Skip to content

refactor: freeze dependencies for plugins and move it to build time #515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yeelali14 merged 12 commits into from
Apr 12, 2026

refactor: freeze dependencies for plugins and move it from runtime to…

7323de4
Select commit
Loading
Failed to load commit list.
Merged

refactor: freeze dependencies for plugins and move it to build time #515

refactor: freeze dependencies for plugins and move it from runtime to…
7323de4
Select commit
Loading
Failed to load commit list.
LinearB / lb/linearb_ai_review succeeded Apr 9, 2026 in 1m 57s

Code review added

✨ PR Review

Agentic review
Freezing plugin deps to build time raises a concern: the vendor script pins non-existent package versions that break the build, so this needs work.

1 issues detected:

🐞 Bug - Non-existent package versions break build-time vendor step

Details: The vendor-plugins script in package.json:33 pins non-existent package versions: lodash@4.18.1 (max published is 4.17.21) and @octokit/rest@20.1.1 (lock file shows 20.1.2). Since npm run package now chains this script, a failing npm install will hard-abort the entire build pipeline, unlike the previous continue-on-error: true step. Update the pins to lodash@4.17.21 and @octokit/rest@20.1.2 to match published versions and the lock file.
File: package.json (33-33)

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how

View more details on LinearB