feat(react-email): installation of UI without npm install
#2573
Conversation
Co-authored-by: gabriel miranda <gabrielmfern@outlook.com> Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
This reverts commit 3924ebd.
|
|
The latest updates on your projects. Learn more about Vercel for GitHub.
💡 Enable Vercel Agent with $100 free credit for automated AI reviews |
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
|
@SocketSecurity ignore npm/next@15.5.6 |
commit: |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 8 files
Prompt for AI agents (all 3 issues)
Understand the root cause of the following 3 issues and fix them.
<file name="packages/react-email/src/utils/get-preview-server-location.ts">
<violation number="1" location="packages/react-email/src/utils/get-preview-server-location.ts:42">
Avoid emitting the success spinner message when installation fails; the finally block currently overrides error cases with a success status.</violation>
<violation number="2" location="packages/react-email/src/utils/get-preview-server-location.ts:78">
The installation logic incorrectly assumes `@react-email/preview-server` only needs `next` as a dependency. By stripping out all other dependencies from `package.json`, it guarantees runtime crashes. The original `packages/preview-server/package.json` lists numerous required dependencies that are now omitted from installation.</violation>
<violation number="3" location="packages/react-email/src/utils/get-preview-server-location.ts:87">
The installation process is opaque and harms developer experience. It uses `execSync` with `stdio: 'ignore'`, which hides `npm` errors from the user. Furthermore, it breaks the monorepo's local development workflow by always fetching from npm, which prevents testing local changes to the preview server.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
gabrielmfern
force-pushed
the
canary
branch
2 times, most recently
from
8128be7 to
19de23f
Compare
2 participants
2025-10-17.11-28-44.mp4
This changes things up so that users don't have to install
@react-email/preview-serverin their projects anymore. It still keeps the@react-email/preview-serverpublished package for backward compatibility, for versioning, and to simplify the changes in this pull request.This is mainly made so that we can possibly unify everything into
react-email, so that users can install just one package for everything related to React Email.Most of the code stays the same, since the CLI is still importing
nextfrom@react-email/preview-server, but now we automatically runnpm pack @react-email/preview-serverand extract it into$HOME/.react-email. There we also only installnextinstead of all dependencies, to keep it fast and lightweight.At the same time, keeping the original source
package.jsonaspackage.source.jsonso that we can reuse it duringemail build.Everything still works out of the box, this is backwards compatible, and users don't have to do anything special.
There are two downsides to the implementation of this pull request. First, and is that if users regularly switch between React Email versions, it will redownload the preview server each time. Secondly, it's that the local version is not going to be used when running the local CLI, instead it will download the one that's on npm. Both of these we can improve in later versions without breaking changes.
Summary by cubic
Run the React Email UI without adding @react-email/preview-server to your project. The CLI auto-installs the UI into $HOME/.react-email and only installs Next.js, keeping setup fast and backward compatible.