chore: bump napi-postinstall to support yarn/pnpm on webcontainer

[JounQin]

close #101

---

Important

Upgrade napi-postinstall and update postinstall script for dynamic versioning, with metadata and workflow improvements.

• Dependencies:
  • Upgrade napi-postinstall to ^0.2.1 in npm/package.json.
  • Upgrade @types/node to ^22.15.2 in package.json.
• Scripts:
  • Update postinstall script in npm/package.json to dynamically reference the current version.
• Package Metadata:
  • Change package type to commonjs in npm/package.json.
  • Add repository, homepage, author, and funding fields to npm/package.json.
• Workflow:
  • Modify release-plz.yml to update postinstall script with the current version during release.

^{This description was created by for efee46e. You can customize this summary. It will automatically update as commits are pushed.}

---

Summary by CodeRabbit

• Chores
  • Updated package metadata for improved organization and clarity.
  • Changed the package type to CommonJS.
  • Updated the postinstall script to dynamically reference the current version.
  • Upgraded dependencies, including napi-postinstall and @types/node.
  • Refined the publish configuration for consistency.

[coderabbitai]

Walkthrough

The changes update the release workflow and package manifests for a Node.js package. The release workflow now amends the postinstall script in npm/package.json to include the current version during release. The npm/package.json file is reorganized, adds a type field, updates the napi-postinstall dependency, and refines the postinstall script to include the version. The root package.json updates the @types/node development dependency. No source code or exported API changes are present.

Changes

File(s)	Change Summary
.github/workflows/release-plz.yml	Updates the JSON manipulation command to set both version and a version-specific postinstall script.
npm/package.json	Reorganizes metadata, adds "type": "commonjs", updates napi-postinstall dependency, refines postinstall script, and normalizes publishConfig.
package.json	Updates @types/node devDependency version from ^22.14.1 to ^22.15.2.

Sequence Diagram(s)

sequenceDiagram
    participant ReleaseWorkflow
    participant PackageJson

    ReleaseWorkflow->>PackageJson: Update version field
    ReleaseWorkflow->>PackageJson: Set scripts.postinstall to "napi-postinstall unrs-resolver <version> check"
    PackageJson-->>ReleaseWorkflow: Updated package.json ready for release

Loading

Assessment against linked issues

Objective	Addressed	Explanation
webcontainer support (#101)	❓	No direct evidence of changes specifically targeting webcontainer support; changes focus on packaging and postinstall scripts, which may be prerequisites but do not explicitly implement webcontainer compatibility.

Possibly related PRs

• fix: add napi-postinstall dep for workaround npm's bug #66: Updates to the postinstall script and napi-postinstall dependency, directly related to this PR's changes in post-install behavior.
• chore: release v1.7.0 #99: Related by updating the version in the package manifest, though it does not modify the postinstall script or workflow logic.

Poem

A bunny hops through package land,
With scripts and versions close at hand.
Postinstall magic, now tied to release,
Ensuring each update is crafted with peace.
Dependencies fresh, metadata in line—
This fluffy coder says, "Your package is fine!"
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 724f0f7 and efee46e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• .github/workflows/release-plz.yml (1 hunks)
• npm/package.json (2 hunks)
• package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• package.json
• .github/workflows/release-plz.yml
• npm/package.json

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: zizmor

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR updates the workflow to bump napi-postinstall, enabling support for yarn/pnpm on webcontainer environments.

• Updated the jq command in the release workflow to set a new postinstall script in npm/package.json.

Files not reviewed (3)

• npm/package.json: Language not supported
• package.json: Language not supported
• pnpm-lock.yaml: Language not supported

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​node@​22.14.1 ⏵ 22.15.2	+1		+1

View full report

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 724f0f7 in 1 minute and 13 seconds. Click for details.

• Reviewed 77 lines of code in 3 files
• Skipped 1 files when reviewing.
• Skipped posting 6 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/release-plz.yml:50

• Draft comment:
  Confirm jq string interpolation is correct. The filter uses "($version)" to inject the dynamic version; ensure it works as expected with numeric semver strings.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. npm/package.json:18

• Draft comment:
  The static 'postinstall' script now embeds a specific version. Ensure that the workflow update (jq) synchronizes this with package.json version to avoid inconsistencies.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. package.json:16

• Draft comment:
  Updated @types/node version looks fine. Verify all dependency bumps align with the webcontainer support requirements.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

4. .github/workflows/release-plz.yml:50

• Draft comment:
  Consider verifying the jq string interpolation syntax; ensure that ($version) is properly quoted to avoid shell expansion issues.
• Reason this comment was not posted:
  Comment looked like it was already resolved.

5. npm/package.json:19

• Draft comment:
  The postinstall script now embeds the version dynamically. Confirm that this update remains in sync with the release workflow updates.
• Reason this comment was not posted:
  Confidence changes required: 20% <= threshold 50% None

6. package.json:16

• Draft comment:
  Minor bump of '@types/node' to ^22.15.2 appears safe; ensure all dependent packages maintain compatibility.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

Workflow ID: wflow_d9ZJe1O9JuWYxzXh

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/release-plz.yml (1)

50-56: Limit staged changes to only npm/package.json
Using git add . may inadvertently stage unrelated files. To ensure only the intended manifest is amended, replace it with:

git add npm/package.json

This change minimizes the risk of unintended side effects.

npm/package.json (1)

2-10: Consider specifying Node engine compatibility
Adding an "engines" field (for example,

"engines": {
  "node": ">=14"
}

) can help consumers avoid installing on unsupported Node.js versions.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce6bc1c and 724f0f7.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• .github/workflows/release-plz.yml (1 hunks)
• npm/package.json (2 hunks)
• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: zizmor

🔇 Additional comments (5)

package.json (1)

16-16: Approve bump of @types/node
The @types/node devDependency has been updated from ^22.14.1 to ^22.15.2, keeping your type definitions in sync with upstream Node.js changes.

npm/package.json (4)

4-10: Approve metadata reorganization and type addition
Introducing "type": "commonjs" and promoting metadata fields (repository, homepage, author, funding, license) to the top enhances clarity and ensures correct module loading behavior.

---

18-20: Approve postinstall script update
The new postinstall entry ("napi-postinstall unrs-resolver 1.7.0 check") aligns perfectly with your release workflow’s dynamic version injection.

---

21-23: Approve napi-postinstall dependency bump
Upgrading to ^0.2.0 provides the necessary support for Yarn and PNPM in webcontainer environments, addressing the linked issue.

---

52-55: Approve publishConfig.registry normalization
Removing the trailing slash from "https://registry.npmjs.org" is a non-breaking cleanup that matches npm’s standard URL format.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed efee46e in 1 minute and 17 seconds. Click for details.

• Reviewed 77 lines of code in 3 files
• Skipped 1 files when reviewing.
• Skipped posting 6 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/release-plz.yml:50

• Draft comment:
  Check the jq interpolation: ensure that escaping ($version) inside the double quotes produces the correct script string. Consider testing edge cases.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% The comment suggests testing edge cases for jq interpolation, but this is a standard jq syntax pattern. The ($version) syntax is the correct way to interpolate variables in jq. The command is using --arg to safely pass the version variable. This is actually a well-formed jq command following best practices. Maybe there could be edge cases with version strings containing special characters that could cause issues with the script string? The version string comes from release-plz which generates standard semver versions, and jq's --arg handles escaping automatically. There's no real risk here. Delete the comment. The jq command is using correct syntax and best practices for variable interpolation.

2. npm/package.json:19

• Draft comment:
  The postinstall script is hard-coded to a specific version. Verify that the workflow update effectively syncs the version to avoid mismatches in different environments.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the PR author to verify that the workflow update syncs the version effectively, which is against the rules. It doesn't provide a specific suggestion or point out a clear issue with the code.

3. package.json:16

• Draft comment:
  The bump for @types/node is fine; please ensure all dependent packages are compatible with the new version.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

4. .github/workflows/release-plz.yml:50

• Draft comment:
  Verify jq interpolation syntax for dynamic version substitution. The string 'napi-postinstall unrs-resolver ($version) check' should correctly embed the version even if it contains special characters.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% This comment is asking the PR author to verify the jq interpolation syntax, which falls under asking the author to double-check or ensure something. This violates the rule against asking the author to confirm or verify their intention or correctness of the code.

5. npm/package.json:19

• Draft comment:
  The postinstall script now hardcodes '1.7.0'. Consider using a dynamic reference (if supported) so it automatically matches the package version, reducing manual updates.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

6. package.json:16

• Draft comment:
  The bump of '@types/node' to '^22.15.2' is appropriate.
• Reason this comment was not posted:
  Confidence changes required: 0% <= threshold 50% None

Workflow ID: wflow_T16HK6an9wPLjrZU

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}