chore: update vite-rsc example

[hi-ogawa]

🔗 Linked issue

Follow up to #3919

This PR replaces pkg.pr.new with proper release package.

❓ Type of change

• 📖 Documentation (updates to the documentation, readme, or JSdoc annotations)
• 🐞 Bug fix (a non-breaking change that fixes an issue)
• 👌 Enhancement (improving an existing functionality like performance)
• ✨ New feature (a non-breaking change that adds functionality)
• 🧹 Chore (updates to the build process or auxiliary tools and libraries)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

📝 Checklist

• I have linked an issue or discussion.
• I have updated the documentation accordingly.

[coderabbitai]

📝 Walkthrough

Walkthrough

Re-enables a previously commented-out RSC link in the example app's root component and updates its reference target. Pins devDependencies in package.json to specific semver ranges: Vite React plugin to ^5.1.2 and Vite RSC plugin to ^0.5.11.

Changes

Cohort / File(s)	Summary
UI fix examples/vite-rsc/app/root.tsx	Uncomments RSC link list item and updates link reference from ?__rsc (with ?__rsc code) to ./_.rsc (with _.rsc code)
Dependency pinning examples/vite-rsc/package.json	Pins @vitejs/plugin-react to ^5.1.2 and @vitejs/plugin-rsc to ^0.5.11, replacing dynamic/PR-based version references

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• feat(vite): experimental rsc plugin support #3919 — Directly related as it introduced or modified the same vite-rsc example that is being refined in this PR.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description is related to the changeset, explaining that it replaces pkg.pr.new with a proper release package and references a follow-up PR.
Title check	✅ Passed	The PR title 'chore: update vite-rsc example' follows conventional commits format with proper 'chore' type prefix, but does not match the scope 'vite' shown in the commit messages provided in PR objectives.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[vercel]

@hi-ogawa is attempting to deploy a commit to the Nitro Team on Vercel.

A member of the Team first needs to authorize it.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/nitrojs/nitro@3922

commit: dd97e6f

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI Agents

In @examples/vite-rsc/app/root.tsx:
- Line 62: The anchor element with href="./_.rsc" uses target="_blank" but lacks
rel="noopener noreferrer"; update that <a href="./_.rsc" target="_blank">
element to include rel="noopener noreferrer" to prevent
window.opener/tabnabbing, and apply the same change to the other external anchor
that uses target="_blank" (the ?__nojs link) for consistency.
- Around line 60-66: Anchor elements that open new tabs (e.g., the <a
href="./_.rsc" target="_blank"> link in root.tsx and the other <a
target="_blank"> instance) are missing rel="noopener noreferrer"; update both
anchor tags to include rel="noopener noreferrer" so the opened pages cannot
access window.opener, keeping the existing href and target attributes unchanged.

In @examples/vite-rsc/package.json:
- Around line 19-20: The package version for "@vitejs/plugin-rsc" is set to an
unpublished release (^0.5.11); update the dependency entry for
"@vitejs/plugin-rsc" in package.json to a published version (for example
"^0.5.8" or "^0.5.1") so installations succeed and remain compatible with
"@vitejs/plugin-react".

🧹 Nitpick comments (1)

examples/vite-rsc/package.json (1)

19-23: Consider adopting a consistent versioning strategy.

Lines 19-20 now use specific semver ranges while lines 21 and 23 continue using "latest" and "beta". For better reproducibility in examples, consider pinning all devDependencies to specific versions or document why certain packages use dynamic versions.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 72b037f and dd97e6f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• examples/vite-rsc/app/root.tsx
• examples/vite-rsc/package.json

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-12-24T11:45:17.435Z

Learnt from: CR
Repo: nitrojs/nitro PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-24T11:45:17.435Z
Learning: Avoid introducing new dependencies unless strictly necessary; add to `devDependencies` unless required in runtime logic

Applied to files:

• examples/vite-rsc/package.json

📚 Learning: 2025-12-24T11:45:17.435Z

Learnt from: CR
Repo: nitrojs/nitro PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-24T11:45:17.435Z
Learning: Update types and JSDoc for API changes

Applied to files:

• examples/vite-rsc/package.json

📚 Learning: 2025-12-24T11:45:17.435Z

Learnt from: CR
Repo: nitrojs/nitro PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-24T11:45:17.435Z
Learning: Applies to src/**/*.{ts,js,tsx,jsx} : Use ESM and modern JavaScript

Applied to files:

• examples/vite-rsc/app/root.tsx

🪛 Biome (2.1.2)

examples/vite-rsc/app/root.tsx

[error] 62-62: Avoid using target="_blank" without rel="noopener" or rel="noreferrer".

Opening external links in new tabs without rel="noopener" is a security risk. See the explanation for more details.
Safe fix: Add the rel="noopener" attribute.

(lint/security/noBlankTarget)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

@vitejs/plugin-react 5.1.2 npm

💡 Result:

Yes — @vitejs/plugin-react version 5.1.2 is published. Install with:
npm install -D @vitejs/[email protected]. [1][2]

Changelog notes (selection): v5.1.1 updated support for newer rolldown-vite (optimizeDeps.rolldownOptions); v5.1.2 is listed in the plugin releases. [2][3]

Sources:

• Package listing (jsDelivr showing v5.1.2). [1]
• @vitejs/plugin-react release notes / changelog entries. [2]
• Package summary/docs (npm listing). [3]

---

🌐 Web query:

@vitejs/plugin-rsc 0.5.11 npm

💡 Result:

I couldn't find a published npm version 0.5.11 of @vitejs/plugin-rsc. The npm listing and package indexes show versions in the 0.4–0.5.x range (examples: npm listing / latest shown as 0.4.29 in the npm page snapshot [1]; aggregator shows latest 0.5.1 [2]), and security advisories reference fixes in 0.5.3–0.5.8 but not 0.5.11 [3][4]. If you want, I can check the npm registry or the GitHub repo now to confirm the absolute latest published version.

Sources:
[1] npm package page snapshot for @vitejs/plugin-rsc.
[2] Package aggregator (reactlibraries) showing latest 0.5.1.
[3] GitHub security advisory for vite-plugin-react (mentions patched versions).
[4] OSV/other advisories referencing fixed versions.

---

🏁 Script executed:

cat examples/vite-rsc/package.json | head -30

Repository: nitrojs/nitro

Length of output: 605

---

Update @vitejs/plugin-rsc to an available version.

@vitejs/plugin-react@^5.1.2 exists and is compatible. However, @vitejs/plugin-rsc@^0.5.11 is not published on npm. The latest available versions are 0.5.1 or up to 0.5.8 based on release history. Update to an available version to prevent installation failures.

🤖 Prompt for AI Agents

In @examples/vite-rsc/package.json around lines 19-20, The package version for
"@vitejs/plugin-rsc" is set to an unpublished release (^0.5.11); update the
dependency entry for "@vitejs/plugin-rsc" in package.json to a published version
(for example "^0.5.8" or "^0.5.1") so installations succeed and remain
compatible with "@vitejs/plugin-react".