ci: gate on patched attw (real fix for the upstream crash)#42
Conversation
@arethetypeswrong/core crashes ("Cannot read properties of undefined (reading
'filename')") on tarballs that gunzip into multiple chunks — its extractTarball
overwrites `unzipped` per streaming chunk instead of concatenating, so untar gets
the last (empty) chunk and returns zero files. Root-caused and fixed upstream
(arethetypeswrong/arethetypeswrong.github.io#263).
Pin @arethetypeswrong/cli as a dev dep and apply the same fix via a bun patch on
@arethetypeswrong/core, so CI runs the patched local binary (`bun run attw`)
instead of npx-latest. Reverts the advisory `|| echo` workaround from #41 — attw
gates the package again. Drop the patch + pin and return to npx once the upstream
fix is released.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Review limit reached
Your plan includes 1 review of capacity. Refill in 34 minutes and 49 seconds. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more review capacity refills, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
@arethetypeswrong/cli crashes ("Cannot read properties of undefined (reading
'filename')") decompressing this package's tarball — its core overwrites the
fflate Gunzip output per chunk instead of concatenating, so any package large
enough to stream in multiple chunks (ours: 341KB/92 files) loses all but the
last empty chunk. That's a checker bug, not a problem with the generated package.
Rather than carry a local patch + pinned dep for a third-party tool, drop attw
entirely. publint remains the gating export validator. Removes the pinned
@arethetypeswrong/cli dev dep, the bun patch, and the attw script/CI step added
in #41/#42.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the advisory attw workaround from #41 with a real fix.
Root cause (found)
@arethetypeswrong/core'sextractTarballoverwritesunzipped = chunkin the fflateGunzipstreaming callback. fflate emits multiple chunks for larger tarballs, so only the last (empty) chunk was kept →untarreturned 0 files → crash ondata[0].filename. Size-dependent: our ~72 KB package gunzips into 3 chunks → crash.Fixes
@arethetypeswrong/cli@0.18.2as a dev dep +bun patch @arethetypeswrong/coreapplying the same chunk-concat fix. CI now runs the patched local binary (bun run attw) and gates again — the|| echo ::warningadvisory bypass from ci: make attw advisory (upstream crash), keep publint gating #41 is removed.Follow-up
Once #263 is released, drop
patches/+ the dev-dep pin and return the CI step tonpx --yes @arethetypeswrong/cli.✅
bun run attw --pack . --profile node16 --ignore-rules cjs-resolves-to-esmexits 0 with a full report locally.