chore: switch package manager from pnpm to yarn#834
Conversation
Use yarn (berry) with the node-modules linker instead of pnpm: - package.json: set packageManager to yarn@4.17.0, migrate the vite alias from pnpm overrides to yarn resolutions - add .yarnrc.yml with nodeLinker: node-modules and npmPreapprovedPackages (mirrors the former pnpm minimumReleaseAgeExclude for vite-plus packages, which yarn 4.17 would otherwise quarantine via its minimum release age gate) - remove pnpm-lock.yaml and pnpm-workspace.yaml, add yarn.lock - .gitignore: ignore yarn berry artifacts (.yarn/*, .pnp.*) - codspeed workflow: use setup-vp instead of pnpm - CLAUDE.md: update commands to the vp workflow (yarn under the hood)
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
commit: |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request migrates the project's package manager from pnpm to Yarn Berry (v4.17.0). The changes include updating configuration files, adding Yarn-specific ignore rules to .gitignore, setting up .yarnrc.yml, updating command documentation in CLAUDE.md, and removing the pnpm lockfile. Feedback on the changes highlights a critical issue in .yarnrc.yml where glob patterns are incorrectly used under npmPreapprovedPackages; Yarn Berry does not support wildcards for this setting, which will prevent the specified packages from bypassing the release age gate.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| npmPreapprovedPackages: | ||
| - '@voidzero-dev/*' | ||
| - 'vite-plus' | ||
| - '@vitest/*' |
There was a problem hiding this comment.
In Yarn Berry, npmPreapprovedPackages expects exact package names (parsed as package idents) and does not support glob patterns or wildcards like @voidzero-dev/* or @vitest/*. Because of this, these patterns will not match the actual packages, and Yarn will still quarantine them if they are freshly published.
To resolve this, you can either:
- List the exact package names (e.g.,
@voidzero-dev/vite-plus-core). - Disable the minimum release age check entirely by setting
npmMinReleaseAge: 0in.yarnrc.ymlif that is acceptable for this repository.
npmMinReleaseAge: 0
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #834 +/- ##
=======================================
Coverage 94.24% 94.24%
=======================================
Files 10 10
Lines 747 747
Branches 235 235
=======================================
Hits 704 704
Misses 40 40
Partials 3 3 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
1 participant
Problem
Switch the package manager from pnpm to yarn (berry), using the
node-moduleslinker.Fix
package.json: setpackageManagertoyarn@4.17.0; migrate thevitealias from pnpmoverridesto yarnresolutions.yarnrc.ymlwithnodeLinker: node-modulesandnpmPreapprovedPackages(mirrors the former pnpmminimumReleaseAgeExclude, since yarn 4.17 otherwise quarantines the freshly published vite-plus packages via its 24h minimum-release-age gate)pnpm-lock.yamlandpnpm-workspace.yaml, addyarn.lock.gitignore: ignore yarn berry artifacts (.yarn/*,.pnp.*)setup-vpinstead of pnpmCLAUDE.md: update command examples to thevpworkflowVite+ (
vp) auto-detects yarn from thepackageManagerfield.release.ymlkeepsnpm publish(npm OIDC trusted publishing, independent of the dev package manager).Note: this branch also carries the earlier
chore: remove vitest depscommits. It is an alternative to #833 (npm).Verification
vp installsucceeds;viteresolves to@voidzero-dev/vite-plus-core@0.2.1;node_modules/populated (node-modules linker, no PnP files)vp checkpasses (74 files),vp dedupe --checkexits 0vp test run test/options.timeout.test.tspasses