Update all dependencies to latest versions and fix several linter issues

[gpailler]

• Update to Node 24
• Switch from npm to pnpm
• Switch from eslint/prettier to biome
• Update all dependencies (React, Vite, Typescript...)
• Fix all linter errors and warnings

Summary by CodeRabbit

• New Features

  • Footer now links to the current commit hash.

• Bug Fixes

  • Fixed CSS syntax issues.
  • Improved fetch cancellation and stability to reduce stale updates.

• Improvements

  • Upgraded Node, React and many dependencies; migrated project tooling to pnpm and Node 24.
  • Replaced ESLint/Prettier with Biome-based formatting/linting and added project formatter config.
  • Various typing, accessibility and small UI refinements across components.

• Documentation

  • README and setup instructions updated for Node 24 and pnpm.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Upgrades project toolchain to Node 24 and pnpm/corepack, replaces ESLint/Prettier with Biome, bumps many dependencies (notably React 17→19 and react-router 6→7), converts numerous imports to type-only, tightens typings, adds fetch cancellation in Buckets, and updates CI/devcontainer and Vite build config.

Changes

Cohort / File(s)	Summary
Toolchain & CI /.devcontainer/devcontainer.json, /.github/workflows/build-deploy.yml, /.nvmrc, /README.md	Bumped Node to 24, switched to pnpm/corepack commands, updated workflow to install pnpm + setup-node, added .nvmrc, adjusted README pnpm instructions.
Package manifest & scripts /package.json	Version 0.2.0→0.2.1; major dependency upgrades (React 17→19, react-dom, react-router-dom 6→7, others); removed eslintConfig; added Biome scripts/devDependencies.
Formatter & linter config /.eslintrc.json, /.prettierrc.json, /tsconfig.eslint.json, /biome.json	Removed ESLint/Prettier and tsconfig eslint file; added biome.json with formatter and linter configuration.
Devcontainer /.devcontainer/devcontainer.json	Updated devcontainer image to Node 24, simplified forwardPorts formatting, switched to Biome VS Code extension, updated update/postAttach commands to use corepack/pnpm.
CI artifact & commands /.github/workflows/build-deploy.yml	Replaced Node setup with pnpm/action-setup + setup-node, bumped Node to 24, replaced npm commands with pnpm equivalents, added artifact upload steps.
TypeScript configs /tsconfig.json, /tsconfig.node.json	Switched moduleResolution to "bundler", removed "types": ["node"], minor formatting and include adjustments.
Vite / build tooling /vite.config.ts	Switched to node:child_process, added visualizer plugin top-level, moved visualizer options, introduced manual chunking for vendor bundles.
Runtime / entry /src/index.tsx, /src/reportWebVitals.ts, /src/request-idle-callback.ts	Migrated to React 18 createRoot; wrapped App with HelmetProvider from @dr.pogodin/react-helmet; updated web-vitals typing and handlers; tightened requestIdleCallback typing.
Utilities & serialization /src/utils.ts, /src/serialization/*.ts	Replaced Utils class with exported extractPathFromUrl function; many imports converted to type-only; added explicit casts in deserialization and small param renames.
Color scheme & providers /src/colorscheme/ColorSchemeProvider.tsx	Moved helper functions to module scope (toColorSchemeType, updateUI), switched some imports to type-only, preserved behavior.
Buckets & fetch logic /src/components/Buckets.tsx	Added per-effect AbortController, abort on cleanup, ignore AbortError, guard state updates, extracted sortResults helper.
Search area /src/components/Search.tsx, /src/components/SearchBar.tsx, /src/components/SearchPagination.tsx, /src/components/SearchProcessor.tsx	Stronger typing (type-only imports), enforced parseInt radix, decomposed search-param sync into separate effects, memoized timeout cleanup in SearchBar, SearchPagination may return null, some Form.Switch set to readOnly.
Component typing & icons /src/App.tsx, /src/components/*	Added type-only JSX imports, small prop typing changes (e.g., cardRef), icon swaps (Go→Fa), import/source updates (react-helmet → @dr.pogodin/react-helmet), and minor render/refactor tweaks.
Styling & assets /src/App.css, /src/components/asciinema-customthemes.css	Reformatting, minor CSS value normalizations, fixed stray brace in asciinema custom themes.
Removed files /.eslintrc.json, /.prettierrc.json, /tsconfig.eslint.json	ESLint/Prettier configs and tsconfig eslint removed in favor of Biome.

Sequence Diagram(s)

%%{init: {"themeVariables": {"actorBorder":"#334155","signalColor":"#60A5FA","noteBg":"#F8FAFC","noteText":"#0F172A"}}}%%
sequenceDiagram
  participant UI as User
  participant Buck as Buckets component
  participant Net as fetch()
  Note over Buck: mount or criteria change triggers fetch
  UI->>Buck: request fetch (criteria)
  Buck->>Net: fetch(..., { signal: controller.signal })
  alt unmount or new fetch occurs
    UI->>Buck: new fetch / unmount
    Buck->>Net: controller.abort()
    Note right of Net: promise rejects with AbortError
  end
  Net-->>Buck: response (or error)
  alt not aborted
    Buck->>UI: setResults / setSearching(false)
  else aborted
    Note right of Buck: ignore results, no state updates
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Areas needing extra attention:

• package.json dependency upgrades (React 17→19, react-router 6→7) for breaking API changes.
• CI/devcontainer changes to pnpm/corepack and Biome integration.
• Buckets fetch cancellation and state-update guards.
• reportWebVitals mapping to new web-vitals API and index.tsx provider wrapping.
• Vite manual chunking and visualizer/plugin adjustments.

Poem

🐰
I hopped through diffs with nimble paws,
swapped Node and npm for pnpm's cause;
Biome polished code while types took flight,
aborted stray fetches that raced through the night,
nibbling bytes, I celebrate every small cause.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: updating dependencies and fixing linter issues, which are the primary objectives of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-latest-dependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

src/components/Search.tsx (1)

144-146: Bug: setSortIndex called with sort direction value.

Line 145 incorrectly calls setSortIndex with the result of getSortDirectionFromSearchParams(). This should be setSortDirection.

  if (getSortDirectionFromSearchParams(getSortIndexFromSearchParams()) !== sortDirection) {
-   setSortIndex(getSortDirectionFromSearchParams(getSortIndexFromSearchParams()));
+   setSortDirection(getSortDirectionFromSearchParams(getSortIndexFromSearchParams()));
  }

src/components/SearchResult.tsx (1)

45-56: Apply HTML sanitization before rendering highlighted content to the DOM.

Azure Cognitive Search returns highlighted fragments as HTML and does not automatically HTML-escape the original field content, so you must treat highlights as untrusted content and HTML-encode or sanitize before inserting into a page to avoid XSS.

The current implementation passes highlightedName, highlightedDescription, highlightedLicense, and highlightedVersion directly to displayInnerHtml() → dangerouslySetInnerHTML with no sanitization applied. Additionally, formattedHighlightedRepository (src/components/SearchResult.tsx, line 116-117) uses .replace() on the highlighted content without escaping replacement strings, which could introduce XSS vectors.

Actions:

• Install and use a sanitization library (e.g., DOMPurify) to sanitize all highlighted fields before rendering, or
• Ensure Azure Search content is HTML-encoded server-side before indexing, or
• Implement a safe rendering pattern (e.g., extract plain text, then apply styling with safe DOM methods).

🧹 Nitpick comments (14)

src/components/SearchBar.tsx (2)

1-76: Optional: use named memo import instead of default React

The default React import is only used for React.memo. In React 17+ / 19 with the modern JSX transform, you can import memo directly and drop the default import for slightly cleaner and more tree‑shakable code.

Example diff:

-import React, { type JSX, useCallback, useEffect, useRef } from 'react';
+import { memo, type JSX, useCallback, useEffect, useRef } from 'react';
@@
-export default React.memo(SearchBar);
+export default memo(SearchBar);

---

17-55: Timer ref typing is Node‑specific; consider ReturnType<typeof setTimeout>

The debounced submit logic and the clearDelayBeforeSubmitTimeout callback look correct and the cleanup is wired properly through useCallback and useEffect. The only concern is typing the ref as NodeJS.Timeout, which ties this component to Node typings; in browser‑focused React apps, setTimeout commonly returns a number.

Using ReturnType<typeof setTimeout> keeps this compatible across environments (Node + DOM) without depending on NodeJS globals.

Suggested change:

-  const delayBeforeSubmit = useRef<NodeJS.Timeout | undefined>(undefined);
+  const delayBeforeSubmit = useRef<ReturnType<typeof setTimeout> | undefined>(undefined);

This should be type‑safe for both Node 24 and the browser build as long as your TS lib settings include the appropriate timer definitions.

README.md (1)

19-37: Docs now match Node 24 + pnpm toolchain

The updated prerequisites and commands correctly reflect the move to Node 24 and pnpm (pnpm install, pnpm run dev/build/preview, etc.), which should keep contributors aligned with the new setup.

If you care about a clean markdownlint run, consider wrapping the localhost URLs in angle brackets (e.g., <http://localhost:3000>) to avoid MD034 “bare URL” warnings, but that’s purely cosmetic.

.devcontainer/devcontainer.json (1)

2-21: Devcontainer Node 24 / pnpm setup looks consistent; consider lockfile-strict install

Node 24 image, Biome extension, and pnpm commands align with the rest of the PR. If you want devcontainers to strictly honor the lockfile, you could make the install step deterministic:

-  "updateContentCommand": "corepack enable && pnpm install",
+  "updateContentCommand": "corepack enable && pnpm install --frozen-lockfile",

Please confirm this matches how CI installs dependencies (npm/pnpm flags, lockfile usage).

src/serialization/SearchResultsJson.ts (1)

9-11: Cast to object is fine; initializer can be simplified

The jsonObject as object cast in Create is a reasonable way to satisfy deserializeObject while keeping the public API unknown.

For the property, you can drop the redundant assertion since the field is already typed:

-  @JsonProperty('value', [ManifestJson])
-  results: ManifestJson[] = [] as ManifestJson[];
+  @JsonProperty('value', [ManifestJson])
+  results: ManifestJson[] = [];

Please ensure Biome/TS config doesn’t rely on the explicit as ManifestJson[] before applying this.

Also applies to: 16-18

vite.config.ts (1)

1-1: Visualizer always-on is okay; consider gating it by env flag

Importing execSync from node:child_process and moving visualizer into the main plugins array are fine. If you’d prefer to only generate stats on demand, you could gate it on an env var:

-  plugins: [
-    react(),
-    visualizer({
-      filename: 'build_stats/stats_treemap.html',
-      open: false,
-      gzipSize: true,
-      template: 'treemap',
-    }),
-  ],
+  plugins: [
+    react(),
+    ...(process.env.ANALYZE === 'true'
+      ? [
+          visualizer({
+            filename: 'build_stats/stats_treemap.html',
+            open: false,
+            gzipSize: true,
+            template: 'treemap',
+          }),
+        ]
+      : []),
+  ],

Verify this matches how you intend to run bundle analysis (local vs CI) before changing behavior.

Also applies to: 15-23

.github/workflows/build-deploy.yml (1)

12-12: pnpm + Node 24 workflow looks correct; consider locking installs for reproducibility

The Node 24 and pnpm 10 setup with setup-node caching is wired correctly, and the command switches to pnpm run … are consistent. For tighter CI reproducibility you might want to use pnpm install --frozen-lockfile (or the equivalent pnpm CI command) so builds fail if the lockfile and package.json drift instead of silently updating.

Also applies to: 24-37, 39-39, 42-42, 53-53

src/utils.ts (1)

1-3: Clarify or align the separator parameter usage

extractPathFromUrl currently does:

url.split('/').slice(-2).join(separator);

so separator only affects the join, not the split. That’s slightly misleading given the parameter name and default. Consider either:

• Using separator consistently:

-export const extractPathFromUrl = (url: string, separator = '/'): string => {
-  return url.split('/').slice(-2).join(separator);
-};
+export const extractPathFromUrl = (url: string, separator = '/'): string => {
+  return url.split(separator).slice(-2).join(separator);
+};

or

• Renaming the parameter (e.g., joinSeparator) if you intentionally always split on '/'.

src/components/Home.tsx (3)

38-62: Consider extracting SyntaxHighlighter outside the component.

Defining SyntaxHighlighter inside Home recreates the component identity on every render, which can cause unnecessary re-mounts and lose internal state. Since it only depends on colorStyle, consider memoizing or extracting it.

+const SyntaxHighlighter = React.memo(({ colorStyle, children, ...rest }: SyntaxHighlighterProps & { colorStyle: typeof darkStyle }) => {
+  const customStyle = { lineHeight: '1.4', fontSize: '0.9em', margin: '0' };
+  return (
+    <SyntaxHighlighterBase {...rest} style={colorStyle} customStyle={customStyle} codeTagProps={{ style: customStyle }}>
+      {children}
+    </SyntaxHighlighterBase>
+  );
+});

Alternatively, wrap the current definition with useMemo keyed on colorStyle.

---

64-70: Minor: Unhandled clipboard errors are silently swallowed.

The .finally(() => {}) prevents unhandled rejection warnings but also swallows any clipboard errors. Consider adding basic error handling if clipboard access fails.

---

76-95: Same concern: SyntaxHighlighterWithCopyBtn recreated on every render.

This inner component depends on handleCopyToClipboard which is stable (via useCallback), but the component identity still changes each render.

src/components/Search.tsx (1)

141-155: Avoid setting state during render.

These conditional state updates in the render body can cause extra re-renders. Consider moving them into a useEffect that depends on searchParams to synchronize state changes properly.

src/colorscheme/ColorSchemeProvider.tsx (2)

11-21: Handle malformed string values in toColorSchemeType to avoid NaN

parseInt(value, 10) can return NaN for unexpected or corrupted values in localStorage, which then flows through as a ColorSchemeType and is compared against the enum and passed to updateUI. It will currently fall through as “not dark” but the enum invariant is broken.

You can harden this by guarding explicitly:

 const toColorSchemeType = (value: boolean | string | null): ColorSchemeType => {
   if (value === null) {
     return ColorSchemeType.Auto;
   }

   if (typeof value === 'boolean') {
     return value ? ColorSchemeType.Dark : ColorSchemeType.Light;
   }

-  return parseInt(value, 10) as ColorSchemeType;
+  const parsed = Number.parseInt(value, 10);
+  return Number.isNaN(parsed) ? ColorSchemeType.Auto : (parsed as ColorSchemeType);
 };

---

87-95: Add cleanup for matchMedia event listener in layout effect

The change listener registered on browserColorSchemeMediaQueryList is never removed, so if this provider is ever unmounted/remounted you accumulate listeners.

Consider capturing the handler and returning a cleanup function:

-  useLayoutEffect(() => {
-    const browserColorSchemeMediaQueryList = window.matchMedia('(prefers-color-scheme: dark)');
-    browserColorSchemeMediaQueryList.addEventListener('change', (e) => {
-      setBrowserColorSchemePreference(toColorSchemeType(e.matches));
-    });
+  useLayoutEffect(() => {
+    const browserColorSchemeMediaQueryList = window.matchMedia('(prefers-color-scheme: dark)');
+    const handleChange = (e: MediaQueryListEvent) => {
+      setBrowserColorSchemePreference(toColorSchemeType(e.matches));
+    };
+    browserColorSchemeMediaQueryList.addEventListener('change', handleChange);

     setBrowserColorSchemePreference(toColorSchemeType(browserColorSchemeMediaQueryList.matches));
     setUserColorSchemePreference(toColorSchemeType(localStorage.getItem(PREFERRED_COLOR_SCHEME_STORAGE)));
-  }, []);
+    return () => {
+      browserColorSchemeMediaQueryList.removeEventListener('change', handleChange);
+    };
+  }, []);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9c6f262 and c9576e8.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (38)

• .devcontainer/devcontainer.json (1 hunks)
• .eslintrc.json (0 hunks)
• .github/workflows/build-deploy.yml (3 hunks)
• .nvmrc (1 hunks)
• .prettierrc.json (0 hunks)
• README.md (1 hunks)
• biome.json (1 hunks)
• package.json (2 hunks)
• src/App.css (5 hunks)
• src/App.tsx (1 hunks)
• src/colorscheme/ColorSchemeProvider.tsx (1 hunks)
• src/components/AsciinemaCasts.tsx (3 hunks)
• src/components/BucketTypeIcon.tsx (2 hunks)
• src/components/Buckets.tsx (4 hunks)
• src/components/CopyToClipboardButton.tsx (1 hunks)
• src/components/Footer.tsx (1 hunks)
• src/components/Home.tsx (7 hunks)
• src/components/NavBar.tsx (2 hunks)
• src/components/Root.tsx (1 hunks)
• src/components/Search.tsx (5 hunks)
• src/components/SearchBar.tsx (4 hunks)
• src/components/SearchPagination.tsx (3 hunks)
• src/components/SearchProcessor.tsx (3 hunks)
• src/components/SearchResult.tsx (4 hunks)
• src/components/SearchStatus.tsx (1 hunks)
• src/components/asciinema-customthemes.css (1 hunks)
• src/index.tsx (1 hunks)
• src/reportWebVitals.ts (1 hunks)
• src/request-idle-callback.ts (1 hunks)
• src/serialization/BucketsResultsJson.ts (1 hunks)
• src/serialization/DateConverter.ts (1 hunks)
• src/serialization/ManifestJson.ts (2 hunks)
• src/serialization/SearchResultsJson.ts (2 hunks)
• src/utils.ts (1 hunks)
• tsconfig.eslint.json (0 hunks)
• tsconfig.json (2 hunks)
• tsconfig.node.json (1 hunks)
• vite.config.ts (2 hunks)

💤 Files with no reviewable changes (3)

• .eslintrc.json
• .prettierrc.json
• tsconfig.eslint.json

🧰 Additional context used

🧬 Code graph analysis (4)

src/components/Home.tsx (1)

src/colorscheme/ColorSchemeContext.ts (1)

• ColorSchemeContext (19-19)

src/components/Buckets.tsx (1)

src/utils.ts (1)

• extractPathFromUrl (1-3)

src/components/AsciinemaCasts.tsx (1)

src/types/asciinema-player.d.ts (1)

• Player (4-6)

src/components/SearchResult.tsx (1)

src/utils.ts (1)

• extractPathFromUrl (1-3)

🪛 ast-grep (0.40.0)

src/components/SearchResult.tsx

[warning] 49-49: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

🪛 markdownlint-cli2 (0.18.1)

README.md

27-27: Bare URL used

(MD034, no-bare-urls)

---

27-27: Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (35)

src/components/asciinema-customthemes.css (1)

313-313: CSS syntax fix looks good.

The stray closing brace has been removed and the final closing brace is now properly positioned. The file structure is valid and all theme selectors are correctly formatted.

src/request-idle-callback.ts (1)

4-4: Nice type safety improvement!

Replacing any with IdleRequestCallback properly types the callback parameter and aligns with the PR's modernization goals. The callback invocation on line 8 correctly matches the IdleDeadline interface.

biome.json (3)

17-42: Verify that permissive configuration aligns with PR objective.

The PR objective states "Fix all linter errors and warnings," but the Biome configuration takes a permissive stance by disabling or downgrading several rules (noExcessiveCognitiveComplexity, noArguments, accessibility checks) and setting important rules to "warn" rather than error level. This may allow violations to accumulate if CI does not fail on warnings.

Clarify whether this configuration represents your team's intended standards or if it was a pragmatic workaround during the ESLint → Biome migration.

Consider also verifying:

• The exact Biome version in package.json matches schema 2.3.7.
• Whether your CI/CD pipeline is configured to fail on warnings as well as errors.

---

11-16: Formatter configuration looks appropriate.

The formatter settings (2-space indentation, 120-character line width, single quotes, always semicolons, ES5 trailing commas) are consistent with common web development practices and align well with the previous Prettier setup.

---

25-29: Disabling noExcessiveCognitiveComplexity is intentional configuration during tool migration with no evidence of violations.

The rule was deliberately disabled as part of the clean biome.json migration from eslint/prettier (commit 38395c7). Code inspection of the codebase (2086 LOC, 34 files) reveals no excessive cognitive complexity: nested conditionals are 2-3 levels deep (typical), switch statements are simple (2-3 cases), and the largest components (Search.tsx: 348 lines, SearchProcessor.tsx: 325 lines) show standard React component patterns. The original review assumes violations would surface if the rule were enabled, but no such violations are present in the codebase. This was a deliberate configuration choice during migration, not a workaround for existing problems.

