- 
                Notifications
    You must be signed in to change notification settings 
- Fork 5.5k
Fixing relative import apps #18159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing relative import apps #18159
Conversation
| The latest updates on your projects. Learn more about Vercel for GitHub. 2 Skipped Deployments
 | 
| WalkthroughReplaces many relative imports with @pipedream/* package imports across multiple components, adds corresponding dependencies and devDependencies, bumps many component/package versions, removes one YouTube source file, replaces Trustpilot's defineApp wrapper with a plain object export, and updates the CI schedule cron timing. Changes
 Sequence Diagram(s)Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Assessment against linked issues
 Assessment against linked issues: Out-of-scope changes
 
 Tip 🔌 Remote MCP (Model Context Protocol) integration is now available!Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats. 📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 💡 Knowledge Base configuration: 
 You can enable these sources in your CodeRabbit configuration. ⛔ Files ignored due to path filters (1)
 📒 Files selected for processing (1)
 💤 Files with no reviewable changes (1)
 ⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
 ✨ Finishing Touches
 🧪 Generate unit tests
 Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit: 
 SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type  Other keywords and placeholders
 CodeRabbit Configuration File ( | 
…/pipedream into publish-issues-18150
Its "parent" component was previously deleted in PR #15695
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 33
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️  Outside diff range comments (7)
.github/workflows/scheduled-package-validation.yaml (1)
51-67: Missing report currently masks failures; treat generator errors and missing artifacts as failures.If
validation-report.jsonisn’t produced, the workflow setsfailed_count=0and posts a success summary. That silently hides real failures (e.g., script crash). You’re already capturing the generator’s exit code; wire it into the decision logic and fail when the report is missing.Apply this diff to propagate the exit code and avoid false “success”:
- name: Check for failures id: check_failures run: | - if [ -f "validation-report.json" ]; then - FAILED_COUNT=$(node -e " - const fs = require('fs'); - try { - const report = JSON.parse(fs.readFileSync('validation-report.json', 'utf8')); - console.log(report.summary.failed || 0); - } catch { - console.log(0); - } - ") - echo "failed_count=$FAILED_COUNT" >> $GITHUB_OUTPUT - else - echo "failed_count=0" >> $GITHUB_OUTPUT - fi + FAILED_COUNT= + if [ -f "validation-report.json" ]; then + FAILED_COUNT=$(node -e " + const fs = require('fs'); + try { + const report = JSON.parse(fs.readFileSync('validation-report.json', 'utf8')); + console.log(report?.summary?.failed ?? 0); + } catch { + console.log(1); // parsing error -> treat as failure + } + ") + else + echo 'validation-report.json is missing.' >&2 + FAILED_COUNT=1 + fi + # If the generator exited non-zero, ensure we mark as failure. + if [ '${{ steps.validation.outputs.validation_exit_code }}' != '0' ]; then + echo "Report generator exit code: ${{ steps.validation.outputs.validation_exit_code }}" >&2 + FAILED_COUNT=${FAILED_COUNT:-1} + fi + echo "failed_count=$FAILED_COUNT" >> $GITHUB_OUTPUTcomponents/youtube_data_api_custom_app/sources/new-videos-by-handle/new-videos-by-handle.mjs (1)
12-15: Wire the custom app into common by overriding the expected prop key.As written, you add
youtubeDataApialongside...common.props. Ifcommon.propsdefines ayoutubeapp prop (typical for non-custom components) and the implementation usesthis.youtube, the custom app won’t be used. Override the same key common expects (likelyyoutube) to point at the custom app, and ensure the override order is correct (last write wins).Apply this diff:
props: { - youtubeDataApi, - ...common.props, + // Spread first, then override with the custom app under the expected key + ...common.props, + youtube: youtubeDataApi, },If
commonexpects a different key, replaceyoutubewith that key. The verification script above will reveal the exact prop name to override.components/youtube_data_api_custom_app/actions/upload-thumbnail/upload-thumbnail.mjs (2)
11-46: Order bug: common.props currently overrides your local prop definitions.You spread
...common.propsafter definingvideoId,fileUrl,filePath, andonBehalfOfContentOwner. Ifcommon.propsdefines any of these keys, it will overwrite your local definitions (including descriptions and propDefinitions). Move...common.propsbefore your custom props so your local versions win.Apply this change:
props: { youtubeDataApi, - videoId: { - propDefinition: [ - youtubeDataApi, - "userOwnedVideo", - ], - }, - fileUrl: { - propDefinition: [ - youtubeDataApi, - "fileUrl", - ], - description: "The URL of the thumbnail image file you want to upload to YouTube. Must specify either **File URL** or **File Path**.", - }, - filePath: { - propDefinition: [ - youtubeDataApi, - "filePath", - ], - description: "Path to the thumbnail image file to upload (e.g., `/tmp/myVideo.mp4`). Must specify either **File URL** or **File Path**.", - }, - onBehalfOfContentOwner: { - propDefinition: [ - youtubeDataApi, - "onBehalfOfContentOwner", - ], - }, - ...common.props, + ...common.props, + videoId: { + propDefinition: [ + youtubeDataApi, + "userOwnedVideo", + ], + }, + fileUrl: { + propDefinition: [ + youtubeDataApi, + "fileUrl", + ], + description: "The URL of the thumbnail image file you want to upload to YouTube. Must specify either **File URL** or **File Path**.", + }, + filePath: { + propDefinition: [ + youtubeDataApi, + "filePath", + ], + description: "Path to the thumbnail image file to upload (e.g., `/tmp/thumbnail.jpg`). Must specify either **File URL** or **File Path**.", + }, + onBehalfOfContentOwner: { + propDefinition: [ + youtubeDataApi, + "onBehalfOfContentOwner", + ], + }, syncDir: { type: "dir", accessMode: "read", sync: true, optional: true, }, },
31-31: Fix example extension in filePath description (uses .mp4 for an image).This is user-facing and misleading for a thumbnail. Suggest using a typical image extension.
Apply this change:
- description: "Path to the thumbnail image file to upload (e.g., `/tmp/myVideo.mp4`). Must specify either **File URL** or **File Path**.", + description: "Path to the thumbnail image file to upload (e.g., `/tmp/thumbnail.jpg`). Must specify either **File URL** or **File Path**.",components/gitlab_developer_app/actions/create-epic/create-epic.mjs (1)
17-20: Ensure the developer app prop overrides common props (merge order risk)If
propsreturned fromadjustPropDefinitionsstill contains agitlabprop (from the common action), the current order will overwritegitlab: appwith the common app. Flip the merge order to guarantee the developer app takes precedence.props: { - gitlab: app, - ...props, + ...props, + gitlab: app, },components/trustpilot/trustpilot.app.mjs (2)
310-316: Bug: Private Service Review method uses PUBLIC_REVIEWS endpoint.The “Private Service Review methods” section should call the private endpoint. Using the public endpoint likely bypasses auth-only fields and contradicts the method’s intent.
Apply this diff:
- const endpoint = buildUrl(ENDPOINTS.PUBLIC_REVIEWS, { + const endpoint = buildUrl(ENDPOINTS.PRIVATE_SERVICE_REVIEWS, { businessUnitId: options.businessUnitId, });
556-577: Harden webhook signature verification (encoding, prefix, constant-time length check).Current code compares UTF-8 strings and can throw if Buffer lengths differ. Also, providers often prefix with "sha256=" and may send hex or base64 encodings. Compute the raw HMAC bytes and compare buffers in constant time, accepting either hex or base64 input and stripping an optional prefix. Prefer verifying against the raw request body string.
- validateWebhookSignature(payload, signature, secret) { - // Trustpilot uses HMAC-SHA256 for webhook signature validation - // The signature is sent in the x-trustpilot-signature header - if (!signature || !secret) { - return false; - } - - const payloadString = typeof payload === "string" - ? payload - : JSON.stringify(payload); - - const expectedSignature = crypto - .createHmac("sha256", secret) - .update(payloadString) - .digest("hex"); - - // Constant time comparison to prevent timing attacks - return crypto.timingSafeEqual( - Buffer.from(signature), - Buffer.from(expectedSignature), - ); - }, + validateWebhookSignature(payload, signature, secret) { + // Accepts signatures in the header with optional "sha256=" prefix and hex or base64 encoding. + // IMPORTANT: `payload` should be the raw request body string for reliable verification. + if (!signature || !secret) return false; + const payloadString = typeof payload === "string" ? payload : JSON.stringify(payload); + + // Normalize header value + const normalized = signature.startsWith("sha256=") ? signature.slice(7) : signature; + + // Compute raw HMAC bytes + const hmacBytes = crypto.createHmac("sha256", secret).update(payloadString).digest(); // Buffer + + // Decode provided signature as hex, else base64 + let providedBytes = null; + try { + providedBytes = Buffer.from(normalized, "hex"); + // Heuristic: if decoding as hex didn’t yield same-length digest, fallback to base64 + if (providedBytes.length !== hmacBytes.length) { + providedBytes = Buffer.from(normalized, "base64"); + } + } catch { + try { + providedBytes = Buffer.from(normalized, "base64"); + } catch { + return false; + } + } + if (providedBytes.length !== hmacBytes.length) return false; + return crypto.timingSafeEqual(providedBytes, hmacBytes); + },Rationale and best practices on constant-time comparison. (snyk.io)
Note: I couldn’t find first-party docs clarifying the exact encoding of x-trustpilot-signature; third-party guides show hex without the "sha256=" prefix. Please validate with a real webhook payload from Trustpilot and adjust if needed. (developers.trustpilot.com, rollout.com)
♻️ Duplicate comments (8)
components/procore_sandbox/sources/new-prime-contract-event-instant/new-prime-contract-event-instant.mjs (2)
1-1: Import alias migration looks goodThis mirrors the pattern established in new-event-instant and aligns with the validation report’s guidance.
Refer to the verification script attached to components/procore_sandbox/sources/new-event-instant/new-event-instant.mjs (Line 1) for dependency and subpath checks.
12-12: Consistent patch bump0.0.2 matches the import-only change scope.
Covered by the cross-file version consistency check suggested on components/procore_sandbox/sources/new-event-instant/new-event-instant.mjs (Line 12).
components/procore_sandbox/sources/new-budget-snapshot-event-instant/new-budget-snapshot-event-instant.mjs (2)
1-1: Good: replaced relative path with @pipedream/procore deep importMatches the repo-wide migration strategy.
Dependency and subpath verification is covered by the earlier script.
12-12: Version bump to 0.0.2 is appropriateKeeps the sandbox wrapper’s published surface in sync with the import change.
Cross-file version validation covered by the earlier script.
components/procore_sandbox/sources/new-change-order-package-event-instant/new-change-order-package-event-instant.mjs (2)
1-1: LGTM on the package-scoped importThe change removes fragile relative traversal and should resolve RELATIVEIMPORTS failures.
Subpath and dependency checks are covered by the earlier verification script.
12-12: Patch version bump confirmedConsistent with similar sandbox wrappers.
Version consistency is covered by the earlier script.
components/procore_sandbox/sources/new-purchase-order-event-instant/new-purchase-order-event-instant.mjs (2)
1-1: Import path migration approvedSwitching to @pipedream/procore aligns with the validation report recommendations and reduces coupling to internal file layout.
Re-use the earlier verification script for dependency and deep-import availability checks.
12-12: Version field updated appropriatelyPatch bump matches a non-functional import path change.
Covered by the cross-file version consistency script.
🧹 Nitpick comments (48)
components/youtube_data_api_custom_app/actions/delete-playlist/delete-playlist.mjs (1)
12-26: Possible prop override: ensure custom props aren't overwritten by common.propsSpreading
...common.propsafterplaylistIdandonBehalfOfContentOwnermeans any identically named props incommon.propswill overwrite your custom definitions (notablyplaylistIdthat points touserOwnedPlaylist). Ifcommon.propsdefines these, the custom app behavior could be lost.If
common.propscontainsplaylistIdoronBehalfOfContentOwner, reorder so the custom definitions win:props: { - youtubeDataApi, - playlistId: { - propDefinition: [ - youtubeDataApi, - "userOwnedPlaylist", - ], - }, - onBehalfOfContentOwner: { - propDefinition: [ - youtubeDataApi, - "onBehalfOfContentOwner", - ], - }, - ...common.props, + // Spread first, then override with custom-app-specific props + ...common.props, + youtubeDataApi, + playlistId: { + propDefinition: [ + youtubeDataApi, + "userOwnedPlaylist", + ], + }, + onBehalfOfContentOwner: { + propDefinition: [ + youtubeDataApi, + "onBehalfOfContentOwner", + ], + }, },If
common.propsdoesn’t define these keys, current order is fine—please confirm..github/workflows/scheduled-package-validation.yaml (5)
5-6: Cron "*/7" isn’t truly “every seven days”; switch to a weekly day-of-week schedule.GitHub’s cron day-of-month field resets each month, so
*/7won’t run exactly every 7 days (and will drift at month boundaries). If the intent is “weekly,” use a day-of-week expression.Apply this diff to make it reliably weekly (every Monday 00:00 UTC) and update the comment:
- # Run every seven days at midnight UTC - - cron: '0 0 */7 * *' + # Run weekly at 00:00 UTC every Monday + - cron: '0 0 * * 1'
23-27: Upgrade Node.js to a supported LTS (e.g., 20) for CI.Node 18 is past end-of-life, which risks toolchain breakage and security issues in CI. Use Node 20 LTS (or 22 if your toolchain supports it).
Apply this diff:
- node-version: 18 + node-version: 20If you maintain a version file, consider:
+ node-version-file: '.node-version'
3-8: Set minimal workflow permissions explicitly.Explicit permissions harden the workflow and ensure
GITHUB_TOKENhas the least privilege needed (read for code, write for issues).Apply this diff near the top-level (workflow root):
on: schedule: # Run every seven days at midnight UTC - cron: '0 0 */7 * *' workflow_dispatch: # Allow manual triggering for testing + +permissions: + contents: read + actions: read + issues: writeAdjust if the composite action needs additional scopes.
10-13: Prevent overlapping runs and add a timeout for reliability.Long validations can overlap with the next schedule and contend for resources. Add a concurrency group and a sensible timeout.
Apply this diff:
validate-packages: name: Generate Package Validation Report runs-on: ubuntu-latest + timeout-minutes: 60 + concurrency: + group: scheduled-package-validation-${{ github.ref }} + cancel-in-progress: true
29-31: Prefer reproducible installs with a frozen lockfile.Using
--no-frozen-lockfileallows dependency drift in CI, making validation non-deterministic. If the repo’s lockfiles are up to date, freeze installs.Apply this diff (verify that the monorepo lockfiles are current):
- - name: Install dependencies - run: pnpm install -r --no-frozen-lockfile + - name: Install dependencies + run: pnpm install -r --frozen-lockfileIf you intentionally allow unlocks here, consider adding a comment explaining why.
components/procore_sandbox/actions/create-manpower-log/create-manpower-log.mjs (1)
1-1: Consider avoiding deep package paths for long‑term stability.If feasible, prefer a stable re-export (e.g., from the package root or a documented public entry) to reduce coupling to internal file layout. If @pipedream/procore doesn’t expose such an entry today, this is a non-blocking note.
components/youtube_data_api_custom_app/sources/new-videos-by-handle/new-videos-by-handle.mjs (1)
8-8: Nit: Proper brand capitalization (“YouTube”).Minor copyedit to match brand spelling.
Apply this diff:
- description: "Emit new event for each new Youtube video tied to a handle.", + description: "Emit new event for each new YouTube video tied to a handle.",components/youtube_data_api_custom_app/actions/upload-channel-banner/upload-channel-banner.mjs (2)
25-25: Nit: mp4 example for a banner image is misleading.Use an image extension (jpg/png) for clarity.
Already included in the diff above; if you prefer PNG:
- description: "Path to the banner image file to upload (e.g., `/tmp/myVideo.mp4`). Must specify either **File URL** or **File Path**.", + description: "Path to the banner image file to upload (e.g., `/tmp/myBanner.png`). Must specify either **File URL** or **File Path**.",
1-1: Optional: consider package alias for the app import (if available).For consistency with the RELATIVEIMPORTS remediation, consider importing the app via an
@pipedream/youtube_data_api_custom_appalias (or its exported app entry) if the package exposes one. If not exported, keeping the relative import is fine.If you want, I can propose an exports map and the corresponding import change across the package.
components/youtube_data_api_custom_app/actions/delete-playlist-items/delete-playlist-items.mjs (2)
20-23: Clarify naming: property is called “videoIds” but values are playlist item IDs.
options()returnsvalue: item.id, which is a playlistItem ID (required by playlistItems.delete), not a video ID. The current name/description can confuse users.Consider a non-breaking clarity tweak by adjusting label/description (keeping the prop name to avoid breaking existing workflows):
- label: "Video Ids", - description: "Array of identifiers of the videos to be removed from the playlist", + label: "Playlist Item IDs", + description: "Identifiers of the playlist items to remove from the playlist",If you prefer true video IDs instead, switch the value to
item.contentDetails.videoId, but note the API requires playlistItem IDs for deletion, so this would also require changes incommonand would be a breaking change (avoid in this PR).Also applies to: 28-31
11-11: Order of spreadingcommon.propsmay override local custom-app prop definitions.Since
...common.propscomes after local props, any overlapping keys incommon.propswill override the locally customized definitions (e.g., ones referencing the custom app). If the intention is for the custom-app props declared here to take precedence, place...common.propsfirst.Apply these minimal edits:
Add at the start of the props block (after the opening brace):
props: { + ...common.props, youtubeDataApi,Remove the trailing spread:
- ...common.props,Before changing order, please confirm whether
common.propsdefines any of the same keys (playlistId,videoIds,onBehalfOfContentOwner) to avoid inadvertent behavior changes.Also applies to: 40-40
components/amazon_ses/package.json (1)
16-18: Dependency Alignment Verified – Optional SDK Version Unification Recommended
- No disallowed relative imports to
aws.app.mjsremain.- The only importer of
@pipedream/awsiscomponents/amazon_ses/amazon_ses.app.mjs, and itscomponents/amazon_ses/package.jsoncorrectly declares
"@pipedream/aws": "^1.1.0".Optional: To reduce duplicate sub-dependencies across AWS SDK clients, consider aligning all three minor versions to the same range. For example, bump all to
^3.95.0:- "@aws-sdk/client-ec2": "^3.89.0", - "@aws-sdk/client-ses": "^3.95.0", - "@aws-sdk/client-sesv2": "^3.87.0", + "@aws-sdk/client-ec2": "^3.95.0", + "@aws-sdk/client-ses": "^3.95.0", + "@aws-sdk/client-sesv2": "^3.95.0",components/amazon_ses/amazon_ses.app.mjs (1)
100-104: Allow intentionally-empty strings when updating/using template fields.
replaceCurlyBrackets currently returnsundefinedfor any falsy input. That prevents callers from intentionally setting an empty Subject/HTML/Text (e.g., clearing a field) because empty string is treated as “unset.” Treatundefinedas “unset” but preserve empty string.- replaceCurlyBrackets(text) { - return text - ? text.replace(/\\{/g, "{").replace(/\\}/g, "}") - : undefined; - }, + replaceCurlyBrackets(text) { + if (text === undefined) return undefined; + return String(text).replace(/\\{/g, "{").replace(/\\}/g, "}"); + },Note: This keeps the un-escaping behavior while letting callers pass "" explicitly.
components/amazon_ses/actions/send-email/send-email.mjs (1)
90-92: Optional: surface the SES message ID for better observability.
Consider including the response’s MessageId (if present) in the summary for easier debugging in runs.- const response = await this.amazonSes.sendEmail(this.region, params); - $.export("$summary", "Sent email successfully"); + const response = await this.amazonSes.sendEmail(this.region, params); + const msgId = response?.MessageId || response?.$metadata?.requestId; + $.export("$summary", `Sent email successfully${msgId ? ` (MessageId: ${msgId})` : ""}`); return response;components/amazon_ses/actions/update-email-template/update-email-template.mjs (1)
50-53: Empty string overrides are currently impossible — consider allowing them.
BecausereplaceCurlyBracketsreturnsundefinedfor falsy inputs and you use??to fall back, passing""for Subject/Html/Text won’t override existing template content. If clearing a field should be supported, adopt the suggested change in amazon_ses.app.mjs to distinguishundefinedfrom"".No change needed here if you adopt the helper refactor:
- After the helper change,
""will be preserved and sent, whileundefinedwill still fall back toTemplateContent.*.components/amazon_ses/actions/send-templated-email/send-templated-email.mjs (1)
69-71: Optional: include MessageId in summary for parity with Send Email action.
For consistent run diagnostics, consider surfacing the MessageId here as well.- const response = await this.amazonSes.sendTemplatedEmail(this.region, params); - $.export("$summary", "Sent email successfully"); + const response = await this.amazonSes.sendTemplatedEmail(this.region, params); + const msgId = response?.MessageId || response?.$metadata?.requestId; + $.export("$summary", `Sent email successfully${msgId ? ` (MessageId: ${msgId})` : ""}`); return response;components/amazon_ses/actions/create-email-template/create-email-template.mjs (3)
39-41: Harden validation: treat empty strings as missing input.Current check allows blank " " values. Tighten to require non-empty Html/Text to avoid SES validation errors upstream.
- if (!this.Html && !this.Text) { - throw new ConfigurationError("Html or Text must be configured"); - } + const hasHtml = typeof this.Html === "string" && this.Html.trim().length > 0; + const hasText = typeof this.Text === "string" && this.Text.trim().length > 0; + if (!hasHtml && !hasText) { + throw new ConfigurationError("Provide at least one of Html or Text (non-empty)."); + }
46-49: Avoid calling replaceCurlyBrackets on undefined/blank strings.Guard the transformations to reduce unnecessary calls and keep undefined fields out of the payload.
- Subject: this.amazonSes.replaceCurlyBrackets(this.Subject), - Html: this.amazonSes.replaceCurlyBrackets(this.Html), - Text: this.amazonSes.replaceCurlyBrackets(this.Text), + Subject: this.amazonSes.replaceCurlyBrackets(this.Subject), + Html: hasHtml ? this.amazonSes.replaceCurlyBrackets(this.Html) : undefined, + Text: hasText ? this.amazonSes.replaceCurlyBrackets(this.Text) : undefined,
52-52: Make $summary more informative.Including the template name improves UX in execution logs.
- $.export("$summary", "Successfully created email template"); + $.export("$summary", `Created email template "${this.TemplateName}"`);components/amazon_ses/actions/get-email-template/get-email-template.mjs (1)
22-27: Enrich the $summary to include the template name.Helps users confirm they fetched the intended resource in run logs.
- $.export("$summary", "Successfully retrieved email template"); + $.export("$summary", `Retrieved email template "${this.TemplateName}"`);components/youtube_data_api_custom_app/sources/new-videos-in-channel/new-videos-in-channel.mjs (1)
12-15: Confirm props spread order won’t override the custom app referenceYou’re spreading
common.propsafteryoutubeDataApi. Ifcommon.propsdefines an app prop with the same key, it will overrideyoutubeDataApi. If the intent is to ensure the custom app is used, consider swapping order.If needed, apply:
props: { - youtubeDataApi, - ...common.props, + ...common.props, + youtubeDataApi, },components/youtube_data_api_custom_app/sources/new-comment-posted/new-comment-posted.mjs (1)
9-9: Nit: capitalize brand name “YouTube” in descriptionMinor copy edit for consistency across components.
Apply:
- description: "Emit new event for each new comment or reply posted to a Youtube video.", + description: "Emit new event for each new comment or reply posted to a YouTube video.",components/youtube_data_api_custom_app/actions/list-videos/list-videos.mjs (1)
79-79: Nit: label typo formaxWidthThe label reads “Max Height” under the
maxWidthprop.Apply:
- maxWidth: { - label: "Max Height", + maxWidth: { + label: "Max Width",components/youtube_data_api_custom_app/actions/update-channel/update-channel.mjs (1)
46-46: Guard against prop overrides from common.props.Spreading common.props last means any duplicate keys defined in common (e.g., onBehalfOfContentOwner, description) will override the explicit definitions above. If local props are intended to take precedence, spread common.props first.
Suggested reorder:
props: { youtubeDataApi, + ...common.props, channelId: { propDefinition: [ youtubeDataApi, "userOwnedChannel", ], }, description: { propDefinition: [ youtubeDataApi, "description", ], description: "The channel's description", optional: true, }, defaultLanguage: { propDefinition: [ youtubeDataApi, "hl", ], description: "The language of the text in the channel resource", }, keywords: { type: "string[]", label: "Keywords", description: "Keywords associated with your channel", optional: true, }, onBehalfOfContentOwner: { propDefinition: [ youtubeDataApi, "onBehalfOfContentOwner", ], }, - ...common.props, },components/youtube_data_api_custom_app/actions/list-activities/list-activities.mjs (1)
20-21: Verify consts.LIST_ACTIVITIES_USE_CASES matches the expected enum in common.If common.props also defines useCase, ensure your local definition (with options from consts) takes precedence. Otherwise, consider spreading common.props first and then overriding useCase.
Suggested reorder (only if a conflict exists):
props: { youtubeDataApi, - useCase: { - propDefinition: [ - youtubeDataApi, - "useCase", - ], - options: consts.LIST_ACTIVITIES_USE_CASES, - }, - ...common.props, + ...common.props, + useCase: { + propDefinition: [ + youtubeDataApi, + "useCase", + ], + options: consts.LIST_ACTIVITIES_USE_CASES, + }, },components/youtube_data_api_custom_app/sources/new-subscription/new-subscription.mjs (1)
8-8: Polish wording in the user-facing description.Minor grammar and article use.
Apply:
- description: "Emit new event for each new subscription from authenticated user.", + description: "Emit an event for each new subscription from the authenticated user.",components/youtube_data_api_custom_app/actions/update-video-details/update-video-details.mjs (1)
60-60: Avoid accidental overrides from common.props.As with other files, spreading common.props last may override local prop definitions (e.g., onBehalfOfContentOwner, tags). If local values should win, spread common.props first.
Proposed reorder:
props: { youtubeDataApi, + ...common.props, videoId: { propDefinition: [ youtubeDataApi, "userOwnedVideo", ], }, title: { propDefinition: [ youtubeDataApi, "title", ], }, description: { propDefinition: [ youtubeDataApi, "description", ], optional: true, }, tags: { propDefinition: [ youtubeDataApi, "tags", ], }, regionCode: { propDefinition: [ youtubeDataApi, "regionCode", ], default: "US", }, categoryId: { propDefinition: [ youtubeDataApi, "videoCategoryId", (c) => ({ regionCode: c.regionCode, }), ], }, onBehalfOfContentOwner: { propDefinition: [ youtubeDataApi, "onBehalfOfContentOwner", ], }, - ...common.props, },components/youtube_data_api_custom_app/sources/new-subscriber/new-subscriber.mjs (1)
8-8: Tighten up wording and capitalization (YouTube, user's channel).Improves clarity for users reading the source description.
Apply:
- description: "Emit new event for each new Youtube subscriber to user Channel.", + description: "Emit an event for each new YouTube subscriber to the user's channel.",components/youtube_data_api_custom_app/actions/update-playlist/update-playlist.mjs (1)
42-45: User-facing copy nit: “Current title” repeats in the description field.The description helper shows “Current title” instead of “Current description”. Minor UX nit but visible to users.
Apply this diff to fix the label:
- dynamicProps.description = { - ...youtubeDataApi.propDefinitions.description, - description: `The playlist's description.\n\n**Current title**: \`${playlist.snippet.description}\``, - }; + dynamicProps.description = { + ...youtubeDataApi.propDefinitions.description, + description: `The playlist's description.\n\n**Current description**: \`${playlist.snippet.description}\``, + };components/youtube_data_api_custom_app/sources/new-videos-in-playlist/new-videos-in-playlist.mjs (1)
8-8: Nit: capitalize “YouTube” and tighten copy.Consider: “Emit an event for each new YouTube video added to a playlist.”
components/procore_sandbox/procore_sandbox.app.mjs (1)
1-2: Deep import of constants may be brittle—confirm it’s a public, stable path
- If constants.mjs isn’t part of the public API surface, consider re-exporting constants from the package root (e.g., @pipedream/procore/constants) in a future change to avoid tight coupling to internal paths. For now, the verification script in the first file checks the file exists.
components/gitlab_developer_app/actions/update-epic/update-epic.mjs (1)
18-21: Ensure wrapper app prop reliably overrides base props.Today, props spread order could allow a future upstream
props.gitlabto override yourgitlab: app(since spread follows). Consider placinggitlab: applast to guarantee the developer-app override.props: { - gitlab: app, - ...props, + ...props, + gitlab: app, },components/gitlab_developer_app/actions/get-repo-branch/get-repo-branch.mjs (1)
18-21: Prefer deterministic override of the app prop.Mirror the suggestion from other actions: place
gitlab: appafter...props.props: { - gitlab: app, - ...props, + ...props, + gitlab: app, },components/gitlab_developer_app/actions/get-issue/get-issue.mjs (1)
18-21: Make the app override bulletproof.Same minor ordering nit: put
gitlab: applast so it can’t be overridden by a future upstream prop.props: { - gitlab: app, - ...props, + ...props, + gitlab: app, },components/gitlab_developer_app/package.json (1)
12-17: Remove unuseduuiddependency in GitLab Developer AppWe ran ripgrep across the
components/gitlab_developer_appdirectory and confirmed there are nouuidimports or references in its source code. A repo-wide search showeduuidis used elsewhere, but not in this package, so it can be safely removed to keep dependencies lean.• components/gitlab_developer_app/package.json
"dependencies": { "@pipedream/platform": "^1.6.4", "lodash": "^4.17.21", - "uuid": "^8.3.2", "@pipedream/gitlab": "^0.5.6" },• After removal, update your lockfile (
npm install/pnpm install) to prune unused packages.components/gitlab_developer_app/actions/search-issues/search-issues.mjs (1)
18-21: Keep the developer-app override last for consistency.props: { - gitlab: app, - ...props, + ...props, + gitlab: app, },components/gitlab_developer_app/actions/create-issue/create-issue.mjs (1)
2-2: Good migration to package-scoped import; consider future-proofing against exports changesThe switch to
@pipedream/gitlab/actions/create-issue/create-issue.mjsremoves the RELATIVEIMPORTS failure. If@pipedream/gitlabadopts a restrictiveexportsmap later, deep paths could break. If feasible in that package, consider re-exporting stable subpath entry points (e.g.,@pipedream/gitlab/actions/create-issue) to decouple from file layout.components/trustpilot/trustpilot.app.mjs (2)
33-49: Defensive mapping for business unit options to avoid destructuring errors.If name is missing or null in any item, destructuring name: { identifying } will throw. Use optional chaining and a fallback.
- return businessUnits.map(({ - id, displayName, name: { identifying }, - }) => ({ - label: `${identifying || displayName}`, - value: id, - })); + return businessUnits.map((bu) => { + const identifying = bu?.name?.identifying; + return { + label: `${identifying || bu.displayName}`, + value: bu.id, + }; + });
152-166: Consider honoring Retry-After for 429s and using exponential backoff with jitter.This reduces thundering herd and aligns with rate limit best practices.
- async _makeRequestWithRetry(config, retries = RETRY_CONFIG.MAX_RETRIES) { + async _makeRequestWithRetry(config, retries = RETRY_CONFIG.MAX_RETRIES) { try { return await this._makeRequest(config); } catch (error) { - if (retries > 0 && error.response?.status === HTTP_STATUS.TOO_MANY_REQUESTS) { - const delay = Math.min( - RETRY_CONFIG.INITIAL_DELAY * (RETRY_CONFIG.MAX_RETRIES - retries + 1), - RETRY_CONFIG.MAX_DELAY, - ); - await sleep(delay); - return this._makeRequestWithRetry(config, retries - 1); - } + if (retries > 0 && error.response?.status === HTTP_STATUS.TOO_MANY_REQUESTS) { + const retryAfterHeader = error.response.headers?.["retry-after"]; + let delay = Number(retryAfterHeader) * 1000 || 0; + if (!delay) { + const attempt = (RETRY_CONFIG.MAX_RETRIES - retries + 1); + const base = Math.min(RETRY_CONFIG.INITIAL_DELAY * 2 ** (attempt - 1), RETRY_CONFIG.MAX_DELAY); + const jitter = Math.floor(Math.random() * (base / 2)); + delay = base + jitter; + } + await sleep(delay); + return this._makeRequestWithRetry(config, retries - 1); + } throw error; } },components/slack_bot/slack_bot.app.mjs (2)
26-28: Throw an Error instead of a stringThrowing raw strings complicates stack traces and error handling. Wrap the message in an Error object.
- throw `"Scope(s) \`${needed}\` missing from your Slack app. - Scopes provided: \`${provided}\`".`; + throw new Error(`Scope(s) \`${needed}\` missing from your Slack app. + Scopes provided: \`${provided}\``);
29-35: Use console.error for errors and include method contextMinor polish: log errors to stderr and include method context for easier debugging. Consider centralizing error formatting later.
- console.log(`Error calling ${method}`, error); + console.error(`[slack_bot.makeRequest] Error calling ${method}`, error); ... - console.log(`Error in response with method ${method}`, response.error); + console.error(`[slack_bot.makeRequest] Error in response for ${method}`, response.error);components/notiff/notiff.app.mjs (1)
7-14: Avoid overwriting upstream headers; compose with the base app’s _headers.If
notiffIo.methods._headerssets auth or other headers, this override would drop them. Safer to merge the base headers and addContent-Type.Apply:
methods: { ...notiffIo.methods, - _headers() { - return { - "Content-Type": "application/json", - }; - }, + _headers() { + const base = notiffIo?.methods?._headers?.call(this) ?? {}; + return { + ...base, + "Content-Type": "application/json", + }; + }, },components/slack_bot/actions/list-users/list-users.mjs (1)
1-1: Verify deep-import stability and confirm public API usage
- Dependency check passed:
components/slack_bot/package.jsondeclares@pipedream/slackas a runtime dependency (version ^0.10.2), so the import at runtime is satisfied.- No relative Slack imports: All Slack imports in
components/slack_botuse the published package (no../../../../slackpaths remain).- Deep imports everywhere: Components import directly from paths such as
@pipedream/slack/slack.app.mjs
@pipedream/slack/common/constants.mjs
@pipedream/slack/actions/.../*.mjs- Action required: Confirm that each of these deep-imported paths is part of
@pipedream/slack’s public, stable surface. If the package provides a top-level re-export (e.g.,import { listUsers } from "@pipedream/slack"), prefer that instead to reduce coupling on internal file paths.components/slack_bot/actions/find-user-by-email/find-user-by-email.mjs (1)
1-1: Confirm dependency and path contract as aboveSame concerns as list-users: verify @pipedream/slack is a declared dependency and that this deep import path is supported long-term.
You can reuse the script from the previous comment; it will also cover this file.
components/slack_bot/actions/create-channel/create-channel.mjs (1)
1-1: Double-check runtime dependency and import stabilitySame verification as prior actions: confirm @pipedream/slack dependency and that the deep path is an intended public entry.
components/slack_bot/actions/set-channel-description/set-channel-description.mjs (1)
1-1: Confirm dependency and consider avoiding deep imports if a stable alias existsAs with the other files, ensure @pipedream/slack is a declared dependency and consider a more stable import surface if available.
components/slack_bot/actions/archive-channel/archive-channel.mjs (1)
18-23: Sanity-check allowed conversation types for archiveEnsure Slack’s conversations.archive supports all listed types. Historically, archiving applies to channels (public/private), not DMs/MPIM. If MPIM isn’t supported, we should drop it to avoid runtime errors.
If confirmed, apply this diff:
types: [ constants.CHANNEL_TYPE.PUBLIC, constants.CHANNEL_TYPE.PRIVATE, - constants.CHANNEL_TYPE.MPIM, ],
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
- pnpm-lock.yamlis excluded by- !**/pnpm-lock.yaml
📒 Files selected for processing (107)
- .github/workflows/scheduled-package-validation.yaml(1 hunks)
- components/amazon_ses/actions/create-email-template/create-email-template.mjs(1 hunks)
- components/amazon_ses/actions/get-email-template/get-email-template.mjs(1 hunks)
- components/amazon_ses/actions/send-email/send-email.mjs(1 hunks)
- components/amazon_ses/actions/send-templated-email/send-templated-email.mjs(1 hunks)
- components/amazon_ses/actions/update-email-template/update-email-template.mjs(1 hunks)
- components/amazon_ses/amazon_ses.app.mjs(1 hunks)
- components/amazon_ses/package.json(2 hunks)
- components/gitlab_developer_app/actions/create-branch/create-branch.mjs(2 hunks)
- components/gitlab_developer_app/actions/create-epic/create-epic.mjs(2 hunks)
- components/gitlab_developer_app/actions/create-issue/create-issue.mjs(2 hunks)
- components/gitlab_developer_app/actions/get-issue/get-issue.mjs(2 hunks)
- components/gitlab_developer_app/actions/get-repo-branch/get-repo-branch.mjs(2 hunks)
- components/gitlab_developer_app/actions/list-commits/list-commits.mjs(2 hunks)
- components/gitlab_developer_app/actions/list-repo-branches/list-repo-branches.mjs(2 hunks)
- components/gitlab_developer_app/actions/search-issues/search-issues.mjs(2 hunks)
- components/gitlab_developer_app/actions/update-epic/update-epic.mjs(2 hunks)
- components/gitlab_developer_app/actions/update-issue/update-issue.mjs(2 hunks)
- components/gitlab_developer_app/gitlab_developer_app.app.mjs(1 hunks)
- components/gitlab_developer_app/package.json(2 hunks)
- components/gitlab_developer_app/sources/new-audit-event/new-audit-event.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-branch/new-branch.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-commit-comment/new-commit-comment.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-commit/new-commit.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-issue/new-issue.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-mention/new-mention.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-merge-request/new-merge-request.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-milestone/new-milestone.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-project/new-project.mjs(2 hunks)
- components/gitlab_developer_app/sources/new-review-request/new-review-request.mjs(2 hunks)
- components/notiff/actions/create-notification/create-notification.mjs(2 hunks)
- components/notiff/notiff.app.mjs(1 hunks)
- components/notiff/package.json(2 hunks)
- components/pikaso/package.json(2 hunks)
- components/procore_sandbox/actions/create-incident/create-incident.mjs(2 hunks)
- components/procore_sandbox/actions/create-manpower-log/create-manpower-log.mjs(2 hunks)
- components/procore_sandbox/actions/create-rfi/create-rfi.mjs(2 hunks)
- components/procore_sandbox/actions/create-submittal/create-submittal.mjs(2 hunks)
- components/procore_sandbox/actions/create-timesheet/create-timesheet.mjs(2 hunks)
- components/procore_sandbox/package.json(2 hunks)
- components/procore_sandbox/procore_sandbox.app.mjs(1 hunks)
- components/procore_sandbox/sources/new-budget-snapshot-event-instant/new-budget-snapshot-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-change-order-package-event-instant/new-change-order-package-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-commitment-change-order-event-instant/new-commitment-change-order-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-event-instant/new-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-prime-contract-event-instant/new-prime-contract-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-purchase-order-event-instant/new-purchase-order-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-rfi-event-instant/new-rfi-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-submittal-event-instant/new-submittal-event-instant.mjs(2 hunks)
- components/procore_sandbox/sources/new-timecard-entry-event-instant/new-timecard-entry-event-instant.mjs(2 hunks)
- components/salesmate/package.json(2 hunks)
- components/slack_bot/actions/add-emoji-reaction/add-emoji-reaction.mjs(2 hunks)
- components/slack_bot/actions/archive-channel/archive-channel.mjs(2 hunks)
- components/slack_bot/actions/create-channel/create-channel.mjs(2 hunks)
- components/slack_bot/actions/delete-file/delete-file.mjs(2 hunks)
- components/slack_bot/actions/delete-message/delete-message.mjs(2 hunks)
- components/slack_bot/actions/find-user-by-email/find-user-by-email.mjs(2 hunks)
- components/slack_bot/actions/get-file/get-file.mjs(2 hunks)
- components/slack_bot/actions/invite-user-to-channel/invite-user-to-channel.mjs(2 hunks)
- components/slack_bot/actions/list-channels/list-channels.mjs(2 hunks)
- components/slack_bot/actions/list-files/list-files.mjs(2 hunks)
- components/slack_bot/actions/list-group-members/list-group-members.mjs(2 hunks)
- components/slack_bot/actions/list-members-in-channel/list-members-in-channel.mjs(2 hunks)
