fix(deps): add missing sharp dependencies#593
fix(deps): add missing sharp dependencies#593kadams54 wants to merge 1 commit intoColeMurray:mainfrom
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughTwo development dependencies, ChangesDependency addition for native module build
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
kadams54
force-pushed
the
kadams54/sharp-deps
branch
from
91d3fc2 to
635098b
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
package.json (1)
31-32: ⚡ Quick winThis fix may be insufficient when
libvipsis globally installed (e.g. viabrew install vips) on Node 24.When
libvipsis globally installed,sharpdetects it and attempts to build from source instead of using prebuilt binaries. This build fails on Node.js 24 LTS with a C++ compilation error (NewOrCopynot found inNapi::Buffer) — an error that addingnode-addon-apidoes not resolve. The workaround for that case isSHARP_IGNORE_GLOBAL_LIBVIPS=1 npm install, which forces the prebuilt binary download.Consider documenting this environment-specific workaround in the README or
.env.example, and/or adding it to an.npmrc:sharp_ignore_global_libvips=true🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` around lines 31 - 32, The package.json change adding node-addon-api/node-gyp doesn't address failures when libvips is globally installed and sharp builds from source on Node 24; update docs and config to document and enforce the workaround by (a) adding a note to README and .env.example explaining to set SHARP_IGNORE_GLOBAL_LIBVIPS=1 before npm install when brew/other global libvips is present, and (b) add an .npmrc entry sharp_ignore_global_libvips=true to force use of prebuilt sharp binaries during install; reference the package.json dependency names (node-addon-api, node-gyp) and the env var SHARP_IGNORE_GLOBAL_LIBVIPS in the documentation so maintainers know why this is needed.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Around line 31-32: Update the root package.json devDependency "node-gyp" from
"^12.2.0" to "^12.3.0": locate the "node-gyp" entry in package.json and change
its version string to "^12.3.0", then run your package manager (npm/yarn/pnpm)
to refresh the lockfile and install updated devDependencies so the repo uses
node-gyp 12.3.0.
---
Nitpick comments:
In `@package.json`:
- Around line 31-32: The package.json change adding node-addon-api/node-gyp
doesn't address failures when libvips is globally installed and sharp builds
from source on Node 24; update docs and config to document and enforce the
workaround by (a) adding a note to README and .env.example explaining to set
SHARP_IGNORE_GLOBAL_LIBVIPS=1 before npm install when brew/other global libvips
is present, and (b) add an .npmrc entry sharp_ignore_global_libvips=true to
force use of prebuilt sharp binaries during install; reference the package.json
dependency names (node-addon-api, node-gyp) and the env var
SHARP_IGNORE_GLOBAL_LIBVIPS in the documentation so maintainers know why this is
needed.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b90b79f2-d9d4-4458-8030-1625b894d333
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json
| "node-addon-api": "^8.7.0", | ||
| "node-gyp": "^12.2.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find which workspace package(s) declare sharp as a dependency
rg -l '"sharp"' --glob 'packages/*/package.json' -n
rg '"sharp"' --glob 'packages/*/package.json' -n -A1 -B1Repository: ColeMurray/background-agents
Length of output: 54
🏁 Script executed:
# First, check if sharp exists anywhere in the root package.json or dependencies
rg '"sharp"' . -g 'package.json' -iRepository: ColeMurray/background-agents
Length of output: 54
🏁 Script executed:
# Check what the actual root package.json looks like (full content)
cat package.jsonRepository: ColeMurray/background-agents
Length of output: 1623
🏁 Script executed:
# Check if there's a lockfile that might reveal sharp as a transitive dependency
ls -la | grep -E 'package-lock|yarn.lock|pnpm-lock'Repository: ColeMurray/background-agents
Length of output: 142
🌐 Web query:
node-gyp latest version npm
💡 Result:
The latest version of node-gyp on npm is 12.3.0, published on April 21, 2026 [1][2][3]. This is confirmed by the official npm registry page listing it as the current version [1], the npmjs.com package page [3], and the GitHub releases page [2]. Some cached or older pages show 12.2.0 [4][5][6], but the most recent authoritative sources indicate 12.3.0 as latest today (2026-05-04). To install: npm install node-gyp@latest or npm install -g node-gyp [7].
Citations:
- 1: https://registry.npmjs.org/node-gyp
- 2: https://github.com/nodejs/node-gyp/releases
- 3: https://www.npmjs.com/package/node-gyp
- 4: https://www.npmjs.com/package/node-gyp?activeTab=versions
- 5: https://github.com/nodejs/node-gyp/tree/refs/heads/main
- 6: https://github.com/nodejs/node-gyp
- 7: https://nodejs.org/learn/node-api/build-tools/node-gyp
🌐 Web query:
node-addon-api latest version 8.7.0
💡 Result:
The latest version of node-addon-api is 8.7.0, released on March 26, 2026.[1][2][3][4][5] This is confirmed across official sources including the npm registry, npmjs.com, GitHub releases page, and the main repository homepage. The GitHub releases list shows v8.7.0 as the most recent tag with features like Date::New overload, Object::GetPrototype/SetPrototype, and SharedArrayBuffer support in DataViews.[4] Earlier versions like v8.6.0 (Feb 27, 2026) and v8.5.0 (Jul 14, 2025) precede it.[1][2]
Citations:
- 1: https://registry.npmjs.org/node-addon-api
- 2: https://www.npmjs.com/package/node-addon-api
- 3: https://npmx.dev/package/node-addon-api
- 4: https://github.com/nodejs/node-addon-api/releases/tag/v8.7.0
- 5: https://github.com/nodejs/node-addon-api
Update node-gyp to the latest version ^12.3.0.
The version pinned in root devDependencies is outdated. node-gyp latest is 12.3.0 (released April 21, 2026), not 12.2.0. Update the entry on line 32 to "node-gyp": "^12.3.0".
The recommendation in the original comment to move these dependencies to a specific workspace package is not applicable, as sharp is not declared as a direct dependency in any workspace package in the codebase.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` around lines 31 - 32, Update the root package.json
devDependency "node-gyp" from "^12.2.0" to "^12.3.0": locate the "node-gyp"
entry in package.json and change its version string to "^12.3.0", then run your
package manager (npm/yarn/pnpm) to refresh the lockfile and install updated
devDependencies so the repo uses node-gyp 12.3.0.
1 participant
Fixes #524
Summary by CodeRabbit