helps ensure consistent, secure behavior.

---

14-37: 🛠️ Refactor suggestion

Missing Explicit Permissions Block

The job configuration does not include an explicit permissions block. This omission has been flagged by CodeQL and was noted in previous reviews. Defining a minimal permissions block (for example, setting contents: read) helps enforce the principle of least privilege and can mitigate potential security risks.

Consider adding the following snippet at the top level (after the concurrency block and before the jobs: section):

@@
- 
+permissions:
+  contents: read

This addition ensures that the workflow only has the required permissions and adheres to GitHub's best security practices.

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 16-36: Workflow does not contain permissions
Actions Job or Workflow does not set permissions

packages/toml/package.json (6)

6-6: Repository URL Update
The repository URL has been updated to use HTTPS, which is more secure and widely supported.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

9-11: Maintainers Field Introduced
The previous contributors field has been replaced with a maintainers array. Verify that this aligns with your team’s conventions and that all relevant maintainers are listed accurately.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

18-18: New "types" Entry
A top-level "types" field ("./index.d.cts") has been added to improve type support. Please ensure that the referenced file exists and is generated as expected.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

35-37: Files Array Update
The files array now includes "index.d.cts" alongside "lib", ensuring that type definitions are bundled with the package.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

48-48: Dependency Version Bump
The dependency @taplo/lib has been updated to "^0.5.0". Please confirm that this version works seamlessly with the rest of the project.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

53-54: Pipeline Configuration Notice
The pipeline error indicates an issue with the package manager configuration (declared as "yarn@[email protected]") versus the global Yarn version. Make sure Corepack is enabled in your CI/CD environment or adjust the configuration accordingly.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

packages/autocorrect/package.json (6)

6-6: Repository URL Update
The repository URL has been updated to use HTTPS, which aligns with modern security practices and standards.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

8-8: Author Field Format Updated
The author field has been reformatted to "JounQin <[email protected]> (https://www.1stG.me)". This new format improves clarity and consistency with contemporary package metadata practices.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

15-15: New "types" Field Added
Adding a top-level "types": "./index.d.cts" entry enhances type safety for consumers of the package. Ensure that the referenced file is correctly maintained and included.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

31-34: Updated Files Array
The files array now explicitly includes "index.d.cts" in addition to the "lib" directory, ensuring that type declarations are distributed with the package.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

46-46: Dependency Version Update
The dependency "autocorrect-node" has been bumped to "^2.13.3". Verify that this updated version is fully compatible with your codebase and related modules.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

---

50-51: Pipeline Configuration Notice
Similar to the changes in the Toml package, the pipeline error regarding the package manager (yarn vs. pnpm) suggests that Corepack might need to be enabled. Please review your CI/CD configuration to ensure that the declared package manager version is available in the environment.

🧰 Tools

🪛 GitHub Actions: Size Limit

[error] This project's package.json defines "packageManager": "yarn@[email protected]". However, the current global version of Yarn is 1.22.22. Corepack must currently be enabled by running corepack enable.

packages/sh/test/parser.spec.ts (1)

7-7:

Details

✅ Verification successful

Potential type safety issue with removed optional chaining.

The change removes the optional chaining operator (?.) when accessing the sh property. While the assertion on line 8 checks that hasPragma is not null, if ShPlugin.parsers exists but sh is undefined or null, this change could introduce a runtime error.

Please verify that ShPlugin.parsers.sh is guaranteed to exist in all test scenarios. If there's uncertainty, consider keeping the optional chaining to maintain robustness:

-  const hasPragma = ShPlugin.parsers?.sh.hasPragma
+  const hasPragma = ShPlugin.parsers?.sh?.hasPragma

You can verify this by running:

---

🏁 Script executed:

#!/bin/bash
# Check if ShPlugin.parsers.sh is always defined
cat packages/sh/test/parser.spec.ts
echo "Checking ShPlugin structure:"
ast-grep --pattern $'import ShPlugin from \'prettier-plugin-sh\''

Length of output: 2588

---

Removal of optional chaining on sh is safe here.

The tests in the packages/sh/test/parser.spec.ts file verify that ShPlugin.parsers?.sh.hasPragma is never null or undefined in all scenarios. The assertion on the next line confirms that hasPragma is defined, so there's sufficient runtime guarantee that ShPlugin.parsers.sh exists. No additional optional chaining is needed.