Migrating workos -> better-auth #22
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 28 files
Prompt for AI agents (all 2 issues)
Understand the root cause of the following 2 issues and fix them.
<file name="packages/auth/package.json">
<violation number="1" location="packages/auth/package.json:41">
The migration from WorkOS is incomplete. The `templates/repo/packages/utils` package still includes dependencies on `@workos-inc` packages, contradicting the goal of this PR and leaving legacy dependencies in the codebase. This creates architectural inconsistency.</violation>
</file>
<file name="packages/auth/src/lib/auth.ts">
<violation number="1" location="packages/auth/src/lib/auth.ts:30">
Logging the OTP to console exposes sensitive authentication secrets and lets anyone with log access steal the code; remove the log and require a secure delivery path instead.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
The inferAdditionalFields function is a type utility, not a runtime client plugin. Using it in the plugins array was causing TypeScript type errors in the template builds. This fix removes inferAdditionalFields from: - templates/repo/packages/auth/src/index.ts - packages/auth/README.md examples The auth client now only includes the actual runtime plugins (adminClient, emailOTPClient).
- Remove unused 'import type { auth }' from templates/repo/packages/auth/src/index.ts
- Fix biome formatting to put imports and plugins on single lines
- Change better-auth version from exact '1.2.5' to '^1.2.5' to match packages
These changes fix:
- build-repo-template: lint error (unused import)
- build-next-template: type mismatch (version incompatibility between 1.2.5 and 1.3.27)
- Regenerate templates/repo/pnpm-lock.yaml to align with updated better-auth version range - This fixes the frozen-lockfile error in CI where package.json specified '^1.2.5' but lockfile had '1.2.5' - Resolves type incompatibilities between better-auth versions 1.2.5 and 1.3.27 Fixes build-repo-template and build-next-template CI failures
Move better-auth from dependencies to peerDependencies with exact version 1.3.27 in both packages/auth and templates/repo/packages/auth. This ensures version consistency across the workspace and prevents type incompatibilities. Also add better-auth to devDependencies for development purposes.
Update sendVerificationOtp type parameter from loose 'string' to strict literal union type 'sign-in' | 'forget-password' | 'email-verification' to match better-auth 1.3.27's actual type definitions. This fixes the type compatibility error in CI.
…sponses Change all method return types from Promise<void> to Promise<any> to accommodate better-auth 1.3.27's actual return types (Promise<Data<...> | Error<...>>). Also add index signature to emailOtp to allow extra properties like checkVerificationOtp that exist in the actual client.
…-auth 1.3.27 Add 'as any' type assertion to adminClient() call to bypass TypeScript type incompatibility where better-auth 1.3.27's adminClient has email as optional in one type but required in another. This is a workaround for a library type bug while maintaining version 1.3.27 everywhere as required.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Replaced WorkOS and iron-session with Better Auth to provide a simpler, flexible auth system with email OTP and Google OAuth. This fulfills Startup-90 by removing WorkOS and consolidating server/client APIs around better-auth.
New Features
Migration