Likely an incorrect or invalid review comment.

.nvmrc (1)

1-1: Node version pin looks good

Pinning Node to major version 24 in .nvmrc matches the rest of the toolchain changes and should help keep local dev aligned with CI. Just ensure all workflows/devcontainers also target Node 24 to avoid drift.

src/components/SearchStatus.tsx (1)

1-1: JSX type import is appropriate for React 19

Using a type‑only JSX import and returning JSX.Element keeps the component well‑typed under the React 19 type model and doesn’t affect runtime behavior. The rest of the component is unchanged and remains sound.

If you bump @types/react again later, re‑run type‑check to confirm this import style (JSX.Element) still matches the recommended pattern for that version, as React’s JSX typing has evolved across 18.x → 19.x.

src/serialization/ManifestJson.ts (1)

83-88: Optional chaining refactor preserves behavior

Updating the predicate to this.highlights?.[value] simplifies the null‑check while keeping the same semantics as the previous this.highlights && this.highlights[value]. The final return still safely falls back when there’s no match or highlights is undefined.

src/components/CopyToClipboardButton.tsx (1)

1-5: Import clean‑up is safe

Reordering the React hooks and icon imports is cosmetic and doesn’t affect the component’s behavior or public API. The button’s copy/feedback logic remains unchanged.

src/components/BucketTypeIcon.tsx (1)

1-5: Type import & formatting adjustments look correct

Bringing in a type‑only JSX import and returning JSX.Element keeps this component consistent with the React 19 typing pattern used elsewhere in the repo. The tooltip ternary is just re-indented; the actual conditions and text for official vs (popular) community buckets are unchanged.

After bumping React/TS types, it’s worth a quick pnpm run lint && pnpm run build to confirm all JSX typings (including this JSX.Element usage) are fully compatible with the new versions.

Also applies to: 29-33

tsconfig.json (1)

4-21: No Node globals detected in src/ — tsconfig changes are safe

The verification confirms the concern from the original review: src/ contains no direct usage of Node APIs (process, Buffer, __dirname, __filename, require), so the shift to "moduleResolution": "bundler" and removal of implicit Node typings will not cause unintended type errors.

The tsconfig changes are consistent with a browser-only, Vite-based setup and are safe to proceed.

tsconfig.node.json (1)

2-8: The review comment is based on a false premise and should be disregarded.

The node: builtin specifier (e.g., import fs from "node:fs") is a Node runtime convention — TypeScript will treat those as normal module specifiers and will resolve types via your ambient typings (e.g., @types/node or the Node builtin lib), not by any special bundler-only rule. The moduleResolution setting does not control how node: protocol imports are handled at runtime; if your output runs under a bundler (Vite, Rollup, webpack), use moduleResolution: "bundler".

moduleResolution: "bundler" is recommended for modern bundlers (Vite/esbuild/Rollup) and is the standard configuration for tsconfig.node.json. The four bare imports in vite.config.ts—node:child_process, @vitejs/plugin-react, rollup-plugin-visualizer, and vite—are all resolvable under bundler semantics. The change aligns with Vite best practices and poses no risk.

Likely an incorrect or invalid review comment.

src/components/AsciinemaCasts.tsx (1)

1-1: Typed refs and stable Nav keys are a solid cleanup

Annotating the component with JSX.Element, typing asciiPlayerRef as AsciinemaPlayer.Player | undefined, and switching Nav item keys from index to item.key all improve type safety and React reconciliation without changing behavior. No changes needed here.

Also applies to: 25-26, 62-64

src/serialization/DateConverter.ts (1)

1-1: Type-only JsonCustomConvert import and _date rename look good

Using a type-only import for JsonCustomConvert and renaming the unused date parameter to _date is a tidy way to satisfy typings and linters without changing runtime behavior (still “deserialize-only”). No further changes needed.

Also applies to: 5-7

src/components/SearchProcessor.tsx (1)

1-7: Search result handling and UI tweaks are consistent with the new types

• Importing SearchResultsJson up front and using SearchResultsJson.Create(data) keeps the fetch pipeline strongly typed and matches the onResultsChange(value?: SearchResultsJson) contract (including undefined on failures/abort).
• Swapping to FaCog and factoring SortIcon over IconBaseProps is a straightforward UI/typing improvement.
• Marking the Form.Switch.Input elements as readOnly while toggling via the surrounding Dropdown.Item click handlers is a reasonable pattern to keep them controlled without React warnings.

I don’t see functional regressions here.

Also applies to: 148-237, 281-314

src/components/SearchPagination.tsx (1)

1-1: Null return path and JSX typing are appropriate here

Typing SearchPagination as JSX.Element | null and returning null when there’s nothing to paginate is idiomatic React and slightly cheaper than rendering an empty fragment. The rest of the pagination logic is unchanged.

Also applies to: 14-15, 73-74

package.json (1)

3-3: Pipeline fails at linting—fix formatting in coderabbit.markdownlint-cli2.jsonc before proceeding

The verification confirmed dependencies install correctly with pnpm v10.23.0 and the tooling stack is compatible. However, the lint check failed due to formatting errors in coderabbit.markdownlint-cli2.jsonc. Biome requires:

1. Collapse lines 2–6 from multi-line to single-line format
2. Add a trailing newline at end of file

 {
-  "outputFormatters": [
-    [
-      "markdownlint-cli2-formatter-json"
-    ]
-  ],
+  "outputFormatters": [["markdownlint-cli2-formatter-json"]],
   "config": {
     "default": true,
     ...
   }
+
 }

Additionally, the CI uses pnpm v10.23.0 (review suggested v9; either version appears functional, but align if consistency is required).

Likely an incorrect or invalid review comment.

src/components/Root.tsx (1)

1-1: Typed JSX return and imports are clean and consistent

Using a type-only JSX import and annotating Root’s return type aligns with the rest of the TS/React codebase and doesn’t alter runtime behavior of the provider tree.

Also applies to: 5-5, 9-21

src/index.tsx (1)

1-1: createRoot + HelmetProvider integration matches modern React patterns

The explicit root element check, createRoot(container), and wrapping App with React.StrictMode and HelmetProvider is the expected setup for React 18/19 and the @dr.pogodin/react-helmet API. This should be a drop-in replacement for the previous ReactDOM.render + react-helmet combo.

Please double-check against the versions of react-dom and @dr.pogodin/react-helmet in package.json to ensure this is the recommended initialization signature for those exact versions.

Also applies to: 3-3, 8-18

src/components/NavBar.tsx (1)

1-1: Stricter color-scheme comparisons and JSX typing look good

Switching to === for ColorSchemeType comparisons and adding an explicit JSX.Element return type make the component safer and clearer without changing behavior.

Also applies to: 3-4, 37-38, 43-44, 49-50

src/serialization/BucketsResultsJson.ts (1)

1-4: Type-only facet import and deserializeObject typing are reasonable

Importing BucketsResultsFacetJson as a type-only symbol and constraining jsonObject to object for deserializeObject keep runtime behavior the same while tightening TS types. The results dictionary type remains clear and keyed correctly by facet name.

If you run into typing friction here, it may be worth confirming the current json2typescript JsonConvert.deserializeObject signature matches this object constraint for your installed version.

Also applies to: 9-11, 16-18

src/components/Footer.tsx (1)

1-1: Footer icon updates and commit link are solid; confirm APP_COMMIT_HASH wiring

Switching to FaGithub/FaRegHandshake and adding the {APP_VERSION}/{APP_COMMIT_HASH} link improves clarity and traceability, and the JSX typing is consistent with the rest of the codebase. Just ensure APP_COMMIT_HASH is defined in your build-time globals and included in the relevant TypeScript declaration file so this doesn’t rely on an implicit any or cause runtime ReferenceErrors.

Also applies to: 3-4, 12-23

src/App.tsx (1)

1-1: App’s JSX typing and Helmet migration align with the new entry setup

Annotating App as returning JSX.Element and switching Helmet to @dr.pogodin/react-helmet are consistent with the updated HelmetProvider usage and React 19 toolchain; the router structure is unchanged.

Confirm that the defaultTitle and titleTemplate props used here match the current @dr.pogodin/react-helmet API for the version declared in package.json.

Also applies to: 4-5, 12-27

src/App.css (1)

1-151: LGTM!

The CSS changes are formatting normalizations (multi-selector line breaks, line-height: 2.0 → 2, rgba() spacing) consistent with the Biome migration. No semantic style changes.

src/components/Home.tsx (1)

1-14: LGTM!

Import reorganization aligns with React 19 best practices: explicit type JSX import, type-only imports for SyntaxHighlighterProps and AsciinemaCastItem, and proper ColorSchemeContext usage.

src/components/Search.tsx (3)

1-10: LGTM!

Import updates are correct: @dr.pogodin/react-helmet for React 19 compatibility, explicit type JSX import, and type SortDirection import.

---

46-46: Good: Explicit radix for parseInt.

Adding the radix 10 prevents unexpected behavior with leading zeros.

---

203-203: LGTM!

Simplified cleanup effect is correct and ensures the idle callback is cancelled on unmount.

src/components/SearchResult.tsx (3)

4-11: LGTM!

Import reorganization follows React 19 patterns with explicit type imports and the new extractPathFromUrl utility aligns with the codebase-wide refactor.

---

26-26: LGTM!

The RefObject<HTMLDivElement | null> type is the correct typing for React 19, where all refs are mutable and include null in the type.

---

124-129: LGTM!

The extractPathFromUrl usage and template literal for appCommand are clean and consistent with the utility's signature in src/utils.ts.

src/components/Buckets.tsx (3)

1-9: LGTM!

Import updates are correct: @dr.pogodin/react-helmet, explicit type JSX, and extractPathFromUrl from the new utility location.

---

64-139: Good: Proper AbortController pattern.

The per-effect AbortController creation, abort-on-cleanup, and AbortError handling are well implemented for React 19's stricter Strict Mode behavior.

---

186-186: LGTM!

Consistent usage of extractPathFromUrl matching the pattern in SearchResult.tsx.

src/reportWebVitals.ts (1)

1-11: Web‑vitals integration looks consistent with the newer API

The type-only import and the use of onCLS, onINP, onFCP, onLCP, and onTTFB all wired to the same (metric: Metric) => void callback are coherent and keep the dynamic import lazy.

Please double-check against the exact web-vitals version you installed that:

• Metric is the correct metric type, and
• the functions onCLS, onINP, onFCP, onLCP, and onTTFB all accept a (metric: Metric) => void callback.
  If you like, you can confirm via the official web-vitals documentation or its type definitions in node_modules/web-vitals.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

Verify accessibility rule disablement.

Three accessibility rules are explicitly disabled: useKeyWithClickEvents, useKeyWithMouseEvents, and noStaticElementInteractions. For a web project, disabling these rules is a significant regression in accessibility compliance. Confirm this is intentional and not a workaround to silence violations during migration.

If this was disabled due to existing violations in the codebase, consider re-enabling these rules and addressing the violations to maintain or improve accessibility posture.

---

🏁 Script executed:

#!/bin/bash
# Examine full biome.json to understand configuration context
echo "=== Full biome.json content ==="
find . -name "biome.json" -type f | head -1 | xargs cat

echo ""
echo "=== package.json (Biome version check) ==="
if [ -f "package.json" ]; then
  jq '.devDependencies.biome // .dependencies.biome // "not found"' package.json
else
  echo "package.json not found"
fi

Length of output: 1183

---

Address disabled accessibility rules in biome.json.

Three accessibility rules are explicitly disabled (lines 38-40): useKeyWithClickEvents, useKeyWithMouseEvents, and noStaticElementInteractions. This directly contradicts the "recommended": true setting within the a11y section and represents a regression for a web project. Additionally, the cognitive complexity rule is disabled (noExcessiveCognitiveComplexity: "off" at line 26), and several other rules are downgraded to "warn" level.

Either document the business/technical justification for these exemptions, or re-enable these rules and address the underlying violations to maintain accessibility posture.

🤖 Prompt for AI Agents

In biome.json around lines 36 to 41 (and note the related cognitive complexity
rule at line 26 and other downgraded rules), the accessibility rules
useKeyWithClickEvents, useKeyWithMouseEvents, and noStaticElementInteractions
are explicitly set to "off" which contradicts "a11y.recommended": true; either
re-enable these rules (set them back to "error" or "warn" as per project policy)
and fix the underlying violations in the codebase, or if there is a justified
exception, add a brief documented justification in the config (or link to an
issue/PR) explaining why each rule is disabled and include an owner and a
remediation plan/timeframe; ensure the biome.json comment or adjacent README
notes the decision and align the cognitive complexity and other downgraded rules
consistently with project standards.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/components/Buckets.tsx (1)

64-66: Unused ref assignment.

abortControllerRef.current is assigned on line 66 but never read elsewhere in the component. The local abortController variable is sufficient for the cleanup function closure. Consider removing the ref if it's not needed for external access.

 const Buckets = (): JSX.Element => {
-  const abortControllerRef = useRef<AbortController | null>(null);
   const [searching, setSearching] = useState<boolean>(false);
   const [results, setResults] = useState<Bucket[]>([]);
   // ...
   useEffect(() => {
-    // Create a new AbortController for this effect
     const abortController = new AbortController();
-    abortControllerRef.current = abortController;

src/components/Search.tsx (1)

141-171: Consider consolidating parameter synchronization.

The separate useEffect blocks for parameter synchronization work correctly, but the bidirectional pattern (including current state in dependencies to conditionally update) adds complexity. Each effect re-runs whenever its state changes, then conditionally updates if search params differ.

While functionally correct, this could be simplified by either:

• Removing state from dependencies and relying solely on search param changes
• Using a single effect to synchronize all parameters

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c9576e8 and 2654bb9.

📒 Files selected for processing (4)

• .devcontainer/devcontainer.json (1 hunks)
• .github/workflows/build-deploy.yml (3 hunks)
• src/components/Buckets.tsx (4 hunks)
• src/components/Search.tsx (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .devcontainer/devcontainer.json

🧰 Additional context used

🧬 Code graph analysis (1)

src/components/Buckets.tsx (1)

src/utils.ts (1)

• extractPathFromUrl (1-3)

🔇 Additional comments (10)

src/components/Buckets.tsx (5)

1-9: LGTM!

The imports are properly updated for React 19 compatibility. Using type JSX import is the correct modern approach, and extracting extractPathFromUrl to a shared utility improves reusability.

---

19-51: LGTM!

The array mutation issue has been properly addressed by creating a shallow copy before sorting. The sort logic is correct for all three modes, and the default case appropriately throws an error for unexpected sort modes.

---

53-61: LGTM!

The abortControllerRef is properly typed and the functional update pattern in handleSortChange correctly avoids stale closure issues.

---

120-136: LGTM!

The abort handling is well-implemented. Checking abortController.signal.aborted before state updates prevents React warnings about updating unmounted components, and properly ignoring AbortError in the catch block is the correct pattern.

---

185-185: LGTM!

Good refactoring to extract extractPathFromUrl into a shared utility. This improves reusability and testability.

.github/workflows/build-deploy.yml (1)

12-12: ✅ All verification checks passed—the migration to pnpm and Node 24 is correctly implemented.

The review comment is accurate. Key confirmations:

• pnpm v10 officially supports Node.js 24 per pnpm documentation
• All npm commands have been replaced with pnpm equivalents throughout the workflow
• pnpm installation step correctly uses pnpm/action-setup@v4 with version 10 before Node setup
• pnpm install --frozen-lockfile is the proper CI/CD equivalent of npm ci
• Cache strategy correctly configured to pnpm
• No other workflows exist that need updating

src/components/Search.tsx (4)

1-11: LGTM: Type-only imports improve tree-shaking.

The migration to type-only imports (lines 2, 6, 7, 10) follows TypeScript best practices and helps with bundle optimization.

---

46-46: LGTM: Explicit radix prevents edge cases.

Adding radix 10 to parseInt prevents potential octal interpretation issues and follows best practices.

Also applies to: 55-55

---

219-219: LGTM: Correct cleanup effect pattern.

Removing idleCallbackId from dependencies is correct since refs don't need to be tracked. The cleanup function will properly cancel the callback on unmount.

---

317-317: LGTM: Strict equality prevents type coercion.

Changing to === improves type safety and follows modern JavaScript best practices.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

src/components/Buckets.tsx (2)

19-51: sortResults now preserves state immutability; minor optional enhancement

Cloning before sorting correctly avoids mutating React state, and the three sort branches match the sortModes options with sensible ordering (official first, then name; name; manifests desc). As a small nicety, you could include the unexpected value in the error to aid debugging:

-    default:
-      throw new Error('Unexpected sort mode');
+    default:
+      throw new Error(`Unexpected sort mode: ${sortOrder}`);

---

62-65: AbortController-based fetch lifecycle is solid; consider response checks and parallel fetches

The per‑effect AbortController, passing signal into fetch, ignoring AbortError, and guarding setResults / setSearching on !signal.aborted are all correct and avoid setState‑after‑unmount issues.

Two small robustness/perf tweaks you might consider:

1. Check response.ok before response.json() to surface HTTP failures more clearly:

      const response = await fetch(url, {
        method: 'POST',
        body: JSON.stringify({
@@
        },
        signal: abortSignal,
      });
-      const data = (await response.json()) as unknown;
+      if (!response.ok) {
+        throw new Error(
+          `Azure Search request failed with ${response.status} ${response.statusText}`,
+        );
+      }
+      const data = (await response.json()) as unknown;

2. Fetch official and community buckets in parallel to reduce latency:

-    const fetchAsync = async (abortSignal: AbortSignal): Promise<Bucket[]> => {
-      const officialBuckets = await fetchDataAsync(abortSignal, true);
-      const communityBuckets = await fetchDataAsync(abortSignal, false);
+    const fetchAsync = async (abortSignal: AbortSignal): Promise<Bucket[]> => {
+      const [officialBuckets, communityBuckets] = await Promise.all([
+        fetchDataAsync(abortSignal, true),
+        fetchDataAsync(abortSignal, false),
+      ]);

These are optional but would make the flow a bit more resilient and responsive.

Also applies to: 103-137

vite.config.ts (2)

15-23: Visualizer plugin placement looks good; consider gating it if builds get noisy

Using visualizer({...}) in the top‑level plugins array is a standard Vite pattern and the options (filename, open: false, gzipSize, template: 'treemap') look correct for rollup-plugin-visualizer 6.x. If you only occasionally need bundle stats, you might optionally gate this plugin behind a mode/env flag (e.g., only enable when ANALYZE=true) so normal builds don’t always generate the treemap file.

---

35-51: manualChunks vendor grouping is reasonable; verify regex scope and path normalization

The manualChunks logic to group react-bootstrap/popper into bootstrap-vendor, React‑related packages into react-vendor, and asciinema-player into asciinema-vendor is sound and should help produce more predictable vendor bundles. Two minor points to keep in mind:

• The /\/(react)/ regex will catch any dependency path containing react (e.g., @vitejs/plugin-react-swc, various React ecosystem packages), so react-vendor may grow quite large; confirm this granularity matches your intended caching/splitting strategy.
• Vite/Rollup usually normalize IDs to use /, but if you ever see Windows-specific \ paths leaking into manualChunks, you may want to normalize id first (e.g., const normalized = id.replace(/\\\\/g, '/');) before running the regex checks.

Functionally this is fine as‑is; these are just things to verify against real build outputs.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2654bb9 and 646b20e.

📒 Files selected for processing (2)

• src/components/Buckets.tsx (4 hunks)
• vite.config.ts (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/components/Buckets.tsx (1)

src/utils.ts (1)

• extractPathFromUrl (1-3)

🔇 Additional comments (2)

src/components/Buckets.tsx (1)

1-3: Imports, Helmet, and shared extractPathFromUrl usage look good

Type‑only JSX import, switch to @dr.pogodin/react-helmet, and reusing the shared extractPathFromUrl helper in the table cell all look consistent and type‑safe. No changes requested here.

Also applies to: 6-7, 183-183

vite.config.ts (1)

1-1: Node built‑in import style is appropriate for Node 24

Switching to 'node:child_process' is the modern, recommended style for Node 20+/24 and should behave the same as the old 'child_process' specifier in this context. Just ensure all environments that run this config (CI, dev containers, any tooling) are indeed on a Node version that supports node: specifiers.