Feat/repack bundler

[KVNLS]

✅ Checklist

• npx changeset was attached.
• Covered by automatic tests.
• Impact of the changes:
  • ...

📝 Description

What

Migrate Ledger Live Mobile from Metro bundler to Repack (powered by rspack) for faster and more flexible bundling.

Why

• Faster build times: Repack leverages rspack (Rust-based bundler) which provides significantly faster bundling compared to Metro
• Better compatibility: Improved handling of monorepo dependencies and pnpm workspace resolution
• Developer tooling: Integration with Rozenite for enhanced debugging capabilities (network activity, React Navigation, Redux DevTools, MMKV inspection)
• Modern architecture: rspack provides better tree-shaking, code splitting capabilities, and webpack ecosystem compatibility
• Module Federation: We want to unlock this capability for potential usage with Live Apps or other use cases

❓ Context

• JIRA or GitHub link: https://ledgerhq.atlassian.net/browse/LIVE-24694

---

Build iOS
Build Android

🧐 Checklist for the PR Reviewers

• The code aligns with the requirements described in the linked JIRA or GitHub issue.
• The PR description clearly documents the changes made and explains any technical trade-offs or design decisions.
• There are no undocumented trade-offs, technical debt, or maintainability issues.
• The PR has been tested thoroughly, and any potential edge cases have been considered and handled.
• Any new dependencies have been justified and documented.
• Performance considerations have been taken into account. (changes have been profiled or benchmarked if necessary)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

4 Skipped Deployments

Project	Deployment	Review	Updated (UTC)
ledger-live-github-bot	Ignored	Preview	Jan 28, 2026 10:38am
native-ui-storybook	Ignored	Preview	Jan 28, 2026 10:38am
react-ui-storybook	Ignored	Preview	Jan 28, 2026 10:38am
web-tools	Ignored	Preview	Jan 28, 2026 10:38am

[live-github-bot]

Desktop Bundle Checks

Comparing 3fbef34 against 8edd2a9.

✅ Previous issues have all been fixed.

Mobile Bundle Checks

Comparing 3fbef34 against 8edd2a9.

⚠️ main.ios.jsbundle bundle size significantly increased: 55.6mb -> 56mb. Please check if this is expected.
⚠️ main.android.jsbundle bundle size significantly increased: 55.6mb -> 56mb. Please check if this is expected.

[Copilot]

Pull request overview

This PR migrates Ledger Live Mobile from Metro bundler to Repack (powered by rspack) to achieve faster build times, better monorepo compatibility, and enhanced developer tooling through Rozenite integration.

Changes:

• Replaced Metro bundler with Repack/rspack for significantly faster build times and better pnpm workspace resolution
• Added Rozenite integration for enhanced debugging capabilities (network monitoring, Redux DevTools, navigation inspection, MMKV storage)
• Updated build scripts and iOS/Android configurations to support the new bundler architecture

Reviewed changes

Copilot reviewed 8 out of 10 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
pnpm-lock.yaml	Added @callstack/repack packages, @rspack/core, and @rozenite/repack; removed @react-native/metro-config and @rozenite/metro
apps/ledger-live-mobile/rspack.config.mjs	New rspack configuration with TypeScript alias resolution, pnpm workspace support, and Rozenite integration
apps/ledger-live-mobile/react-native.config.js	Added Repack rspack commands configuration
apps/ledger-live-mobile/package.json	Updated bundle scripts with increased Node memory allocation and added new Repack dependencies
apps/ledger-live-mobile/babel.config.js	Added metro-transform-plugins for inline requires and removed styled-components plugin configuration
apps/ledger-live-mobile/src/reducers/accounts.ts	Added optional chaining to accountsSelector for safer state access
apps/ledger-live-mobile/ios/ledgerlivemobile.xcodeproj/project.pbxproj	Updated React Native bundling script to properly detect CLI path
apps/ledger-live-mobile/ios/Podfile.lock	Added callstack-repack pod with dependencies (JWTDecode, SwiftyRSA)
apps/ledger-live-mobile/android/app/build.gradle	Added androidx.appcompat:appcompat dependency
knip.json	Updated ignored dependencies to reflect bundler migration

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The optional chaining operator (?.) is added to safely access s.accounts.active. While this prevents potential runtime errors, it would be helpful to understand why this defensive coding is necessary. Is there a scenario where s.accounts could be undefined or null during the migration to Repack? If this is a workaround for a bundler-related initialization issue, it should be documented in a comment explaining the context.

Suggested change

	*/
	*/
	// Note: we use optional chaining on `s.accounts` here because, during app startup
	// (e.g. store hydration, state migrations, or Repack/bundler-related initialization),
	// the `accounts` slice can briefly be undefined/null before the reducer state is
	// fully initialized. This defensive access avoids crashes in those transient states.

[Copilot]

The babel-plugin-styled-components configuration has been removed from babel.config.js. This plugin was previously configured with specific options for SSR, display names, minification, and template literal transpilation. Ensure that styled-components still functions correctly without this configuration, or verify that the Repack bundler handles styled-components transformation internally. If this functionality is no longer needed, consider removing the babel-plugin-styled-components dependency from package.json as well.

Suggested change

	["@babel/plugin-transform-private-methods", { loose: true }],
	["@babel/plugin-transform-private-methods", { loose: true }],
	[
	"babel-plugin-styled-components",
	{
	ssr: true,
	displayName: true,
	minify: true,
	transpileTemplateLiterals: true,
	},
	],

[Copilot]

The new rspack.config.mjs configuration file lacks test coverage. Given that this is a critical infrastructure change affecting the entire build and bundling process, it would be beneficial to add integration tests that verify the bundler configuration works correctly for both iOS and Android platforms in development and production modes.

[Copilot]

The error handling in resolveFromPnpmSubmodule could be improved. Currently, if no matching pnpm submodule is found, it throws an error with the path that was being searched. However, this error message doesn't show which specific entry was attempted. Consider including more debugging information in the error message, such as the pnpm directory being searched or the list of entries that were checked.

Suggested change

	for (const entry of readdirSync(pnpmDir)) {
	const candidate = path.join(pnpmDir, entry, ...subPath);
	if (existsSync(candidate)) return candidate;
	}
	throw new Error(`Cannot resolve pnpm submodule path: ${path.join(...subPath)}`);
	const entries = readdirSync(pnpmDir);
	for (const entry of entries) {
	const candidate = path.join(pnpmDir, entry, ...subPath);
	if (existsSync(candidate)) return candidate;
	}
	throw new Error(
	`Cannot resolve pnpm submodule path: ${path.join(
	...subPath,
	)}; searched in: ${pnpmDir}; checked entries: ${entries.join(", ") || "<none>"}`,
	);

[github-actions]

⚠️ E2E tests are required

Changes detected require e2e testing before merge (even before asking for any review).

🖥️ Desktop

-> Run Desktop E2E

• Select "Run workflow"
• Branch: feat/repack-bundler
• Device: nanoSP or stax

📱 Mobile

-> Run Mobile E2E

• Select "Run workflow"
• Branch: feat/repack-bundler
• Device: nanoX

[Copilot]

Pull request overview

Copilot reviewed 9 out of 11 changed files in this pull request and generated 5 comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

@react-native/community-cli-plugin is pinned to 0.77.3 while this app is on the React Native catalog version (0.79.x). This introduces multiple versions of RN CLI/Metro-related packages in the lockfile and risks incompatibilities. Prefer aligning this to the React Native version used in the repo (e.g., via catalog), or remove the explicit dependency if it’s already provided transitively by react-native/@react-native-community/cli.

Suggested change

	"@react-native/community-cli-plugin": "0.77.3",
	"@react-native/community-cli-plugin": "catalog:",

[Copilot]

The Xcode scheme’s LaunchAction buildConfiguration was changed from Debug to Staging while TestAction remains Debug. This is a significant behavioral change for local Xcode runs and seems unrelated to the bundler migration. If unintentional, revert to Debug; if intentional, consider documenting why Staging should be the default launch configuration and whether TestAction should be updated for consistency.

[Copilot]

Pinning androidx.appcompat:appcompat to 1.1.0 is very old and may cause dependency resolution conflicts with other AndroidX libraries (or miss fixes needed on newer SDKs). If this is required for Detox, consider aligning to the version recommended by Detox/RN docs or the rest of the project’s AndroidX versions; otherwise avoid forcing an explicit appcompat version here.

[Copilot]

resolveFromPnpmSubmodule scans every entry under node_modules/.pnpm on each config evaluation to find a matching file. This can be noticeably slow in large workspaces and is brittle if the .pnpm directory layout changes. Prefer resolving from the package root deterministically (e.g., resolve the package.json path with require.resolve using nodeModulesPaths, then join to the desired file), and/or cache results to avoid repeated directory scans.

[Copilot]

withRozeniteUrlFix wraps devServer.setupMiddlewares but only forwards the first parameter to the original handler. If the underlying devServer implementation passes additional arguments (e.g., the devServer instance), this wrapper will drop them and can break the original middleware setup. Forward all arguments when delegating to originalSetupMiddlewares.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 13 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new iOS bundle script always invokes with-environment.sh even when SKIP_JS_BUNDLING=true sets REACT_NATIVE_XCODE to an empty string. In that case, /bin/sh -c "$WITH_ENVIRONMENT $REACT_NATIVE_XCODE" will call with-environment.sh without the target script path and can fail the build. Consider short-circuiting the script when SKIP_JS_BUNDLING is true, or only invoking with-environment.sh when REACT_NATIVE_XCODE is non-empty (and keep proper quoting).

[Copilot]

Pull request overview

Copilot reviewed 10 out of 13 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

withRozeniteUrlFix wraps devServer.setupMiddlewares but changes the function signature to accept only middlewares. webpack-dev-server passes (middlewares, devServer); dropping the second arg can break upstream middleware setup that relies on devServer.

Recommend preserving the signature by using (...args) => { const result = originalSetupMiddlewares(...args); ... }.

[Copilot]

babel-plugin-transform-inline-environment-variables remains in devDependencies, but it was removed from babel.config.js and doesn’t appear to be referenced elsewhere in the repo. Keeping it adds install surface area without effect.

Either re-add it to the Babel plugins list (if still needed) or remove the dependency from this package.

Suggested change

"babel-plugin-transform-inline-environment-variables": "0.4.4",

[Copilot]

Pull request overview

Copilot reviewed 9 out of 12 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The newly added androidx.appcompat:appcompat:1.1.0 is very old relative to the project’s compileSdkVersion = 35 and can introduce unnecessary version skew in the AndroidX dependency graph. Also, the Detox-related comment below now reads as if it applies to material, not the added AppCompat line.

If AppCompat is required, prefer aligning its version with the rest of the resolved AndroidX set (or relying on the transitive AppCompat brought by Material, if applicable) and update/move the comment to match the dependency it refers to.

Suggested change

	implementation 'androidx.appcompat:appcompat:1.1.0'
	// Needed for Detox getAttributes on Android : https://github.com/wix/Detox/issues/3147
	// Needed for Detox getAttributes on Android : https://github.com/wix/Detox/issues/3147
	implementation 'androidx.appcompat:appcompat:1.6.1'

[Copilot]

The Gradle dependencies androidTestImplementation('com.wix:detox:+') and implementation 'com.facebook.soloader:soloader:0.10.4+' use dynamic + versions, which means each build may fetch a newer, unvetted artifact and execute its code with access to your CI environment and secrets. This creates a supply-chain risk where a compromised upstream release or registry could silently introduce malicious code into your test or production builds. To reduce this risk, pin these libraries to explicit, vetted versions (or immutable coordinates) instead of using + or other dynamic version ranges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud