fix(deps): replace archiver with @archiver/archiver#6969
fix(deps): replace archiver with @archiver/archiver#6969Adebesin-Cell wants to merge 4 commits intonetlify:mainfrom
Conversation
…ize-path - Replace archiver with @archiver/archiver (modern, ESM-first rewrite) - Replace normalize-path with normalizePath from @archiver/compress-commons/util - Remove @types/archiver and @types/normalize-path (types now built-in) Reduces install footprint significantly: 66 transitive deps → 8 total
📝 WalkthroughSummary by CodeRabbit
WalkthroughReplaces the unscoped Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (2)
packages/zip-it-and-ship-it/src/utils/matching.ts (1)
8-8: Stale comment references removed package.The comment mentions "
normalize-path" package, but the import now comes from@archiver/compress-commons/util. Update the comment to reflect the new source.Proposed fix
-/** - * Both glob and minimatch only support unix style slashes in patterns - * For this reason we wrap them and ensure all patterns are always unixified - * We use `normalize-path` here instead of `unixify` because we do not want to remove drive letters - */ +/** + * Both glob and minimatch only support unix style slashes in patterns + * For this reason we wrap them and ensure all patterns are always unixified + * We use `normalizePath` from `@archiver/compress-commons` instead of `unixify` because we do not want to remove drive letters + */🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/zip-it-and-ship-it/src/utils/matching.ts` at line 8, Update the stale comment that currently mentions the `normalize-path` package to reference the new source `@archiver/compress-commons/util` instead; locate the comment in packages/zip-it-and-ship-it/src/utils/matching.ts (the line that explains why we normalize paths) and change its wording to say we use the normalizer from `@archiver/compress-commons/util` (and keep the note about not removing drive letters) so the comment matches the actual import/source.packages/edge-bundler/package.json (1)
49-49: Version mismatch with zip-it-and-ship-it package.This package uses
@archiver/archiver@^0.0.3whilepackages/zip-it-and-ship-it/package.jsonuses@archiver/archiver@^0.0.4. For consistency within the monorepo and to avoid potential API differences, consider aligning both to the same version.Proposed fix
- "@archiver/archiver": "^0.0.3", + "@archiver/archiver": "^0.0.4",🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/edge-bundler/package.json` at line 49, Update the `@archiver/archiver` dependency in packages/edge-bundler's package.json to match the version used in packages/zip-it-and-ship-it (change the "@archiver/archiver": "^0.0.3" entry to "^0.0.4") to ensure consistent dependency versions across the monorepo; run a quick install/lockfile update afterward to propagate the change.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@packages/edge-bundler/package.json`:
- Line 49: Update the `@archiver/archiver` dependency in packages/edge-bundler's
package.json to match the version used in packages/zip-it-and-ship-it (change
the "@archiver/archiver": "^0.0.3" entry to "^0.0.4") to ensure consistent
dependency versions across the monorepo; run a quick install/lockfile update
afterward to propagate the change.
In `@packages/zip-it-and-ship-it/src/utils/matching.ts`:
- Line 8: Update the stale comment that currently mentions the `normalize-path`
package to reference the new source `@archiver/compress-commons/util` instead;
locate the comment in packages/zip-it-and-ship-it/src/utils/matching.ts (the
line that explains why we normalize paths) and change its wording to say we use
the normalizer from `@archiver/compress-commons/util` (and keep the note about
not removing drive letters) so the comment matches the actual import/source.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 283ceac4-ac75-4e2f-ad5b-ca308b9d2ab3
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (6)
packages/edge-bundler/node/bridge.test.tspackages/edge-bundler/node/main.test.tspackages/edge-bundler/package.jsonpackages/zip-it-and-ship-it/package.jsonpackages/zip-it-and-ship-it/src/archive.tspackages/zip-it-and-ship-it/src/utils/matching.ts
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/zip-it-and-ship-it/package.json`:
- Line 49: The dependency entry for "@archiver/archiver" using "^0.0.5" is risky
because it's a pre-release-era version and caret semantics for 0.0.x are
restrictive; update the package.json dependency string for "@archiver/archiver"
to one of the intended options: lock to an exact version "0.0.5" if you want to
pin for stability, use "~0.0.5" to accept future patch fixes, or use a range
like ">=0.0.5 <0.1.0" to accept compatible 0.x releases, and ensure you run
thorough integration tests against the chosen version to verify the package API
is stable before deploying to production.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 0b0042f4-979c-417f-b4d6-874369caefba
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (3)
packages/edge-bundler/package.jsonpackages/zip-it-and-ship-it/package.jsonpackages/zip-it-and-ship-it/src/utils/matching.ts
🚧 Files skipped from review as they are similar to previous changes (2)
- packages/edge-bundler/package.json
- packages/zip-it-and-ship-it/src/utils/matching.ts
| "@netlify/serverless-functions-api": "^2.10.0", | ||
| "@vercel/nft": "0.29.4", | ||
| "archiver": "^7.0.0", | ||
| "@archiver/archiver": "^0.0.5", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify that `@archiver/archiver` version 0.0.5 exists on npm
echo "=== Checking `@archiver/archiver` package on npm ==="
curl -s https://registry.npmjs.org/@archiver/archiver | jq '{name: .name, latest: ."dist-tags".latest, versions: (.versions | keys)}'Repository: netlify/build
Length of output: 261
Address pre-release stability concerns before deploying @archiver/archiver@0.0.5 to production.
@archiver/archiver@0.0.5 exists on npm as the latest version. However, before merging:
-
Pre-release version: Version
0.0.5is very early in development. Ensure the package API is stable and won't have breaking changes in minor releases (0.0.6+). Test thoroughly before production use. -
Semver caret behavior: Note that
^0.0.5only matches exactly0.0.5(not0.0.6or higher). If you want future patch updates, consider~0.0.5or>=0.0.5 <0.1.0. If pinning to exact version is intentional for stability, use0.0.5without the caret for clarity.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/zip-it-and-ship-it/package.json` at line 49, The dependency entry
for "@archiver/archiver" using "^0.0.5" is risky because it's a pre-release-era
version and caret semantics for 0.0.x are restrictive; update the package.json
dependency string for "@archiver/archiver" to one of the intended options: lock
to an exact version "0.0.5" if you want to pin for stability, use "~0.0.5" to
accept future patch fixes, or use a range like ">=0.0.5 <0.1.0" to accept
compatible 0.x releases, and ensure you run thorough integration tests against
the chosen version to verify the package API is stable before deploying to
production.
2 participants
Summary
Replace
archiverandnormalize-pathwith their modern counterparts from the@archiverscope.Changes
archiverwith@archiver/archiver— a modern, ESM-first, TypeScript-native rewritenormalize-pathwithnormalizePathfrom@archiver/compress-commons/util@types/archiverand@types/normalize-path(types are now built-in)Why
archiverships 66 transitive dependencies and ~10MB of install weight.@archiver/archiveris a ground-up rewrite as part of the e18e ecosystem performance initiative that brings the same API with a fraction of the footprint:archiver(old)@archiver/archiver(new)@types/archiverneedednormalize-pathis also replaced since@archiver/compress-commons(already a transitive dependency) exports the same utility asnormalizePath.