Skip to content

Move theme package into monorepo#819

Merged
necolas merged 2 commits into
mainfrom
nicolas/add-theme-to-monorepo
Jun 17, 2026
Merged

Move theme package into monorepo#819
necolas merged 2 commits into
mainfrom
nicolas/add-theme-to-monorepo

Conversation

@necolas

@necolas necolas commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Move @pierre/theme into the monorepo workspace.
  • Add CVD theme variants, accessibility docs, preview generation, and tests.
  • Integrate with diffshub.

Matches the state of the theme repo at this point pierrecomputer/theme#46

@vercel

vercel Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pierre-docs-diffs Ready Ready Preview Jun 16, 2026 9:58pm
pierre-docs-diffshub Ready Ready Preview Jun 16, 2026 9:58pm
pierre-docs-trees Ready Ready Preview Jun 16, 2026 9:58pm
pierrejs-diff-demo Ready Ready Preview Jun 16, 2026 9:58pm

Request Review

@necolas necolas requested a review from mdo June 16, 2026 18:02
@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from 511888a to 110df86 Compare June 16, 2026 18:03
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 16, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 511888a79f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread packages/theme/package.json Outdated
Comment thread packages/theming/src/collections/pierre.ts
@socket-security

socket-security Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedovsx@​1.0.098100909670
Added@​types/​culori@​4.0.11001007780100
Addedculori@​4.0.2891008283100
Added@​vscode/​vsce@​3.2.29710096100100

View full report

@socket-security

socket-security Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm cheerio is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/ovsx@1.0.0npm/@vscode/vsce@3.2.2npm/cheerio@1.2.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cheerio@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm culori is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/theme/package.jsonnpm/culori@4.0.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/culori@4.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm htmlparser2 is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/ovsx@1.0.0npm/@vscode/vsce@3.2.2npm/htmlparser2@10.1.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/htmlparser2@10.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm markdown-it is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: ?npm/ovsx@1.0.0npm/@vscode/vsce@3.2.2npm/markdown-it@14.2.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm underscore is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/ovsx@1.0.0npm/@vscode/vsce@3.2.2npm/underscore@1.13.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/underscore@1.13.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from 110df86 to 53935fb Compare June 16, 2026 18:13
@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from 53935fb to f2fce66 Compare June 16, 2026 18:21
@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from f2fce66 to cdaac82 Compare June 16, 2026 18:37
@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from cdaac82 to 297a20a Compare June 16, 2026 19:15
@necolas necolas requested review from SlexAxton and amadeus June 16, 2026 20:00
amadeus
amadeus approved these changes Jun 16, 2026
View reviewed changes

@amadeus amadeus left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A lot of this is quite beefy and I didn't know how things were prior to it all, so not sure if there's much valuable feedback from me. But skimmed from a high level and seems good!

Comment thread packages/theme/scripts/README.package.md Outdated
Comment thread packages/theme/scripts/README.package.md
Comment thread packages/theme/scripts/vsixPackageShim.ts
Comment thread packages/theme/src/color/cvd.ts Outdated
@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from 297a20a to b6453e1 Compare June 16, 2026 21:32
necolas added 2 commits June 16, 2026 14:57
@necolas
feat(theme): Move theme package into monorepo
a99b5c6 
Register @pierre/theme as a workspace package with moon tasks, repo
tooling, and local consumers wired to workspace:* dependencies.

Rework generated themes around role-based palettes and shared color
utilities, including Protanopia & Deuteranopia and Tritanopia
variants for Pierre Light and Pierre Dark.

Add accessibility docs, preview generation, and node:test coverage for
generated themes plus CVD contrast and distinguishability gates.
@necolas
ci(theme): publish manually instead of on release
afce62f 
Remove the release-triggered publish workflow so the theme package is
never published automatically. The other publishable packages here
already release this way — a deliberate, local `moon run` — which keeps
marketplace and npm credentials out of any automated path.

Replace it with manual moon tasks, one per target, each requiring only
its own token:

- `theme:publish-npm` publishes @pierre/theme to npm.
- `theme:publish-vsce` publishes the VS Code extension (needs VSCE_PAT).
- `theme:publish-ovsx` publishes to Open VSX (needs OVSX_PAT).

Split the former combined publish-extensions script into publishVsce.ts
and publishOvsx.ts so each marketplace can be released on its own, and
document the flow in CONTRIBUTING.
@necolas necolas force-pushed the nicolas/add-theme-to-monorepo branch from b6453e1 to afce62f Compare June 16, 2026 21:57
@necolas

necolas commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Will merge this tomorrow; we need to coordinate releases of the theme packages before @amadeus does another diffs release.

@necolas necolas merged commit d40c654 into main Jun 17, 2026
8 checks passed
@necolas necolas deleted the nicolas/add-theme-to-monorepo branch June 17, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amadeus amadeus amadeus approved these changes

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@mdo mdo mdo approved these changes

@SlexAxton SlexAxton Awaiting requested review from SlexAxton

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@necolas @amadeus @SlexAxton @mdo