- components/slack_bot/actions/list-replies/list-replies.mjs(2 hunks)
- components/slack_bot/actions/list-users/list-users.mjs(2 hunks)
- components/slack_bot/actions/reply-to-a-message/reply-to-a-message.mjs(2 hunks)
- components/slack_bot/actions/send-large-message/send-large-message.mjs(2 hunks)
- components/slack_bot/actions/send-message-advanced/send-message-advanced.mjs(2 hunks)
- components/slack_bot/actions/send-message/send-message.mjs(2 hunks)
- components/slack_bot/actions/set-channel-description/set-channel-description.mjs(2 hunks)
- components/slack_bot/actions/set-channel-topic/set-channel-topic.mjs(2 hunks)
- components/slack_bot/actions/update-group-members/update-group-members.mjs(2 hunks)
- components/slack_bot/actions/update-message/update-message.mjs(2 hunks)
- components/slack_bot/actions/upload-file/upload-file.mjs(2 hunks)
- components/slack_bot/common/constants.mjs(1 hunks)
- components/slack_bot/package.json(2 hunks)
- components/slack_bot/slack_bot.app.mjs(1 hunks)
- components/slack_bot/sources/new-direct-message/new-direct-message.mjs(1 hunks)
- components/slack_bot/sources/new-message-in-channel/new-message-in-channel.mjs(1 hunks)
- components/trustpilot/package.json(1 hunks)
- components/trustpilot/trustpilot.app.mjs(2 hunks)
- components/wildberries/package.json(2 hunks)
- components/youtube_data_api_custom_app/actions/add-playlist-items/add-playlist-items.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/channel-statistics/channel-statistics.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/create-comment-thread/create-comment-thread.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/create-playlist/create-playlist.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/delete-playlist-items/delete-playlist-items.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/delete-playlist/delete-playlist.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/list-activities/list-activities.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/list-playlists/list-playlists.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/list-videos/list-videos.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/reply-to-comment/reply-to-comment.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/update-channel/update-channel.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/update-playlist/update-playlist.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/update-video-details/update-video-details.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/upload-channel-banner/upload-channel-banner.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/upload-thumbnail/upload-thumbnail.mjs(1 hunks)
- components/youtube_data_api_custom_app/actions/upload-video/upload-video.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-comment-posted/new-comment-posted.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-liked-videos/new-liked-videos.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-subscriber/new-subscriber.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-subscription/new-subscription.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-videos-by-handle/new-videos-by-handle.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-videos-by-location/new-videos-by-location.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-videos-by-search/new-videos-by-search.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-videos-in-channel/new-videos-in-channel.mjs(1 hunks)
- components/youtube_data_api_custom_app/sources/new-videos-in-playlist/new-videos-in-playlist.mjs(1 hunks)
⛔ Files not processed due to max files limit (3)
- components/youtube_data_api_custom_app/sources/new-videos-in-subscribed-channels/new-videos-in-subscribed-channels.mjs
- components/youtube_data_api_custom_app/sources/new-videos/new-videos.mjs
- components/youtube_data_api_custom_app/youtube_data_api_custom_app.app.mjs
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2024-12-12T19:23:09.039Z
Learnt from: jcortes
PR: PipedreamHQ/pipedream#14935
File: components/sailpoint/package.json:15-18
Timestamp: 2024-12-12T19:23:09.039Z
Learning: When developing Pipedream components, do not add built-in Node.js modules like `fs` to `package.json` dependencies, as they are native modules provided by the Node.js runtime.
Applied to files:
- components/wildberries/package.json
- components/pikaso/package.json
- components/notiff/package.json
- components/salesmate/package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: Verify TypeScript components
- GitHub Check: Publish TypeScript components
- GitHub Check: Lint Code Base
| name: "Create Email Template", | ||
| description: "Create a HTML or a plain text email template. [See the docs](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-sesv2/classes/createemailtemplatecommand.html)", | ||
| version: "0.0.1", | ||
| version: "0.0.2", | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Patch version bump looks good; aligns with a non-functional change.
Since this PR’s goal is to remove relative app imports across packages, it’s fine that this file only bumps the action version. Please double-check that the amazon_ses package-level changes are consistent (package.json version bumped, dependency on @pipedream/aws added, and no remaining relative app imports within this package).
Run these quick checks:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Confirm all amazon_ses actions declare a version (spot-check consistency)
rg -nP --glob 'components/amazon_ses/actions/**/*.mjs' '^\s*version:\s*"'
# 2) Ensure no relative .app.mjs imports remain in amazon_ses
rg -nP '(?<=from\s+["\'])\.\./[^"\']+\.app\.mjs(?=["\'])' components/amazon_ses || echo "OK: no relative .app.mjs imports in amazon_ses"
# 3) Confirm the app now imports the npm package (should match @pipedream/aws)
rg -nP --glob 'components/amazon_ses/**/*.mjs' '@pipedream/aws'Length of output: 675
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "# 1) Confirm all amazon_ses actions declare a version"
rg -nP --glob 'components/amazon_ses/actions/**/*.mjs' '^\s*version:\s*".+?"'
echo
echo "# 2) Ensure no relative .app.mjs imports remain in amazon_ses"
rg -nP --glob "components/amazon_ses/**/*.mjs" "\\.\\./[^\"']+\\.app\\.mjs" || echo "OK: no relative .app.mjs imports in amazon_ses"
echo
echo "# 3) Confirm the app now imports the npm package @pipedream/aws"
rg -nP --glob 'components/amazon_ses/**/*.mjs' '@pipedream/aws' || echo "ERROR: Missing @pipedream/aws import(s)"Length of output: 1287
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "# 4) Verify package.json version bump in amazon_ses"
grep -n '"version"' components/amazon_ses/package.json
echo
echo "# 5) Verify @pipedream/aws is listed as a dependency"
grep -n '"@pipedream/aws"' components/amazon_ses/package.json || echo "ERROR: @pipedream/aws dependency missing in package.json"Length of output: 434
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "# 6) Check package name for import path"
grep -n '"name"' components/amazon_ses/package.jsonLength of output: 199
Remove remaining relative app import in actions/common/base.mjs
Patch version bumps and dependency updates look correct, but there’s still one residual relative import of the app module in this package. Please update it to use the published package entrypoint:
- File: components/amazon_ses/actions/common/base.mjs
 Line 1
 Replace:With:import amazonSes from "../../amazon_ses.app.mjs"; import amazonSes from "@pipedream/amazon_ses"; 
Once that’s updated, you’ll have:
- All action files declaring their own version
- No remaining relative .app.mjsimports
- components/amazon_ses/package.jsonat version- 0.3.8
- @pipedream/awslisted under- dependencies
🤖 Prompt for AI Agents
In components/amazon_ses/actions/common/base.mjs around line 1, there is a
residual relative import of the app module; replace the relative import (import
amazonSes from "../../amazon_ses.app.mjs") with the published package entrypoint
(import amazonSes from "@pipedream/amazon_ses") so the action uses the published
package instead of a local .app.mjs file; after changing the import, verify that
all action files declare their own version and that
components/amazon_ses/package.json is at 0.3.8 with @pipedream/aws listed under
dependencies.
| ...others, | ||
| key: "gitlab_developer_app-create-epic", | ||
| version: "0.0.1", | ||
| version: "0.0.2", | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Version bump looks good; confirm consistency across related wrappers and package.json
Patch bump to 0.0.2 is appropriate for the import path change. Please confirm:
- Sibling GitLab Developer App wrappers in this PR received matching bumps where applicable.
- components/gitlab_developer_app/package.jsonversion bump (AI summary: 0.1.2) and dependency- @pipedream/gitlabare committed.
- No action keys collided and changelog/release notes (if used) reflect the change.
Run:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Action versions under gitlab_developer_app:"
rg -nP 'key:\s*"gitlab_developer_app-[^"]+"' -C2 components/gitlab_developer_app/actions \
  | rg -n 'version:\s*"[^"]+"' -n || true
echo -e "\nPackage version and gitlab dep:"
fd -a package.json components/gitlab_developer_app \
  | xargs -I{} jq -r '.name, .version, .dependencies["@pipedream/gitlab"] // "MISSING"' {}
echo -e "\nRepo-wide stray relative imports to gitlab (belt-and-suspenders):"
rg -nP '\.\./\.\./\.\./gitlab/' components || trueLength of output: 1679
Please align the list-commits action version for consistency
I checked all GitLab Developer App action versions in components/gitlab_developer_app/actions and saw:
- Almost every action is at version "0.0.2"
- list-commitsis at version- "0.0.3"(components/gitlab_developer_app/actions/list-commits/list-commits.mjs:14)
Package metadata looks correct:
- components/gitlab_developer_app/package.json → version 0.1.2
- dependency "@pipedream/gitlab"→^0.5.6
No stray relative imports to gitlab were found across the repo.
Action needed:
- Either revert list-commitsback to"0.0.2"to match the rest, or confirm that its bump to"0.0.3"is intentional and document the reason (e.g. in the changelog or release notes).
🤖 Prompt for AI Agents
In components/gitlab_developer_app/actions/create-epic/create-epic.mjs around
line 13, the action version is set to "0.0.2" while the list-commits action was
bumped to "0.0.3"; update versions for consistency by either reverting
components/gitlab_developer_app/actions/list-commits/list-commits.mjs to "0.0.2"
to match the rest of the actions, or, if the "0.0.3" bump is intentional, add a
brief note to the repo changelog or release notes documenting the reason for the
version bump and leave list-commits at "0.0.3".
| { | ||
| "name": "@pipedream/gitlab_developer_app", | ||
| "version": "0.1.1", | ||
| "version": "0.1.2", | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Version bump and new @pipedream/gitlab dependency are appropriate.
This directly supports the switch to package-scoped imports.
- 
Run the package validator for this specific package and scan for remaining relative imports: 
- 
Optional: confirm the deep-imported files exist in the resolved version you’ll publish against (duplicates prior checks). 
Also applies to: 15-17
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Validate this package in isolation
npm run validate:package -- @pipedream/gitlab_developer_app || exit 1
# Grep for any remaining relative imports referencing legacy gitlab paths
rg -nP '\.\./\.\./\.\./gitlab/' components/gitlab_developer_app || trueLength of output: 79363
Fix missing dependency to satisfy import validation
Version bump to 0.1.2 and the switch to @pipedream/gitlab imports are correct, but the package validator now fails for this package:
- Issue: npm run validate:package -- @pipedream/gitlab_developer_appreports an import error:
 “Cannot find module ‘@pipedream/platform’”
- Action items:
 • Add@pipedream/platformto thedependenciessection ofcomponents/gitlab_developer_app/package.json.
 • Re-run the validator to confirm the import test passes.
- No action needed on legacy paths—there are no remaining ../../../gitlab/imports.
🤖 Prompt for AI Agents
In components/gitlab_developer_app/package.json around line 3, the package now
imports from @pipedream/platform but that package is not listed in dependencies;
add "@pipedream/platform" with an appropriate version to the "dependencies"
section of components/gitlab_developer_app/package.json (align version with
other components or project policy), save, run npm install, then re-run npm run
validate:package -- @pipedream/gitlab_developer_app to confirm the import
validation passes.
| "dependencies": { | ||
| "@pipedream/platform": "^1.2.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@pipedream/types": "^0.3.2" | ||
| } | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Verify other affected packages also declare @pipedream/types as a runtime dependency
Issue #18150 cites multiple packages missing @pipedream/types. Ensure they all list it under dependencies, not devDependencies.
Run this script to find packages that use defineApp or import @pipedream/types and confirm they declare @pipedream/types in dependencies:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Find files that appear to use defineApp or import @pipedream/types
files=$(rg -nP --glob 'components/**' -C0 $'\\bdefineApp\\s*\\(|from\\s*[\'"]@pipedream/types[\'"]' | cut -d: -f1 | sort -u)
check_pkg() {
  local start_dir="$1"
  local dir="$start_dir"
  while [[ "$dir" != "/" ]]; do
    if [[ -f "$dir/package.json" ]]; then
      echo "$dir/package.json"
      return
    fi
    dir="$(dirname "$dir")"
  done
}
declare -A seen
while IFS= read -r f; do
  pkg_json=$(check_pkg "$(dirname "$f")")
  [[ -n "${pkg_json:-}" ]] || continue
  if [[ -z "${seen["$pkg_json"]+x}" ]]; then
    seen["$pkg_json"]=1
    name=$(jq -r '.name' "$pkg_json")
    if jq -e '.dependencies["@pipedream/types"]' "$pkg_json" >/dev/null; then
      echo "OK: $name has @pipedream/types in dependencies"
    else
      echo "MISSING: $name lacks @pipedream/types in dependencies -> $pkg_json"
    fi
  fi
done <<< "$files"Length of output: 268098
Add @pipedream/types to dependencies of all affected components
The scan confirms that, aside from @pipedream/playwright, every component that calls defineApp or imports from @pipedream/types is missing a runtime dependency entry. Please update each package’s package.json to include:
  "dependencies": {
    "@pipedream/types": "^0.3.2",
    …
  }Affected package.json files (add under "dependencies"):
- components/amplenote/package.json
- components/apitemplate_io/package.json
- components/baserow/package.json
- components/beehiiv/package.json
- components/buy_me_a_coffee/package.json
- components/clientary/package.json
- components/cloudmersive/package.json
- components/coassemble/package.json
- components/concord/package.json
- components/currencyscoop/package.json
- components/daffy/package.json
- components/data_axle_platform/package.json
- components/detrack/package.json
- components/dialpad/package.json
- components/docupilot/package.json
- components/expensify/package.json
- components/facebook_groups/package.json
- components/facebook_pages/package.json
- components/formatting/package.json
- components/google_my_business/package.json
- components/google_recaptcha/package.json
- components/google_workspace/package.json
- components/infusionsoft/package.json
- components/kanbanflow/package.json
- components/lemon_squeezy/package.json
- components/lob/package.json
- components/mailbluster/package.json
- components/mailboxvalidator/package.json
- components/mattermost/package.json
- components/mediatoolkit/package.json
- components/memix/package.json
- components/namely/package.json
- components/nectar_crm/package.json
- components/neverbounce/package.json
- components/niftyimages/package.json
- components/ninox/package.json
- components/onfleet/package.json
- components/persistiq/package.json
- components/pikaso/package.json
- components/practitest/package.json
- components/profitwell/package.json
- components/quickemailverification/package.json
- components/raven_tools/package.json
- components/repuso/package.json
- components/resend/package.json
- components/reversecontact/package.json
- components/rise/package.json
- components/rss/package.json
- components/salesmate/package.json
- components/serveravatar/package.json
- components/shipcloud/package.json
- components/smaily/package.json
- components/team_up/package.json
- components/tolstoy/package.json
(Note: @pipedream/playwright already has the correct entry.)
🤖 Prompt for AI Agents
In components/salesmate/package.json around lines 16 to 21, and similarly for
each package.json listed in the review (components/amplenote, apitemplate_io,
baserow, beehiiv, buy_me_a_coffee, clientary, cloudmersive, coassemble, concord,
currencyscoop, daffy, data_axle_platform, detrack, dialpad, docupilot,
expensify, facebook_groups, facebook_pages, formatting, google_my_business,
google_recaptcha, google_workspace, infusionsoft, kanbanflow, lemon_squeezy,
lob, mailbluster, mailboxvalidator, mattermost, mediatoolkit, memix, namely,
nectar_crm, neverbounce, niftyimages, ninox, onfleet, persistiq, pikaso,
practitest, profitwell, quickemailverification, raven_tools, repuso, resend,
reversecontact, rise, rss, salesmate, serveravatar, shipcloud, smaily, team_up,
tolstoy), add "@pipedream/types": "^0.3.2" under the "dependencies" object (do
not remove existing entries or move it to devDependencies), ensuring there is no
duplicate entry and that version matches ^0.3.2; save each package.json and run
npm/yarn install or lockfile update as appropriate to ensure the runtime
dependency is installed.
| }, | ||
| "devDependencies": { | ||
| "@pipedream/types": "^0.3.2" | ||
| } | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Place @pipedream/types under dependencies (not devDependencies)
The validator flagged missing runtime dependencies for defineApp usage. Putting @pipedream/types in devDependencies won’t satisfy runtime resolution when the package is consumed/published. Move it to the dependencies block to avoid publish / validation failures.
Apply this diff:
   "dependencies": {
-    "@pipedream/platform": "^1.2.1"
-  },
-  "devDependencies": {
-    "@pipedream/types": "^0.3.2"
+    "@pipedream/platform": "^1.2.1",
+    "@pipedream/types": "^0.3.2"
   }📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| }, | |
| "devDependencies": { | |
| "@pipedream/types": "^0.3.2" | |
| } | |
| "dependencies": { | |
| "@pipedream/platform": "^1.2.1", | |
| "@pipedream/types": "^0.3.2" | |
| } | 
🤖 Prompt for AI Agents
In components/salesmate/package.json around lines 18 to 21, @pipedream/types is
incorrectly listed under devDependencies which causes runtime resolution
failures for defineApp; move the "@pipedream/types": "^0.3.2" entry from
devDependencies into the top-level dependencies object preserving the version,
update the JSON accordingly (remove from devDependencies, add under
dependencies), then run an install or lockfile update and verify the package
builds and the validator no longer flags missing runtime deps.
| name: "New Videos by Search", | ||
| description: "Emit new event for each new YouTube video matching a search query.", | ||
| version: "0.0.2", | ||
| version: "0.0.3", | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Patch version bump is appropriate; keep sibling sources consistent.
No functional change here; just ensure other youtube_data_api_custom_app sources that were migrated in this PR also bump to the same patch to avoid inconsistent component versions within the same family.
Quick check for mixed versions within the custom app package:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
pkg_json="$(rg -nP '^\s*"name"\s*:\s*"@pipedream/youtube_data_api_custom_app"' -g '**/package.json' -l | head -n1 || true)"
[[ -z "${pkg_json:-}" ]] && { echo "package.json not found"; exit 1; }
pkg_dir="$(dirname "$pkg_json")"
echo "Component versions under $pkg_dir:"
rg -nP -g "$pkg_dir/**" -g '**/*.mjs' '^\s*version\s*:\s*"(?<ver>\d+\.\d+\.\d+)"' -C0 | sed -E 's/.*version\s*:\s*"([^"]+)".*/\1/' | sort | uniq -cLength of output: 2516
Ensure all custom-app source files share the same patch version (0.0.3)
The version count across components/youtube_data_api_custom_app shows many files still using older patches (e.g. 0.0.1, 0.0.2, 0.0.4, …), while only new-videos-by-search.mjs has been bumped to 0.0.3. To avoid shipping mixed versions in the same component family, please update every source under components/youtube_data_api_custom_app/sources/**/*.mjs to:
-  version: "X.Y.Z",
+  version: "0.0.3",• components/youtube_data_api_custom_app/sources//.mjs
• (Confirm no version fields remain at any other value)
Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In
components/youtube_data_api_custom_app/sources/new-videos-by-search/new-videos-by-search.mjs
around line 9 the version field is set to "0.0.3" while other sources in
components/youtube_data_api_custom_app/sources/**/*.mjs still use different
patch versions; update the version field in every .mjs under
components/youtube_data_api_custom_app/sources/*/*.mjs to "0.0.3" so they all
match, and scan the entire directory to confirm there are no remaining version
fields set to any other value.
| @@ -1,12 +1,12 @@ | |||
| import youtubeDataApi from "../../youtube_data_api_custom_app.app.mjs"; | |||
| import common from "../../../youtube_data_api/sources/new-videos-in-channel/common.mjs"; | |||
| import common from "@pipedream/youtube_data_api/sources/new-videos-in-channel/common.mjs"; | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Package-scoped import looks right—please verify dependency and path resolution
Good move switching from a cross-package relative import to @pipedream/youtube_data_api/.../common.mjs. To avoid build/packaging surprises:
- Ensure @pipedream/youtube_data_apiis declared in the nearest package.json for this component (dependencies or devDependencies, as appropriate).
- Sanity-check there are no lingering relative imports to youtube_data_apiwithin theyoutube_data_api_custom_apppackage.
- Confirm the referenced sources/new-videos-in-channel/common.mjspath exists in the monorepo (or published package layout) to match the resolver expectations.
Run this script from the repo root to verify:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "1) Check for lingering relative imports to youtube_data_api inside the custom app package:"
rg -nP --glob 'components/youtube_data_api_custom_app/**' '(from|require\()\s*[\"\'][.]{1,2}/(?:[^\"\']+/){2,}youtube_data_api[^\\"\']*' || echo "OK: no remaining cross-package relative imports found."
echo -e "\n2) Ensure @pipedream/youtube_data_api is declared in package.json near the custom app:"
pkg_files=$(fd -a -t f package.json components/youtube_data_api_custom_app | sort || true)
if [[ -z "${pkg_files}" ]]; then
  echo "No package.json found under components/youtube_data_api_custom_app (verify package layout)."
else
  echo "$pkg_files" | while read -r f; do
    echo "--- $f"
    rg -n '@pipedream/youtube_data_api' "$f" || echo "MISSING: @pipedream/youtube_data_api not declared in $f"
  done
fi
echo -e "\n3) Confirm common.mjs exists at the expected monorepo path (helps catch typos):"
fd -a 'common.mjs' components/youtube_data_api/sources/new-videos-in-channel || echo "WARNING: common.mjs not found at expected monorepo path; ensure package path is valid in the published package."Length of output: 320
🏁 Script executed:
#!/usr/bin/env bash
set -euo pipefail
echo "1) Check for lingering relative imports to youtube_data_api inside the custom app package:"
rg -nP --glob 'components/youtube_data_api_custom_app/**' "(?:from|require\\()['\"]\\.{1,2}/(?:[^'\"]+/){2}youtube_data_api[^'\"]*" || echo "OK: no remaining cross-package relative imports found."
echo -e "\n2) Ensure @pipedream/youtube_data_api is declared in package.json near the custom app:"
pkg_files=$(fd -t f -a package.json components/youtube_data_api_custom_app | sort || true)
if [[ -z "${pkg_files}" ]]; then
  echo "No package.json found under components/youtube_data_api_custom_app (verify package layout)."
else
  echo "$pkg_files" | while read -r f; do
    echo "--- $f"
    rg -n "@pipedream/youtube_data_api" "$f" || echo "MISSING: @pipedream/youtube_data_api not declared in $f"
  done
fi
echo -e "\n3) Confirm common.mjs exists at the expected monorepo path:"
fd -t f -a common.mjs components/youtube_data_api/sources/new-videos-in-channel || echo "WARNING: common.mjs not found at expected monorepo path; ensure package path is valid in the published package."Length of output: 1912
🏁 Script executed:
#!/usr/bin/env bash
set -euo pipefail
echo "== dependencies section in custom app package.json =="
sed -n '/"dependencies"/,/\}/p' components/youtube_data_api_custom_app/package.json || true
echo -e "\n== devDependencies section in custom app package.json =="
sed -n '/"devDependencies"/,/\}/p' components/youtube_data_api_custom_app/package.json || true
echo -e "\n== Locations of common.mjs anywhere in repo =="
fd -t f common.mjs || true
echo -e "\n== Files under any new-videos-in-channel directory =="
rg -n "new-videos-in-channel" -n components || trueLength of output: 11731
Ensure @pipedream/youtube_data_api Is Declared as a Dependency
The import path @pipedream/youtube_data_api/sources/new-videos-in-channel/common.mjs is correct and there are no remaining cross-package relative imports; however, the custom app’s package.json does not list @pipedream/youtube_data_api, which will cause runtime resolution errors.
• Add @pipedream/youtube_data_api to dependencies in
components/youtube_data_api_custom_app/package.json
• No further relative-import cleanup is needed—search confirms no stray ../ imports remain
• The file components/youtube_data_api/sources/new-videos-in-channel/common.mjs exists in the monorepo, so the import path is valid
Suggested diff:
--- a/components/youtube_data_api_custom_app/package.json
+++ b/components/youtube_data_api_custom_app/package.json
@@ "dependencies": {
   "@googleapis/youtube": "^6.0.0",
+  "@pipedream/youtube_data_api": "^1.0.0", // add the published version
   "got": "^12.5.1"
 }📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| import common from "@pipedream/youtube_data_api/sources/new-videos-in-channel/common.mjs"; | |
| { | |
| "dependencies": { | |
| "@googleapis/youtube": "^6.0.0", | |
| "@pipedream/youtube_data_api": "^1.0.0", // add the published version | |
| "got": "^12.5.1" | |
| } | |
| } | 
🤖 Prompt for AI Agents
In
components/youtube_data_api_custom_app/sources/new-videos-in-channel/new-videos-in-channel.mjs
around line 2, the module imports @pipedream/youtube_data_api but that package
is not declared in components/youtube_data_api_custom_app/package.json; add
"@pipedream/youtube_data_api" to the dependencies list in
components/youtube_data_api_custom_app/package.json (use the monorepo package
version or a workspace reference consistent with the repo, e.g., the same
version used in the root/other packages), then run your package manager install
to update lockfiles so the import resolves at runtime.
| ...common, | ||
| key: "youtube_data_api_custom_app-new-videos-in-channel", | ||
| name: "New Videos in Channel", | ||
| description: "Emit new event for each new Youtube video posted to a Channel.", | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
User-facing copy: fix capitalization and grammar ("YouTube", article/casing)
Recommend tightening the description to match brand capitalization and style.
Apply this diff:
-  description: "Emit new event for each new Youtube video posted to a Channel.",
+  description: "Emit an event for each new YouTube video posted to a channel.",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| description: "Emit new event for each new Youtube video posted to a Channel.", | |
| description: "Emit an event for each new YouTube video posted to a channel.", | 
🤖 Prompt for AI Agents
In
components/youtube_data_api_custom_app/sources/new-videos-in-channel/new-videos-in-channel.mjs
around line 8, the description string uses incorrect capitalization and article;
update it to read: "Emit a new event for each new YouTube video posted to a
channel." — replace the existing description line with this exact text to fix
brand capitalization ("YouTube") and grammar.
| @@ -1,12 +1,12 @@ | |||
| import youtubeDataApi from "../../youtube_data_api_custom_app.app.mjs"; | |||
| import common from "../../../youtube_data_api/sources/new-videos-in-playlist/common.mjs"; | |||
| import common from "@pipedream/youtube_data_api/sources/new-videos-in-playlist/common.mjs"; | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Switch to package alias looks right, but confirm deep import is exported and dependency is declared.
Good move toward resolving RELATIVEIMPORTS. Please verify:
- The deep path @pipedream/youtube_data_api/sources/new-videos-in-playlist/common.mjs is available in the published package (no "exports" field blocking deep imports).
- @pipedream/youtube_data_api is added as a dependency of the youtube_data_api_custom_app package (not just devDependency).
Run:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# 1) Confirm the deep import exists in-repo (monorepo path)
if [ -f components/youtube_data_api/sources/new-videos-in-playlist/common.mjs ]; then
  echo "Found local common.mjs for youtube_data_api."
else
  echo "Missing local common.mjs at components/youtube_data_api/sources/new-videos-in-playlist/common.mjs" >&2
fi
# 2) Ensure dependency is declared in the custom app package
PKG_JSON=components/youtube_data_api_custom_app/package.json
if [ -f "$PKG_JSON" ]; then
  echo "Dependency in custom app package.json:"
  jq -r '.dependencies["@pipedream/youtube_data_api"] // .devDependencies["@pipedream/youtube_data_api"] // "MISSING"' "$PKG_JSON"
else
  echo "Missing package.json for youtube_data_api_custom_app at $PKG_JSON" >&2
fi
# 3) Optional: validate this single package locally (from the validation report suggestions)
npm run validate:package -- @pipedream/youtube_data_api_custom_app || trueLength of output: 79953
Action Required: Declare missing dependency in package.json
The deep import file exists locally (components/youtube_data_api/sources/new-videos-in-playlist/common.mjs), but the custom app’s package.json does not list @pipedream/youtube_data_api as a dependency and import tests confirm it’s missing. Please:
- In components/youtube_data_api_custom_app/package.json, add:"dependencies": { "@pipedream/youtube_data_api": "<appropriate_version>" // …other deps } 
- Verify that the upstream package (components/youtube_data_api/package.json) does not define an"exports"field blockingsources/new-videos-in-playlist/common.mjs(if it does, ensure this path is exported).
- Re-run npm run validate:package -- @pipedream/youtube_data_api_custom_appand confirm there are no PACKAGEDEPENDENCIES failures.
🤖 Prompt for AI Agents
In
components/youtube_data_api_custom_app/sources/new-videos-in-playlist/new-videos-in-playlist.mjs
(line 2), the module deep-imports @pipedream/youtube_data_api but that package
is not declared in components/youtube_data_api_custom_app/package.json; add
"@pipedream/youtube_data_api" with the appropriate version into the dependencies
section of components/youtube_data_api_custom_app/package.json, ensure the
version matches the upstream package, then check
components/youtube_data_api/package.json to confirm it does not have an
"exports" field that prevents importing
"sources/new-videos-in-playlist/common.mjs" (if it does, add the export path),
and finally re-run npm run validate:package --
@pipedream/youtube_data_api_custom_app to confirm PACKAGEDEPENDENCIES passes.
| name: "New Videos in Playlist", | ||
| description: "Emit new event for each new Youtube video added to a Playlist.", | ||
| version: "0.0.2", | ||
| version: "0.0.3", | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Verification agent
🧩 Analysis chain
Patch version bump is appropriate.
Import path change and validation-related tweaks justify a patch bump from 0.0.2 to 0.0.3. Ensure changelog/release notes reflect this bump if required by your release process.
Optional check:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Confirm any package-level versioning (if applicable) is consistent with component bumps
fd -a package.json components/youtube_data_api_custom_app | xargs -I{} jq -r '.name + "@" + (.version // "NO_VERSION_FIELD")' {}Length of output: 199
Version mismatch detected between component and package
The new-videos-in-playlist.mjs source has been bumped to 0.0.3, but the enclosing package (components/youtube_data_api_custom_app/package.json) is still at 0.0.8. Please verify your versioning strategy and reconcile these values:
- components/youtube_data_api_custom_app/sources/new-videos-in-playlist/new-videos-in-playlist.mjs
 • version:"0.0.3"
- components/youtube_data_api_custom_app/package.json
 • version:0.0.8
Action items:
- Confirm whether source-level versions are intended to be independent of the package version.
- If they must align, either:
 • bump the source file to0.0.8, or
 • bumppackage.jsonto0.0.4(or the next logical patch).
- Update changelog/release notes to document all version changes.
🤖 Prompt for AI Agents
In
components/youtube_data_api_custom_app/sources/new-videos-in-playlist/new-videos-in-playlist.mjs
around line 9 the source version is "0.0.3" which conflicts with the package
version 0.0.8 in components/youtube_data_api_custom_app/package.json; reconcile
them by either (A) treating source-level versions as independent—document that
policy and leave as-is—or (B) aligning versions: update the source file to
"0.0.8" if it should match the package, or bump package.json to "0.0.4" (or the
next logical patch) if the source should represent the package's next release;
then update changelog/release notes to record whichever version changes you
make.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️  Outside diff range comments (3)
.github/workflows/scheduled-package-validation.yaml (3)
24-27: Node 18 is EOL — upgrade to an LTS (20 or 22) for security and toolchain supportNode 18 reached end-of-life in 2025. Recommend bumping to Node 20 (LTS) or Node 22 (current LTS) to ensure maintained runtimes for this scheduled job.
Apply one of these diffs:
- node-version: 18 + node-version: 20or
- node-version: 18 + node-version: 22
35-41: Validation failures can be silently masked (exit code ignored, missing/invalid JSON treated as success)
- The report step captures
validation_exit_codebut nothing uses it later.- If
validation-report.jsonis missing or unparsable,failed_countis set to 0, which suppresses issue creation and posts a “success” summary.Treat a non-zero exit code or parse error as a failure signal and always upload artifacts for debugging. Suggested patch:
@@ - name: Run Package Validation Report id: validation run: | node scripts/generate-package-report.js --verbose --report-only --output=validation-report.json > validation-report.txt 2>&1 echo "validation_exit_code=$?" >> $GITHUB_OUTPUT + if [ -f "validation-report.json" ]; then + echo "report_exists=true" >> $GITHUB_OUTPUT + else + echo "report_exists=false" >> $GITHUB_OUTPUT + fi continue-on-error: true @@ - - name: Upload Validation Report + - name: Upload Validation Report + if: always() uses: actions/upload-artifact@v4 @@ - - name: Check for failures + - name: Check for failures + if: always() id: check_failures run: | - if [ -f "validation-report.json" ]; then - FAILED_COUNT=$(node -e " - const fs = require('fs'); - try { - const report = JSON.parse(fs.readFileSync('validation-report.json', 'utf8')); - console.log(report.summary.failed || 0); - } catch { - console.log(0); - } - ") - echo "failed_count=$FAILED_COUNT" >> $GITHUB_OUTPUT - else - echo "failed_count=0" >> $GITHUB_OUTPUT - fi + FAILED_COUNT=0 + PARSE_ERROR=false + if [ -f "validation-report.json" ]; then + FAILED_COUNT=$(node -e "const fs=require('fs');try{const r=JSON.parse(fs.readFileSync('validation-report.json','utf8'));console.log(r.summary?.failed ?? 0)}catch{console.log(-1)}") + if [ "$FAILED_COUNT" = "-1" ]; then + PARSE_ERROR=true + FAILED_COUNT=1 + fi + else + # Treat missing report as a failure to avoid false 'success' + PARSE_ERROR=true + FAILED_COUNT=1 + fi + echo "failed_count=$FAILED_COUNT" >> $GITHUB_OUTPUT + echo "parse_error=$PARSE_ERROR" >> $GITHUB_OUTPUT @@ - - name: Create Issue on Failures - if: steps.check_failures.outputs.failed_count != '0' + - name: Create Issue on Failures + if: steps.check_failures.outputs.failed_count != '0' || steps.validation.outputs.validation_exit_code != '0' || steps.check_failures.outputs.parse_error == 'true' id: create_issue uses: ./.github/actions/create-package-validation-issue @@ - - name: Post Issue Summary - if: steps.create_issue.conclusion == 'success' && steps.create_issue.outputs.issue-url != '' + - name: Post Issue Summary + if: always() && steps.create_issue.conclusion == 'success' && steps.create_issue.outputs.issue-url != '' run: | @@ - - name: Post Success Summary - if: steps.check_failures.outputs.failed_count == '0' + - name: Post Success Summary + if: steps.check_failures.outputs.failed_count == '0' && steps.validation.outputs.validation_exit_code == '0' && steps.check_failures.outputs.parse_error != 'true' run: |Also applies to: 51-67, 69-91
86-86: Fix output name usage in workflow summaryThe composite action
.github/actions/create-package-validation-issue/action.ymlonly defines an output namedissue-created, but the workflow is referencingfailed-count. As a result,${{ steps.create_issue.outputs.failed-count }}will always be empty.• Location to update:
.github/workflows/scheduled-package-validation.yamlat the echo on line 86.• Two ways to resolve:
- Use the existing output- echo "❌ Failed packages: ${{ steps.create_issue.outputs.failed-count }}" + echo "❌ Failed packages: ${{ steps.create_issue.outputs.issue-created }}"
- Add a
failed-countoutput in your action metadata (.github/actions/create-package-validation-issue/action.yml):outputs: + failed-count: + description: 'Number of failed packages' issue-created: description: 'Whether a new issue was created'Please apply one of these fixes so the failure count is correctly displayed.
🧹 Nitpick comments (3)
.github/workflows/scheduled-package-validation.yaml (2)
9-11: Explicit least-privilege token permissions for issue creationCreating/updating issues requires
issues: write. Declare explicit permissions to avoid org-level defaults breaking this workflow and to reduce token scope.Add at the workflow top level:
on: schedule: # Run weekly on Mondays at 2:00 PM UTC - cron: '0 14 * * 1' workflow_dispatch: # Allow manual triggering for testing + +permissions: + contents: read + issues: write
16-25: Optional: pin actions to commit SHAsFor supply-chain hardening, pin reusable actions to a full commit SHA (with a trailing comment for the tag). This prevents tag retargeting.
Example:
- uses: actions/[email protected] + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7(Repeat for
pnpm/action-setup,actions/setup-node, andactions/upload-artifact.)Also applies to: 43-44
components/youtube_data_api_custom_app/package.json (1)
17-19: Remove unusedgotand confirm imports
- No legacy relative imports to the old
youtube_data_apipackage remain undercomponents/youtube_data_api_custom_app—all shared code now comes via@pipedream/youtube_data_api.- The package’s sources import sub-paths likeso you can drop the bespoke relative-path checks.import common from "@pipedream/youtube_data_api/…";
- There’s no
defineAppusage here, so no need to add@pipedream/typesas a dependency.- The
gotdependency isn’t referenced anywhere—removefrom"got": "^12.5.1",components/youtube_data_api_custom_app/package.jsonto avoid unused bloat.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
⛔ Files ignored due to path filters (1)
- pnpm-lock.yamlis excluded by- !**/pnpm-lock.yaml
📒 Files selected for processing (5)
- .github/workflows/scheduled-package-validation.yaml(1 hunks)
- components/gitlab_developer_app/gitlab_developer_app.app.mjs(1 hunks)
- components/slack_bot/slack_bot.app.mjs(1 hunks)
- components/youtube_data_api_custom_app/package.json(2 hunks)
- components/youtube_data_api_custom_app/sources/new-videos-by-location/new-videos-by-location.mjs(0 hunks)
💤 Files with no reviewable changes (1)
- components/youtube_data_api_custom_app/sources/new-videos-by-location/new-videos-by-location.mjs
🚧 Files skipped from review as they are similar to previous changes (2)
- components/slack_bot/slack_bot.app.mjs
- components/gitlab_developer_app/gitlab_developer_app.app.mjs
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: Publish TypeScript components
- GitHub Check: Lint Code Base
- GitHub Check: pnpm publish
- GitHub Check: Verify TypeScript components
🔇 Additional comments (1)
.github/workflows/scheduled-package-validation.yaml (1)
5-6: Cron change to Mondays 14:00 UTC — confirm intended cadence and impact on detection latencyThis shifts runs to once weekly (next run: Monday, August 25, 2025 at 14:00 UTC). Previously the job ran every 3 days. If the goal is to catch RELATIVEIMPORTS / dependency regressions quickly after merges, weekly could delay visibility by up to 7 days. If that’s acceptable, LGTM. Otherwise consider Mon/Thu or daily (cheap workload).
Its "parent component" was removed in a previous PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved, but with one question: For apps that use typescript, are you sure we don't need to include @pipedream/types under dependencies as well as devDependencies?
| @michelle0927 type packages are usually  We'd need them in  | 
Closes #18150
Note: the "missing" version bumps are all in the trustpilot app, which I only removed the "defineApp" wrapper; no need to update the components due to that.
Summary by CodeRabbit
Refactor
Chores
Maintenance