Skip to content

Modernization#1444

Merged
Ryang-21 merged 28 commits into
masterfrom
modernization
Jun 5, 2026
Merged

Modernization#1444
Ryang-21 merged 28 commits into
masterfrom
modernization

Conversation

@Ryang-21

@Ryang-21 Ryang-21 commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

What

Major modernization release (v16) that merges @stellar/stellar-base into @stellar/stellar-sdk and overhauls the toolchain, HTTP layer, and build outputs.

Codebase & types

Build & packaging

HTTP & runtime

Tooling

Docs

Ryang-21 and others added 22 commits April 22, 2026 13:41
* Replace __USE_AXIOS__ dynamic require with static fetch default

* Add babel and webpack aliasing to emit axios variant from shared source

* Flip package.json exports: fetch default, /axios opt-in, drop /no-axios

* Update vitest configs and test harness for TRANSPORT=axios variant

* Update CI, README, and stale references for new fetch-default build matrix
* update eventsource to v4.1.0 and remove conditional import of eventsource

* remove no-eventsource lib bundle as the eventsource dependency runs in the workerd runtime

* remove the dom-monkeypatch as its now included in the tsconfig lib field

* add additional tests for eventsource behavior
* add type: module in pkg.json and update js config files to esm style

* build and export cjs and esm build varients, remove export of umd bundles

* remove unused dependency (causing issue with hook files being cjs format)
* replace webpack + babel dependencies for rollup

* migrate build tools to rollup
* move stellar-base src under src/base

* add unit tests from stellar-base

* port xdr and makefile for generating xdr

* port manual type declarations for js only dependencies

* inline js-xdr for node esm compatibility

* disable bundle_size workflow
* migrate from classic yarn to pnpm

* add pnpm setup action to git workflows
* remove randomBytes for universal crypto.getRandomValues

* replace sha.js with noble/hashes and update to version 2.2.0

* update BigNumber to v11.0.0

* replace noble/curves with noble/ed25519 for reduced bundle size

* move tsconfig project root

* replace toml with smol-toml
* refactor: replace URI usage for native URL + URLSearchParam objects

* remove usage of non-null assertion

* allow expandUriTemplate to handle relative templated links
* test src code directly instead of the built lib
…p nyc (#1408)

* Update husky config + remove nyc

* Root .nvmrc + bump Node to v22

* pnpm minimumReleaseAge config

* Cleanup
* TypeDoc setup

* TS tags cleanup

* Update link syntax

* More comments cleanup

* Add @category

* ESLint cleanup

* Cleanup

* From category to file-path routing

* Comment cleanup

* More source TSDoc cleanup

* Per-symbol rendering for reference docs

* Tag rendering for reference docs

* docs/ skeleton with landing page and placeholder guides

* LLMs sitemap and full-content bundle

* Astro/Starlight site scaffold

* Polish LLMs head link, public/ bundles, robots.txt

* Retire JSDoc pipeline

* Refresh CONTRIBUTING with docs guide

* Render class/interface members and pin source links to evergreen ref

* Trim CI: vitest coverage scope and bundle_size workflow

* Fix tests

* UI polishes

* Make docs site agent-friendly; centralize site config

* Fixed URL in MD siblings

* .htaccess file

* readme updates + UI fix

* Add sub-page description

* htaccess update

* Apply SDS theme

* Apply SDS fonts

* Cleanup

* Use default font size

* Update tests action

* Upgrade playwright + attempt to fix tests for 24

* Fix build docs script

* Updated version guide

* Update wording

* Fix dead anchor links

* Update readme
* Update XDR base URLs and improve Makefile for TypeScript definitions

* pull and regenerate xdr definitions for p27

* handle signing the new SorobanCredential varients

* add CAP-71 delegate-credential signing helpers

  - buildAuthorizationEntryPreimage: expose the signature payload (authorizeEntry
    now builds its preimage through it)
  - buildWithDelegatesEntry: wrap ADDRESS/ADDRESS_V2 into ADDRESS_WITH_DELEGATES,
    sorting + de-duping delegates; top-level signature defaults to Void
  - authorizeEntry: optional forAddress to fill a specific node (top-level or a
    delegate) instead of always the top-level
  - export the new helpers + DelegateSignature/BuildWithDelegatesParams from base
* Update readme

