Skip to content

fix(setupWizard): add repository field for npm publish provenance#1421

Merged
msukkari merged 1 commit into
mainfrom
fix-setup-sourcebot-provenance-repository
Jul 2, 2026
Merged

fix(setupWizard): add repository field for npm publish provenance#1421
msukkari merged 1 commit into
mainfrom
fix-setup-sourcebot-provenance-repository

Conversation

@msukkari

@msukkari msukkari commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Chores
    • Added repository metadata for the setup wizard package, including version control type, source location, and package directory information.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@msukkari your pull request is missing a changelog!

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1726ee00-015a-48bb-9d30-1f91e39d8b90

📥 Commits

Reviewing files that changed from the base of the PR and between 54e90be and a89166a.

📒 Files selected for processing (1)
  • packages/setupWizard/package.json

Walkthrough

This change adds a repository metadata field to packages/setupWizard/package.json, specifying the git repository type, URL, and directory path.

Changes

Package Metadata Update

Layer / File(s) Summary
Add repository field
packages/setupWizard/package.json
Adds a repository block with type (git), URL, and directory path for the package.

Estimated code review effort: 1 (Trivial) | ~2 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding repository metadata for setupWizard npm provenance.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-setup-sourcebot-provenance-repository

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

License Audit

Status: FAIL

Metric Count
Total packages 2222
Resolved (non-standard) 9
Unresolved 4
Strong copyleft 0
Weak copyleft 38

Fail Reasons

  • 4 packages have unresolvable licenses: @react-grab/cli@0.1.23, @react-grab/cli@0.1.29, @react-grab/mcp@0.1.29, element-source@0.0.3

Unresolved Packages

Package Version License Reason
@react-grab/cli 0.1.23 UNKNOWN No license field in npm registry metadata; no repository/homepage; npm.com page not accessible (403).
@react-grab/cli 0.1.29 UNKNOWN No license field in npm registry metadata; no repository/homepage; npm.com page not accessible (403).
@react-grab/mcp 0.1.29 UNKNOWN No license field in npm registry metadata; no repository/homepage; npm.com page not accessible (403).
element-source 0.0.3 UNKNOWN No license/licenses field, no repository, and no README in npm registry metadata; nothing to resolve against.

Weak Copyleft Packages (informational)

Package Version License
@img/sharp-libvips-darwin-arm64 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-darwin-arm64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-darwin-x64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-arm 1.0.5 LGPL-3.0-or-later
@img/sharp-libvips-linux-arm 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-arm64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-ppc64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-riscv64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-s390x 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-x64 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-linux-x64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-arm64 1.2.4 LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64 1.0.4 LGPL-3.0-or-later
@img/sharp-libvips-linuxmusl-x64 1.2.4 LGPL-3.0-or-later
@img/sharp-wasm32 0.33.5 Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-wasm32 0.34.5 Apache-2.0 AND LGPL-3.0-or-later AND MIT
@img/sharp-win32-arm64 0.34.5 Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32 0.33.5 Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-ia32 0.34.5 Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64 0.33.5 Apache-2.0 AND LGPL-3.0-or-later
@img/sharp-win32-x64 0.34.5 Apache-2.0 AND LGPL-3.0-or-later
axe-core 4.10.3 MPL-2.0
lightningcss 1.32.0 MPL-2.0
lightningcss-android-arm64 1.32.0 MPL-2.0
lightningcss-darwin-arm64 1.32.0 MPL-2.0
lightningcss-darwin-x64 1.32.0 MPL-2.0
lightningcss-freebsd-x64 1.32.0 MPL-2.0
lightningcss-linux-arm-gnueabihf 1.32.0 MPL-2.0
lightningcss-linux-arm64-gnu 1.32.0 MPL-2.0
lightningcss-linux-arm64-musl 1.32.0 MPL-2.0
lightningcss-linux-x64-gnu 1.32.0 MPL-2.0
lightningcss-linux-x64-musl 1.32.0 MPL-2.0
lightningcss-win32-arm64-msvc 1.32.0 MPL-2.0
lightningcss-win32-x64-msvc 1.32.0 MPL-2.0
Resolved Packages (9)
Package Version Original Resolved Source
@types/ws 8.18.1 UNKNOWN MIT npm registry (license field)
memorystream 0.3.1 UNKNOWN MIT npm registry (licenses object: {type:'MIT'})
codemirror-lang-elixir 4.0.0 UNKNOWN Apache-2.0 GitHub repo (LICENSE + About sidebar)
khroma 2.1.0 UNKNOWN MIT GitHub repo (README + About sidebar)
lezer-elixir 1.1.2 UNKNOWN Apache-2.0 GitHub repo (LICENSE + About sidebar)
map-stream 0.1.0 UNKNOWN MIT GitHub repo (About sidebar)
valid-url 1.0.9 UNKNOWN MIT GitHub repo (LICENSE file)
posthog-js 1.369.0 SEE LICENSE IN LICENSE Apache-2.0 GitHub repo (LICENSE file; primary license Apache-2.0)
pause-stream 0.0.11 ["MIT","Apache2"] MIT OR Apache-2.0 extracted from object (license array ["MIT","Apache2"])

@msukkari msukkari merged commit 4abb51c into main Jul 2, 2026
9 of 10 checks passed
@msukkari msukkari deleted the fix-setup-sourcebot-provenance-repository branch July 2, 2026 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant