fix(start): skip errored Rspack modules during import protection

[SyMind]

Fixes a dev-mode recovery bug where invalid JS/TS code could produce a Rspack compiler-level error from import protection, leaving rsbuild dev unable to recover even after the user fixed the source code.

Changes:

• Skip already-errored Rspack modules while building the import protection compilation graph.
• Ensure the original syntax error is surfaced through the Rsbuild error overlay instead of a secondary Compilation.hooks.processAssets plugin error.
• Add RSC Rsbuild e2e coverage that injects invalid route code and snapshots the client/server error overlay.

Summary by CodeRabbit

• Bug Fixes
  • Improved import-protection handling so modules with errors are less likely to be treated like normal modules, leading to more reliable behavior during build failures.
• Tests
  • Added end-to-end coverage to verify the error overlay displays syntax errors consistently.
• Chores
  • Updated the Rsbuild toolchain version across supported examples, benchmarks, and starter templates to the latest 2.1.x release.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fe40c25b-c2e7-4609-84ec-42271dd6a247

📥 Commits

Reviewing files that changed from the base of the PR and between ab4f558 and 66fc253.

📒 Files selected for processing (1)

• e2e/react-start/rsc-rsbuild/tests/error-overlay.spec.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• e2e/react-start/rsc-rsbuild/tests/error-overlay.spec.ts

---

📝 Walkthrough

Walkthrough

Bumps @rsbuild/core to ^2.1.0 across packages, fixtures, examples, and benchmarks. Updates buildCompilationGraph to skip errored module connections. Adds a Playwright E2E test that verifies the rsbuild error overlay in the rsc-rsbuild fixture.

Changes

rsbuild 2.1.0 upgrade with import-protection fix and error overlay E2E

Layer / File(s)	Summary
Bump rsbuild dependencies benchmarks/bundle-size/package.json, e2e/*/package.json, examples/*/package.json, packages/*/package.json	Package manifests across packages, e2e fixtures, examples, and benchmarks update @rsbuild/core to ^2.1.0; packages/router-plugin adds the dependency entry, and e2e/vue-start/basic also bumps rsbuild Vue plugins.
Skip errored modules in import graph packages/start-plugin-core/src/rsbuild/import-protection.ts	buildCompilationGraph now ignores outgoing connections whose connection.module.error is truthy, so errored modules are not added to the import graph edges.
Error overlay Playwright test e2e/react-start/rsc-rsbuild/tests/error-overlay.spec.ts	The new test file adds a DevServer helper, overlay text parsing and normalization utilities, snapshot assembly helpers, and a Playwright test that injects a syntax error into the fixture route and asserts the rendered overlay output.

Sequence Diagram(s)

sequenceDiagram
  participant Playwright test
  participant DevServer
  participant rsbuild dev server
  Playwright test->>DevServer: start on per-test port
  DevServer->>rsbuild dev server: pnpm exec rsbuild dev
  Playwright test->>rsbuild dev server: navigate and read error overlay
  Playwright test->>Playwright test: normalize and compare snapshot

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

• TanStack/router#7245: Also updates @rsbuild/core version ranges across repository package manifests.
• TanStack/router#7482: Touches packages/start-plugin-core/src/rsbuild/import-protection.ts in the same import-protection pipeline.

Suggested labels

package: start-plugin-core

Suggested reviewers

• schiller-manuel

🐇 I hop through manifests, bright and neat,
Then skip the errored modules on the street.
A tiny test watches the overlay glow,
With JSON snapshots in tidy row.
Rsbuild 2.1.0 — off we go! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly matches the main fix: skipping errored Rspack modules during import protection in start.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	nitro-nightly@​3.0.1-20260628-090458-3df69609
	@​rsbuild/​core@​2.1.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/nitro@3.0.1-alpha.2 → npm/@tanstack/eslint-config@0.4.0 → npm/@rsbuild/plugin-vue@1.2.7 → npm/nitro@3.0.260311-beta → npm/wrangler@4.75.0 → npm/@cloudflare/vite-plugin@1.29.1 → npm/@rsbuild/plugin-react@2.0.0 → npm/@rsbuild/core@2.1.1 → npm/nitro-nightly@3.0.1-20260628-090458-3df69609 → npm/@swc-node/register@1.11.1 → npm/@tanstack/eslint-config@0.3.2 → npm/@netlify/vite-plugin-tanstack-start@1.1.4 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm env-runner is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/nitro-nightly@3.0.1-20260628-090458-3df69609 → npm/env-runner@0.1.14 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/env-runner@0.1.14. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Low adoption: npm ocache Location: Package overview From: pnpm-lock.yaml → npm/nitro-nightly@3.0.1-20260628-090458-3df69609 → npm/ocache@0.1.5 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ocache@0.1.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@e2e/react-start/rsc-rsbuild/tests/error-overlay.spec.ts`:
- Around line 28-44: The DevServer startup path currently waits only on
waitUntilReady(), so a spawn failure from pnpm/rsbuild can hang until timeout
instead of failing immediately. In the DevServer.start method, add an error
listener to the spawned process and surface that error right away, ideally
before or alongside the waitUntilReady() flow, so startup failures are reported
immediately instead of being masked by the timeout.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 666b748c-f5f5-4855-9201-a1019bf10caf

📥 Commits

Reviewing files that changed from the base of the PR and between 80d098f and ab4f558.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (28)

• benchmarks/bundle-size/package.json
• e2e/react-router/rspack-basic-file-based/package.json
• e2e/react-router/rspack-basic-virtual-named-export-config-file-based/package.json
• e2e/react-start/basic/package.json
• e2e/react-start/css-inline/package.json
• e2e/react-start/custom-server-rsbuild/package.json
• e2e/react-start/deferred-hydration/package.json
• e2e/react-start/hmr/package.json
• e2e/react-start/import-protection/package.json
• e2e/react-start/rsc-rsbuild/package.json
• e2e/react-start/rsc-rsbuild/tests/error-overlay.spec.ts
• e2e/react-start/rsc/package.json
• e2e/react-start/server-functions/package.json
• e2e/solid-router/rspack-basic-file-based/package.json
• e2e/solid-router/rspack-basic-virtual-named-export-config-file-based/package.json
• e2e/solid-start/basic/package.json
• e2e/solid-start/deferred-hydration/package.json
• e2e/vue-router/rspack-basic-file-based/package.json
• e2e/vue-router/rspack-basic-virtual-named-export-config-file-based/package.json
• e2e/vue-start/basic/package.json
• examples/react/quickstart-rspack-file-based/package.json
• examples/solid/quickstart-rspack-file-based/package.json
• packages/react-start/package.json
• packages/router-plugin/package.json
• packages/solid-start/package.json
• packages/start-plugin-core/package.json
• packages/start-plugin-core/src/rsbuild/import-protection.ts
• packages/vue-start/package.json

[SyMind]

@codex review

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 66fc253

Command	Status	Duration	Result
nx affected --targets=test:eslint,test:unit,tes...	❌ Failed	12m 40s	View ↗
nx run-many --target=build --exclude=examples/*...	✅ Succeeded	2m 26s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-06-29 19:19:26 UTC

[pkg-pr-new]

More templates

• tanstack-router-vue-example-basic-jsx
• tanstack-router-vue-example-basic-file-based-jsx
• tanstack-router-vue-example-basic-file-based-sfc
• tanstack-router-solid-example-authenticated-routes
• tanstack-router-solid-example-authenticated-routes-firebase
• tanstack-router-solid-example-basic
• tanstack-router-solid-example-basic-default-search-params
• tanstack-router-solid-example-basic-devtools-panel
• tanstack-router-solid-example-basic-file-based
• tanstack-router-solid-example-basic-non-nested-devtools
• tanstack-router-solid-example-basic-solid-query
• tanstack-router-solid-example-basic-solid-query-file-based
• tanstack-router-solid-example-basic-ssr-file-based
• tanstack-router-solid-example-basic-ssr-streaming-file-based
• tanstack-router-solid-example-basic-virtual-file-based
• tanstack-router-solid-example-basic-virtual-inside-file-based
• tanstack-router-solid-example-deferred-data
• tanstack-router-solid-i18n-paraglide
• tanstack-router-solid-example-kitchen-sink
• tanstack-router-solid-example-kitchen-sink-file-based
• tanstack-router-solid-example-kitchen-sink-solid-query
• tanstack-router-solid-example-kitchen-sink-solid-query-file-based
• tanstack-router-solid-example-large-file-based
• tanstack-router-solid-example-location-masking
• tanstack-router-solid-example-navigation-blocking
• tanstack-router-solid-example-quickstart
• tanstack-router-solid-example-quickstart-esbuild-file-based
• tanstack-router-solid-example-quickstart-file-based
• tanstack-router-solid-example-quickstart-rspack-file-based
• tanstack-router-solid-example-quickstart-webpack-file-based
• @tanstack/router-solid-mono-simple
• router-solid-mono-simple-lazy
• router-solid-monorepo-solid-query
• tanstack-router-solid-example-scroll-restoration
• tanstack-solid-router-search-validator-adapters
• tanstack-solid-start-example-basic
• tanstack-solid-start-example-basic-auth
• tanstack-solid-start-example-basic-authjs
• tanstack-solid-start-example-basic-cloudflare
• tanstack-solid-start-example-basic-netlify
• tanstack-solid-start-example-basic-nitro
• tanstack-start-example-basic-solid-query
• tanstack-solid-start-example-basic-static
• tanstack-solid-start-bun-hosting
• tanstack-solid-start-example-convex-better-auth
• tanstack-solid-start-example-counter
• tanstack-solid-start-i18n-paraglide
• tanstack-solid-start-example-large
• tanstack-solid-start-streaming-data-from-server-functions
• tanstack-solid-start-example-supabase-basic
• tanstack-solid-start-tailwind-v4
• tanstack-router-solid-example-view-transitions
• tanstack-router-solid-example-with-framer-motion
• tanstack-router-solid-example-with-trpc
• tanstack-router-react-example-authenticated-routes
• tanstack-router-react-example-authenticated-routes-firebase
• tanstack-router-react-example-basic
• tanstack-router-react-example-basic-default-search-params
• tanstack-router-react-example-basic-devtools-panel
• tanstack-router-react-example-basic-file-based
• tanstack-router-react-example-basic-non-nested-devtools
• tanstack-router-react-example-react-query
• tanstack-router-react-example-basic-react-query-file-based
• tanstack-router-react-example-basic-ssr-file-based
• tanstack-router-react-example-basic-ssr-streaming-file-based
• tanstack-router-react-example-basic-virtual-file-based
• tanstack-router-react-example-basic-virtual-inside-file-based
• tanstack-router-react-example-deferred-data
• tanstack-router-i18n-paraglide
• tanstack-router-react-example-kitchen-sink
• tanstack-router-react-example-kitchen-sink-file-based
• tanstack-router-react-example-kitchen-sink-react-query
• tanstack-router-react-example-kitchen-sink-react-query-file-based
• tanstack-router-react-example-large-file-based
• tanstack-router-react-example-location-masking
• tanstack-router-react-example-navigation-blocking
• tanstack-router-react-example-quickstart
• tanstack-router-react-example-quickstart-esbuild-file-based
• tanstack-router-react-example-quickstart-file-based
• tanstack-router-react-example-quickstart-rspack-file-based
• tanstack-router-react-example-quickstart-webpack-file-based
• router-monorepo-react-query
• router-mono-simple
• router-mono-simple-lazy
• tanstack-router-react-example-scroll-restoration
• tanstack-search-validator-adapters
• tanstack-start-example-bare
• tanstack-start-example-basic
• tanstack-start-example-basic-auth
• tanstack-router-react-example-basic-authjs
• tanstack-start-example-basic-cloudflare
• tanstack-start-example-basic-react-query
• tanstack-start-example-basic-static
• tanstack-start-bun-hosting
• tanstack-start-example-clerk-basic
• tanstack-start-example-convex-trellaux
• tanstack-start-example-counter
• tanstack-start-i18n-paraglide
• tanstack-start-example-large
• tanstack-start-example-material-ui
• tanstack-start-example-rscs
• tanstack-start-streaming-data-from-server-functions
• tanstack-start-example-supabase-basic
• tanstack-start-tailwind-v4
• tanstack-start-example-trellaux
• tanstack-start-example-workos
• tanstack-router-react-example-view-transitions
• tanstack-router-react-example-with-framer-motion
• tanstack-router-react-example-with-trpc
• tanstack-router-react-example-with-trpc-react-query

@tanstack/arktype-adapter

npm i https://pkg.pr.new/@tanstack/arktype-adapter@7685

@tanstack/eslint-plugin-router

npm i https://pkg.pr.new/@tanstack/eslint-plugin-router@7685

@tanstack/eslint-plugin-start

npm i https://pkg.pr.new/@tanstack/eslint-plugin-start@7685

@tanstack/history

npm i https://pkg.pr.new/@tanstack/history@7685

@tanstack/nitro-v2-vite-plugin

npm i https://pkg.pr.new/@tanstack/nitro-v2-vite-plugin@7685

@tanstack/react-router

npm i https://pkg.pr.new/@tanstack/react-router@7685

@tanstack/react-router-devtools

npm i https://pkg.pr.new/@tanstack/react-router-devtools@7685

@tanstack/react-router-ssr-query

npm i https://pkg.pr.new/@tanstack/react-router-ssr-query@7685

@tanstack/react-start

npm i https://pkg.pr.new/@tanstack/react-start@7685

@tanstack/react-start-client

npm i https://pkg.pr.new/@tanstack/react-start-client@7685

@tanstack/react-start-rsc

npm i https://pkg.pr.new/@tanstack/react-start-rsc@7685

@tanstack/react-start-server

npm i https://pkg.pr.new/@tanstack/react-start-server@7685

@tanstack/router-cli

npm i https://pkg.pr.new/@tanstack/router-cli@7685

@tanstack/router-core

npm i https://pkg.pr.new/@tanstack/router-core@7685

@tanstack/router-devtools

npm i https://pkg.pr.new/@tanstack/router-devtools@7685

@tanstack/router-devtools-core

npm i https://pkg.pr.new/@tanstack/router-devtools-core@7685

@tanstack/router-generator

npm i https://pkg.pr.new/@tanstack/router-generator@7685

@tanstack/router-plugin

npm i https://pkg.pr.new/@tanstack/router-plugin@7685

@tanstack/router-ssr-query-core

npm i https://pkg.pr.new/@tanstack/router-ssr-query-core@7685

@tanstack/router-utils

npm i https://pkg.pr.new/@tanstack/router-utils@7685

@tanstack/router-vite-plugin

npm i https://pkg.pr.new/@tanstack/router-vite-plugin@7685

@tanstack/solid-router

npm i https://pkg.pr.new/@tanstack/solid-router@7685

@tanstack/solid-router-devtools

npm i https://pkg.pr.new/@tanstack/solid-router-devtools@7685

@tanstack/solid-router-ssr-query

npm i https://pkg.pr.new/@tanstack/solid-router-ssr-query@7685

@tanstack/solid-start

npm i https://pkg.pr.new/@tanstack/solid-start@7685

@tanstack/solid-start-client

npm i https://pkg.pr.new/@tanstack/solid-start-client@7685

@tanstack/solid-start-server

npm i https://pkg.pr.new/@tanstack/solid-start-server@7685

@tanstack/start-client-core

npm i https://pkg.pr.new/@tanstack/start-client-core@7685

@tanstack/start-fn-stubs

npm i https://pkg.pr.new/@tanstack/start-fn-stubs@7685

@tanstack/start-plugin-core

npm i https://pkg.pr.new/@tanstack/start-plugin-core@7685

@tanstack/start-server-core

npm i https://pkg.pr.new/@tanstack/start-server-core@7685

@tanstack/start-static-server-functions

npm i https://pkg.pr.new/@tanstack/start-static-server-functions@7685

@tanstack/start-storage-context

npm i https://pkg.pr.new/@tanstack/start-storage-context@7685

@tanstack/valibot-adapter

npm i https://pkg.pr.new/@tanstack/valibot-adapter@7685

@tanstack/virtual-file-routes

npm i https://pkg.pr.new/@tanstack/virtual-file-routes@7685

@tanstack/vue-router

npm i https://pkg.pr.new/@tanstack/vue-router@7685

@tanstack/vue-router-devtools

npm i https://pkg.pr.new/@tanstack/vue-router-devtools@7685

@tanstack/vue-router-ssr-query

npm i https://pkg.pr.new/@tanstack/vue-router-ssr-query@7685

@tanstack/vue-start

npm i https://pkg.pr.new/@tanstack/vue-start@7685

@tanstack/vue-start-client

npm i https://pkg.pr.new/@tanstack/vue-start-client@7685

@tanstack/vue-start-server

npm i https://pkg.pr.new/@tanstack/vue-start-server@7685

@tanstack/zod-adapter

npm i https://pkg.pr.new/@tanstack/zod-adapter@7685

commit: 66fc253

[codspeed-hq]

Merging this PR will improve performance by 10.42%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 3 improved benchmarks
❌ 1 regressed benchmark
✅ 140 untouched benchmarks

Warning

Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

	Mode	Benchmark	BASE	HEAD	Efficiency
❌	Memory	mem streaming-peak chunked (vue)	11.9 MB	12.3 MB	-3.27%
⚡	Memory	mem aborted-requests (solid)	2.4 MB	1.8 MB	+31.66%
⚡	Memory	mem aborted-requests (vue)	1,021 KB	912.1 KB	+11.93%
⚡	Memory	mem serialization-payload (solid)	6.8 MB	6.5 MB	+4.29%

Tip

Investigate this regression by commenting @codspeedbot fix this regression on this PR, or directly use the CodSpeed MCP with your agent.

---

_{Comparing SyMind:fix-tanstack-router-dev (66fc253) with main (ba52d2b)¹}

Footnotes

1. No successful run was found on main (bb2daa6) during the generation of this report, so ba52d2b was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[nx-cloud]

Nx Cloud has identified a possible root cause for your failed CI:

We investigated this failure and found it to be an environmental issue unrelated to the PR's changes. The test shard encountered EADDRINUSE: address already in use :::40891, meaning a stale process had already claimed the dynamically assigned port before the web server could start. A clean re-run should resolve this without any code changes needed.

No code changes were suggested for this issue.

You can trigger a rerun by pushing an empty commit:

git commit --allow-empty -m "chore: trigger rerun"
git push

View detailed reasoning on Nx Cloud ↗

_{🎓 Learn more about Self-Healing CI on nx.dev}