* Cleanup

* Pre-push hook + updated docs

* Update pre-push hook

* pre-push updates

* Add @stellar/stellar-base migration guide to the installation docs

* Map xdr.HashIdPreimage in typedoc to fix docs:reference build

* Revert typedoc dead-link workaround

* Fix broken link

* Readme tweaks

---------

Co-authored-by: oceans404 <so.orpilla@gmail.com>
* Implement TransactionSource interface for Account and MuxedAccount classes; update TransactionBuilder to use TransactionSource
* merge master
* TSDoc: Replace @internal with @ignore tag

* Update TSDoc linter

* Fix call builder references

* Group types + add heading anchors

* Update slug generation

* Updated docs

* Add friendbot call builder items
* Minor: axios + bignumber.js

* Patch: vitest + @vitest

* Minor astro + patch @astro

* Minor: esbuild to v0.27.7 (not latest v0.28.0)

* Some patch + minor

* Major: @rollup/plugin-commonjs

* Major: cross-env + dotenv

* Major: jsdom

* Updated pnpm-lock
* add back AuthFlag namespace

* fix: update build types script for axios to ensure generated types are copied correctly
* add p27 guide
…nternal-link tooling (#1434)

* docs: add internal-link tooling (base-prefix rewriting + dead-link validation)

* docs: add connect-and-fund and send-a-payment guides

* docs: add issue-an-asset guide

* docs: refine issue-an-asset guide (token framing, typed helper, review fixes)

* docs: add query-and-stream guide

* docs: add handle-errors guide

* docs: link guides 02-04 to the handle-errors guide

Add error-handling pointers now that guide 05 exists (sibling-link upgrade):
a primary pointer in guide 02's submit section and lighter pointers in 03/04.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: add invoke-a-contract guide (06)

Teaches invoking a deployed Soroban contract from JS with contract.Client and
AssembledTransaction: connect over RPC, preview a call by simulation, then sign
and send a state change. Uses the increment contract; deployment is linked out
to the Stellar CLI tutorial. Regenerate llms bundles.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: add contract-auth guide (07)

Covers signing Soroban contract authorization for an account other than the
transaction source, framed for AddressV2 (CAP-0071-02) readiness: the same code
is correct on the legacy ADDRESS credential today and on AddressV2 after the
Protocol 28 flip. Distinguishes envelope signing from authorization-entry
signing, and gives a before/after migration for hand-rolled signers
(buildAuthorizationEntryPreimage / authorizeEntry).

Also upgrades the Invoke a Contract guide's closing link to point at this guide,
replaces numbered guide references with named links, and regenerates the llms
bundles.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: fold versioning into the home page, drop it as a guide

Versioning and compatibility is reference material, not a task how-to, so it
moves out of the guides nav into a 'Versioning and compatibility' section on the
home page (README -> index). Repoints the agents.md reference to the new
home-page anchor and regenerates index.md + llms bundles.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: add migration guide (00)

A versioned breaking-changes guide for upgrading to the v16 modernization release (base fold-in, native fetch, ESM, Node 22) and Protocol 27 / 28 Soroban auth (AddressV2). Modeled on viem's migration guide: one section per version, one entry per change, with before/after diffs. Sorts first in the guides nav and opens with a pointer to the home-page versioning section.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: link API references in migration guide (00)

Link the first mention of each documented symbol (Keypair, the auth helpers, contract.Client/basicNodeSigner/signAuthEntries, rpc.Server/Horizon.Server, getLatestLedger, BalanceResponse, SigningCallback) to its reference page, base-agnostic, matching guide 07. Anchors verified against the rendered reference pages; internal link check passes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* regen docs

* Text tweaks

* cleanup and add missing migration details

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Ryan Yang <ryan.yang@stellar.org>
Co-authored-by: Iveta <iveta@stellar.org>
* docs: update changelog for v16.0.0-rc.1 

* update package version to 16.0.0-rc.1
Copilot AI review requested due to automatic review settings June 5, 2026 21:54
@github-project-automation github-project-automation Bot moved this to Backlog (Not Ready) in DevX Jun 5, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

@socket-security

socket-security Bot commented Jun 5, 2026

Copy link
Copy Markdown

@socket-security

socket-security Bot commented Jun 5, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm @img/sharp-libvips-darwin-arm64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-darwin-arm64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-darwin-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-darwin-x64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-darwin-x64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-darwin-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-arm under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linux-arm@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-arm@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-arm64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linux-arm64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-ppc64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linux-ppc64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-ppc64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-riscv64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linux-riscv64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-riscv64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-s390x under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linux-s390x@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-s390x@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linux-x64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linux-x64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linux-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linuxmusl-arm64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linuxmusl-arm64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linuxmusl-arm64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-libvips-linuxmusl-x64 under LGPL-3.0-or-later

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-libvips-linuxmusl-x64@1.2.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-libvips-linuxmusl-x64@1.2.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-wasm32

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-wasm32@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-wasm32@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-win32-arm64

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-win32-arm64@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-win32-arm64@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-win32-ia32

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-win32-ia32@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-win32-ia32@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @img/sharp-win32-x64

Location: Package overview

From: pnpm-lock.yamlnpm/astro@6.4.2npm/@img/sharp-win32-x64@0.34.5

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@img/sharp-win32-x64@0.34.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm axe-core under MIT AND MPL-2.0

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-config-airbnb-extended@3.1.0npm/axe-core@4.11.4

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axe-core@4.11.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm typescript under MIT-Khronos-old

License: MIT-Khronos-old - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

From: package.jsonnpm/typescript@5.9.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@5.9.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Comment thread src/base/soroban.ts Fixed
Comment thread scripts/build-docs.ts Dismissed
Comment thread src/base/operations/invoke_host_function.ts Dismissed
Comment thread src/base/soroban.ts Dismissed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 18a91dc6ea

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread package.json
],
"main": "./lib/cjs/index.js",
"module": "./lib/esm/index.js",
"types": "./lib/esm/index.d.ts",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Expose ambient js-xdr declarations to consumers

When publishing the new generated declarations via ./lib/esm/index.d.ts, the public .d.ts graph still imports @stellar/js-xdr (for example from src/base/index.ts and the large-int helpers), but the added ambient declaration under types/stellar__js-xdr is only visible to this repo through typeRoots. Downstream TypeScript projects do not automatically load arbitrary types/ folders from dependencies, so consumers without their own shim for @stellar/js-xdr will get missing-declaration errors as soon as they import the SDK types. Please wire this shim into the emitted declaration graph or otherwise make the @stellar/js-xdr types resolvable from the published package.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b51c0759b7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread package.json
Comment on lines +20 to +23
"sideEffects": [
"./lib/esm/base/scval.js",
"./lib/cjs/base/scval.js"
],

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve scval side effects for axios builds

When consumers bundle @stellar/stellar-sdk/axios with tree-shaking and import only xdr or other exports that don't directly use the scval helpers, this whitelist only protects the non-axios scval.js files. The axios build emits separate files under lib/axios/esm/base/scval.js and lib/axios/cjs/base/scval.js, and those contain the xdr.scvSortedMap = scvSortedMap compatibility mutation; because they are not listed here, bundlers may discard the axios scval module as an unused re-export, leaving xdr.scvSortedMap undefined for the axios entrypoint. Please add the axios scval paths or use a glob that covers both builds.

Useful? React with 👍 / 👎.

@Ryang-21 Ryang-21 merged commit d0657f1 into master Jun 5, 2026
11 checks passed
@github-project-automation github-project-automation Bot moved this from Backlog (Not Ready) to Done in DevX Jun 5, 2026
@Ryang-21 Ryang-21 deleted the modernization branch June 5, 2026 23:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

5 participants