Skip to content

feat: use serde to build package json and check npm package name#2428

Merged
fnando merged 4 commits intomainfrom
sanitize-js-bindings-output-dir
Mar 13, 2026
Merged

feat: use serde to build package json and check npm package name#2428
fnando merged 4 commits intomainfrom
sanitize-js-bindings-output-dir

Conversation

@mootz12
Copy link
Contributor

@mootz12 mootz12 commented Mar 5, 2026

What

Use serde to modify package.json file during typescript binding generation. And check that the npm package name is valid.

Why

Fixes the issue where users can create invalid package.json files

Known limitations

None

Copilot AI review requested due to automatic review settings March 5, 2026 21:11
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Mar 5, 2026
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens TypeScript bindings project generation by validating the generated npm package name and updating package.json via JSON parsing/serialization (instead of raw string replacement) to prevent invalid or injectable package.json output.

Changes:

  • Add validate_npm_package_name (with tests) to enforce npm naming rules, including scoped names.
  • Validate the --output-dir basename / contract name before generating the TS bindings project.
  • Update TS project template handling to set package.json.name through serde_json, enabling preserve_order.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
cmd/soroban-cli/src/commands/contract/bindings/typescript.rs Validates --output-dir basename as an npm package name and introduces a new CLI error variant.
cmd/crates/soroban-spec-typescript/src/lib.rs Adds npm package name validation helper and unit tests.
cmd/crates/soroban-spec-typescript/src/boilerplate.rs Switches package.json update to serde_json parsing/serialization; adds tests for name setting and invalid input.
cmd/crates/soroban-spec-typescript/Cargo.toml Enables serde_json’s preserve_order feature to keep template key ordering stable.
Cargo.lock Updates lockfile to include new transitive dependency introduced by preserve_order.

fnando
fnando reviewed Mar 6, 2026
View reviewed changes
@fnando fnando enabled auto-merge (squash) March 13, 2026 17:41
@fnando fnando moved this from Backlog (Not Ready) to Needs Review in DevX Mar 13, 2026
@fnando fnando merged commit 8a6c883 into main Mar 13, 2026
193 checks passed
@fnando fnando deleted the sanitize-js-bindings-output-dir branch March 13, 2026 18:06
@github-project-automation github-project-automation bot moved this from Needs Review to Done in DevX Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fnando fnando fnando approved these changes

Assignees

No one assigned

Labels

None yet

Projects

DevX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mootz12 @fnando