Skip to content

Correct workspace: protocol usage #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dahlia merged 2 commits into from
Feb 3, 2026
Merged

Correct workspace: protocol usage #556

dahlia merged 2 commits into from
Feb 3, 2026

Conversation

@moreal
Copy link
Contributor

@moreal moreal commented Feb 3, 2026
edited
Loading

Summary

Add a CI check to detect invalid workspace: protocol specifiers and fix existing invalid usages in the monorepo.

Related issue

I couldn't related issues when searching with following queries:

  • label:integration/fastify
  • fastify
  • peer
  • workspace

Changes

  • Fixed invalid workspace: specifiers to workspace:^ in docs/package.json,
    examples/*/package.json, and packages/fastify/package.json
  • Added check:manifest:workspace-protocol mise task that uses grep to detect
    invalid workspace: patterns (those without *, ^, or ~ specifier)
  • Added the new task to the check task dependencies so it runs in CI

Benefits

The pnpm workspace: protocol requires a version specifier (*, ^, or ~).
Using "workspace:" without a specifier is technically invalid, but pnpm doesn't report a clear error.
This can cause issues with other tools like moonrepo (e.g., moonrepo) that strictly validate the workspace protocol format.

This change ensures:

  • All existing invalid specifiers are corrected
  • Future invalid specifiers will be caught by CI before merge

Checklist

  • Did you add a changelog entry to the CHANGES.md?
  • Did you write some relevant docs about this change (if it's a new feature)?
  • Did you write a regression test to reproduce the bug (if it's a bug fix)?
  • Did you write some tests for this change (if it's a new feature)?
  • Did you run mise test on your machine?

Additional notes

Note for breaking change or bugfix for @fedify/fastify

Among the packages affected by this PR, excluding docs and examples, the project that is distributed externally is @fedify/fastify. Since there was originally no caret, it's unclear how the version should be handled, but when viewed on npmjs.com, it appears to be resolved to a specific version without a caret or tilde, as shown in the quote below.

https://www.npmjs.com/package/@fedify/fastify/v/2.0.0-dev.279?activeTab=code

image 
  "peerDependencies": {
    "fastify": "^5.2.0",
    "@fedify/fedify": "2.0.0-dev.279+ce1bdc22"
  },

On JSR, it is resolved in a format like ^2.0.0-pr.490.1967+f14078ce, which includes a caret.

https://jsr.io/@fedify/fastify@2.0.0-pr.490.1967+f14078ce/dependencies

image

I think it's common practice to use a caret in peerDependencies, like ^6 || ^7, to indicate compatibility within a certain version range. Therefore, I believe this change is correct. However, there is some discrepancy with the npmjs.com version; since the version range has become broader than before, it doesn't seem to be a breaking change.

This pull request will help to complete #555.

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Feb 3, 2026

Summary of Changes

Hello @moreal, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the monorepo's dependency management by standardizing the use of the workspace: protocol. It rectifies existing instances where workspace: lacked an explicit version specifier, which, while tolerated by pnpm, can cause issues with other tools. By adding a CI check, the PR establishes a robust mechanism to prevent such inconsistencies in the future, improving overall build reliability and compatibility across the development ecosystem.

Highlights

  • Dependency Versioning: Corrected invalid workspace: protocol specifiers in various package.json files by explicitly adding the caret (^) operator, ensuring proper version range resolution for internal monorepo dependencies.
  • CI Enforcement: Introduced a new CI check, check:manifest:workspace-protocol, which uses grep to detect any future instances of invalid workspace: specifiers lacking a version operator (*, ^, or ~).
  • Automated Validation: Integrated the new check:manifest:workspace-protocol task into the main check task dependencies, ensuring that this validation runs automatically in CI pipelines.
Changelog
  • docs/package.json
    • Updated all @fedify/* dependencies from workspace: to workspace:^.
  • examples/cloudflare-workers/package.json
    • Updated @fedify/fedify and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/elysia/package.json
    • Updated @fedify/vocab dependency from workspace: to workspace:^.
  • examples/express/package.json
    • Updated @fedify/express, @fedify/fedify, and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/fastify/package.json
    • Updated @fedify/fastify, @fedify/fedify, and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/koa/package.json
    • Updated @fedify/koa, @fedify/fedify, and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/next-integration/package.json
    • Updated @fedify/fedify, @fedify/next, and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/next14-app-router/package.json
    • Updated @fedify/fedify and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/next15-app-router/package.json
    • Updated @fedify/fedify and @fedify/vocab dependencies from workspace: to workspace:^.
  • examples/sveltekit-sample/package.json
    • Updated @fedify/fedify, @fedify/sveltekit, and @fedify/vocab dependencies from workspace: to workspace:^.
  • mise.toml
    • Added a new task check:manifest:workspace-protocol to detect invalid workspace: specifiers.
    • Included check:manifest:workspace-protocol in the check task's dependencies.
  • packages/fastify/package.json
    • Updated @fedify/fedify peer dependency from workspace: to workspace:^.
Activity
  • The author identified an issue where pnpm's workspace: protocol, when used without a version specifier, is technically invalid and can cause problems with tools like Moonrepo.
  • Existing invalid workspace: specifiers across docs/package.json, various examples/*/package.json files, and packages/fastify/package.json were fixed by appending ^.
  • A new mise task, check:manifest:workspace-protocol, was created to use grep for detecting workspace: patterns without *, ^, or ~.
  • This new task was added to the check task's dependencies to ensure it runs in CI.
  • The author considered the impact of changing peerDependencies for @fedify/fastify from workspace: to workspace:^, concluding it broadens the version range and is not a breaking change, despite some discrepancies with npmjs.com's display.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@issues-auto-labeler issues-auto-labeler bot added component/build Build system and packaging component/ci CI/CD workflows and GitHub Actions component/integration Web framework integration labels Feb 3, 2026
@moreal moreal force-pushed the validate-workspace-protocol branch from 46874b6 to d699bd7 Compare February 3, 2026 13:12
gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 3, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly addresses invalid workspace: protocol specifiers in package.json files by updating them to the valid workspace:^ format. It also introduces a new CI check in mise.toml to enforce this rule, which is a great addition for maintaining repository health. I have one suggestion to improve the new CI check by making it more efficient and robust.

@codecov
Copy link

codecov bot commented Feb 3, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

moreal and others added 2 commits February 3, 2026 22:23
@moreal @claude
Add mise check task for workspace: protocol validation
4273088 
The pnpm workspace: protocol requires a version specifier (*, ^, or ~).
Using "workspace:" without a specifier is invalid but pnpm doesn't
report a clear error, which can cause issues with tools like moonrepo.

This adds a check:manifest:workspace-protocol task that detects invalid
patterns and fails the CI check if found.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@moreal
Correct workspace protocol
acd7405
@moreal moreal force-pushed the validate-workspace-protocol branch from d699bd7 to acd7405 Compare February 3, 2026 13:23
@moreal moreal marked this pull request as ready for review February 3, 2026 13:35
dahlia
dahlia approved these changes Feb 3, 2026
View reviewed changes
Copy link
Member

@dahlia dahlia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job!

@dahlia dahlia merged commit f7e14bc into fedify-dev:main Feb 3, 2026
44 of 46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dahlia dahlia dahlia approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

component/build Build system and packaging component/ci CI/CD workflows and GitHub Actions component/integration Web framework integration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@moreal @dahlia