Skip to content

Typescript Rewrite#118

Open
Phillip9587 wants to merge 1 commit intojshttp:masterfrom
Phillip9587:typescript
Open

Typescript Rewrite#118
Phillip9587 wants to merge 1 commit intojshttp:masterfrom
Phillip9587:typescript

Conversation

@Phillip9587
Copy link
Contributor

This PR is a full TypeScript rewrite of the package as suggested by @blakeembrey in #104 (comment). It also uses tsdown to build a dual bundle: CommonJS for Node.js consumers and an ESM build for browsers and bundlers.

This is another big step for #114.

Tooling

I tried to align the tooling as much as possible with Blake's @borderless/ts-scripts but went for not using it directly. So the package now uses:

@socket-security
Copy link

socket-security bot commented Feb 13, 2026

@socket-security
Copy link

socket-security bot commented Feb 13, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm vite is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: ?npm/vitest@3.2.4npm/vite@7.3.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@7.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@Phillip9587 Phillip9587 force-pushed the typescript branch 2 times, most recently from e69b734 to 0dfe733 Compare February 13, 2026 00:04
Copy link
Member

@blakeembrey blakeembrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure we need to do both ESM and CommonJS, just CommonJS should be fine for a package like this.

Also the TypeScript refactor changes exports but this didn't update the README.

"test-ci": "c8 --reporter=lcovonly --reporter=text npm test",
"test-cov": "c8 --reporter=html --reporter=text npm test"
"prepare": "husky",
"test": "vitest",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer to have test run everything needed to pass, instead of configuring this in each place (e.g. local, CI, etc). That way everyone knows it's just npm test and if it passes you're good.

"typecheck": "tsc --noEmit"
},
"devDependencies": {
"@arethetypeswrong/core": "^0.18.2",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this used?

"devDependencies": {
"@arethetypeswrong/core": "^0.18.2",
"@eslint/js": "^9.39.2",
"@types/node": "^20.19.33",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This package shouldn't need @types/node now right?

"prettier-plugin-packagejson": "^3.0.0",
"pretty-quick": "^4.2.2",
"publint": "^0.3.17",
"tsdown": "^0.20.3",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer to just use the TypeScript compiler directly. This adds a bunch of overhead I don't need, e.g. without checking out this PR locally I can't confirm if it's generating the file structure with source maps and .d.ts files correctly, and it shouldn't be bundling any dependencies.

"module": "preserve",
"moduleResolution": "bundler",
"resolveJsonModule": true,
"types": ["node"],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"types": ["node"],
"types": [],

"import": "./dist/index.js",
"require": "./dist/index.cjs"
},
"./package.json": "./package.json"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to export package.json?

@blakeembrey
Copy link
Member

I tried to align the tooling as much as possible with Blake's @borderless/ts-scripts but went for not using it directly.

I'd love to know why. It's totally understandable to skip it as it's just something I started using once I was maintaining hundreds of packages and got sick of the config bloat of every package, as well as keeping up with minor changes/improvements to things like husky everywhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants