Main -> Develop

[cowdan]

Summary by CodeRabbit

• New Features

  • Added a new token list source for Ethereum mainnet, expanding token coverage.
  • Introduced support for Avalanche bridge integration.
  • Enhanced wallet connection logic to disable MetaMask SDK when an injected provider exists or on mobile devices.

• Bug Fixes

  • Removed COW token from default Polygon favorites due to lack of liquidity.
  • Fixed naming inconsistencies and UI flickering in explorer and bridge components.

• Improvements

  • Updated wallet connection options to improve MetaMask handling and display logic.
  • Refactored environment variable handling for app data configuration.
  • Explicitly defined return types for several functions to enhance code reliability.
  • Explorer now respects environment settings for navigation consistency.

• Chores

  • Updated dependencies to the latest versions for improved stability and features.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
cowfi	✅ Ready (Inspect)	Visit Preview	Aug 7, 2025 4:25pm
explorer-dev	✅ Ready (Inspect)	Visit Preview	Aug 7, 2025 4:25pm
swap-dev	✅ Ready (Inspect)	Visit Preview	Aug 7, 2025 4:25pm

3 Skipped Deployments

Name	Status	Preview	Updated (UTC)
cosmos	⬜️ Ignored (Inspect)		Aug 7, 2025 4:25pm
sdk-tools	⬜️ Ignored (Inspect)	Visit Preview	Aug 7, 2025 4:25pm
widget-configurator	⬜️ Ignored (Inspect)	Visit Preview	Aug 7, 2025 4:25pm

[coderabbitai]

Walkthrough

This update modifies environment variable handling for app data, refactors related TypeScript utilities, updates wallet connection logic, adjusts the default favorite tokens for Polygon, adds a new Ethereum token list source, and bumps dependencies. Several exported functions now have explicit return types, and some imports are cleaned up or added.

Changes

Cohort / File(s)	Change Summary
Environment Variables Cleanup apps/cowswap-frontend/.env	Environment variables for full app data per environment are now empty, replacing previous JSON strings.
App Data Utilities Refactor apps/cowswap-frontend/src/modules/appData/utils/fullAppData.ts	Refactored to use a record object for environment-to-app data mapping, centralized default app data, and added explicit return types for exported functions.
Wallet Connection UI Logic apps/cowswap-frontend/src/modules/wallet/containers/ConnectWalletOptions.tsx	Conditionally renders MetaMask SDK option based on provider presence and device type; all injected providers are now rendered. Explicit return types added.
Polygon Favorite Tokens Update libs/tokens/src/const/defaultFavoriteTokens.ts	Removes COW token from Polygon's default favorites due to lack of liquidity; import removed and explanatory comment added.
Ethereum Token List Source Addition libs/tokens/src/const/tokensList.json	Adds a new token list source for Ethereum mainnet (priority 4).
Wallet Hook Return Type libs/wallet/src/web3-react/Web3Provider/hooks/useEagerlyConnect.ts	Adds explicit void return type to the useEagerlyConnect hook.
MetaMask SDK Option Return Type libs/wallet/src/web3-react/connection/metaMaskSdk.tsx	Adds explicit ReactNode return type to MetaMaskSdkOption and its import.
Dependency Updates package.json	Updates @cowprotocol/app-data to ^3.3.0 and @cowprotocol/cow-sdk to 6.1.0-RC.0.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ConnectWalletOptions
    participant MetaMaskSdkOption
    participant InjectedOptions

    User->>ConnectWalletOptions: Render wallet options
    ConnectWalletOptions->>InjectedOptions: Render injected providers
    InjectedOptions-->>ConnectWalletOptions: Render all providers (including MetaMask)
    alt No injected MetaMask & not mobile
        ConnectWalletOptions->>MetaMaskSdkOption: Render MetaMask SDK option
    else
        ConnectWalletOptions->>MetaMaskSdkOption: Render null
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~15 minutes

Suggested labels

RELEASE

Suggested reviewers

• alfetopito
• elena-zh
• shoom3301

Poem

A rabbit hopped through fields of code,
Tidying tokens where they flowed.
With wallet tweaks and data neat,
New sources make the lists complete.
Dependencies fresh, return types clear—
The garden’s ready for a brand new year!
🐇✨

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 08ba610 and 773e2bb.

📒 Files selected for processing (15)

• .release-please-manifest.json (1 hunks)
• apps/cowswap-frontend/CHANGELOG.md (1 hunks)
• apps/cowswap-frontend/package.json (1 hunks)
• apps/explorer/CHANGELOG.md (1 hunks)
• apps/explorer/package.json (1 hunks)
• libs/common-const/CHANGELOG.md (1 hunks)
• libs/common-const/package.json (1 hunks)
• libs/common-utils/CHANGELOG.md (1 hunks)
• libs/common-utils/package.json (1 hunks)
• libs/permit-utils/CHANGELOG.md (1 hunks)
• libs/permit-utils/package.json (1 hunks)
• libs/tokens/CHANGELOG.md (1 hunks)
• libs/tokens/package.json (1 hunks)
• libs/wallet/CHANGELOG.md (1 hunks)
• libs/wallet/package.json (1 hunks)

✅ Files skipped from review due to trivial changes (15)

• libs/tokens/CHANGELOG.md
• libs/wallet/package.json
• libs/permit-utils/package.json
• libs/wallet/CHANGELOG.md
• libs/common-utils/package.json
• apps/explorer/package.json
• libs/tokens/package.json
• libs/common-const/package.json
• libs/common-const/CHANGELOG.md
• libs/permit-utils/CHANGELOG.md
• libs/common-utils/CHANGELOG.md
• apps/explorer/CHANGELOG.md
• apps/cowswap-frontend/package.json
• .release-please-manifest.json
• apps/cowswap-frontend/CHANGELOG.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: Vercel pre-prod (staging) / build_and_deploy
• GitHub Check: Vercel pre-prod (barn) / build_and_deploy
• GitHub Check: IPFS
• GitHub Check: Cypress
• GitHub Check: Setup
• GitHub Check: release-please

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	protobufjs@​6.11.3
	pbkdf2@​3.1.2
	elliptic@​6.5.4
	form-data@​4.0.2 ⏵ 2.3.3	+1
	has@​1.0.3
	side-channel@​1.1.0 ⏵ 1.0.4	+1		-21
	hasown@​2.0.2
	has-proto@​1.0.1
	gopd@​1.0.1
	has-tostringtag@​1.0.0
	has-property-descriptors@​1.0.2
	safer-buffer@​2.1.2
	set-function-length@​1.2.2
	array-flatten@​1.1.1
	available-typed-arrays@​1.0.5
	es6-symbol@​3.1.3
	indent-string@​4.0.0
	es-define-property@​1.0.0
	json-rpc-random-id@​1.0.1
	is-arguments@​1.1.1
	is-generator-function@​1.0.10
	function-bind@​1.1.1
	is-core-module@​2.15.1
	for-each@​0.3.3
	object-assign@​4.1.1
	is-typed-array@​1.1.12
	xhr-request-promise@​0.1.3
	setimmediate@​1.0.5
	@​types/​responselike@​1.0.0
	tr46@​0.0.3
	@​protobufjs/​inquire@​1.1.0
	dom-walk@​0.1.2
	forever-agent@​0.6.1
See 337 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		[email protected] has a Critical CVE. CVE: GHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) (CRITICAL) Affected versions: < 6.6.1 Patched version: 6.6.1 From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a Critical CVE. CVE: GHSA-h7cp-r72f-jxh6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos (CRITICAL) Affected versions: >= 3.0.10 < 3.1.3 Patched version: 3.1.3 From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a Critical CVE. CVE: GHSA-v62p-rq8g-8h59 pbkdf2 silently disregards Uint8Array input, returning static keys (CRITICAL) Affected versions: < 3.1.3 Patched version: 3.1.3 From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a Critical CVE. CVE: GHSA-h755-8qp9-cq85 protobufjs Prototype Pollution vulnerability (CRITICAL) Affected versions: >= 7.0.0 < 7.2.5; >= 6.10.0 < 6.11.4 Patched version: 6.11.4 From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] is Protestware or potentially unwanted behavior. Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] is Protestware or potentially unwanted behavior. Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

libs/wallet/src/web3-react/Web3Provider/hooks/useEagerlyConnect.ts (1)

35-35: LGTM! Consider applying consistent typing to other functions.

The explicit void return type annotation improves type safety and aligns with TypeScript best practices.

However, for consistency, consider adding explicit return type annotations to the connect function (lines 18-32) as well, which currently has a TODO comment indicating this need.

-// TODO: Add proper return type annotation
-// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
-async function connect(connector: Connector) {
+async function connect(connector: Connector): Promise<void> {

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f5b5a0 and 08ba610.

⛔ Files ignored due to path filters (2)

• apps/cowswap-frontend/src/modules/twap/services/__snapshots__/createTwapOrderTxs.test.ts.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (8)

• apps/cowswap-frontend/.env (1 hunks)
• apps/cowswap-frontend/src/modules/appData/utils/fullAppData.ts (1 hunks)
• apps/cowswap-frontend/src/modules/wallet/containers/ConnectWalletOptions.tsx (3 hunks)
• libs/tokens/src/const/defaultFavoriteTokens.ts (1 hunks)
• libs/tokens/src/const/tokensList.json (1 hunks)
• libs/wallet/src/web3-react/Web3Provider/hooks/useEagerlyConnect.ts (1 hunks)
• libs/wallet/src/web3-react/connection/metaMaskSdk.tsx (2 hunks)
• package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: alfetopito
PR: cowprotocol/cowswap#5992
File: libs/wallet/src/web3-react/utils/switchChain.ts:36-38
Timestamp: 2025-08-05T14:27:05.023Z
Learning: In libs/wallet/src/web3-react/utils/switchChain.ts, the team prefers using Record<SupportedChainId, string | null> over Partial<Record<SupportedChainId, string>> for WALLET_RPC_SUGGESTION to enforce that all supported chain IDs have explicit values set, even if some might be null. This ensures compile-time completeness checking.

📚 Learning: the swap module in apps/cowswap-frontend/src/modules/swap/ is marked for deletion in pr #5444 as par...

Learnt from: shoom3301
PR: cowprotocol/cowswap#5443
File: apps/cowswap-frontend/src/modules/swap/containers/ConfirmSwapModalSetup/index.tsx:71-71
Timestamp: 2025-02-20T15:59:33.749Z
Learning: The swap module in apps/cowswap-frontend/src/modules/swap/ is marked for deletion in PR #5444 as part of the swap widget unification effort.

Applied to files:

• apps/cowswap-frontend/.env

📚 Learning: the team accepts using native_currency_address as a temporary placeholder for cow token contract add...

Learnt from: cowdan
PR: cowprotocol/cowswap#5715
File: libs/common-const/src/tokens.ts:539-555
Timestamp: 2025-05-26T12:39:29.009Z
Learning: The team accepts using NATIVE_CURRENCY_ADDRESS as a temporary placeholder for COW token contract addresses on new networks (Polygon, Avalanche) until actual COW contracts are deployed.

Applied to files:

• libs/tokens/src/const/defaultFavoriteTokens.ts

📚 Learning: token lists for cow swap are maintained in a separate repository at https://github.com/cowprotocol/t...

Learnt from: alfetopito
PR: cowprotocol/cowswap#5992
File: libs/tokens/src/const/tokensList.json:135-167
Timestamp: 2025-07-18T08:07:55.497Z
Learning: Token lists for CoW Swap are maintained in a separate repository at https://github.com/cowprotocol/token-lists, not in the main cowswap repository. Issues related to missing token lists should be tracked in the token-lists repository.

Applied to files:

• libs/tokens/src/const/defaultFavoriteTokens.ts
• libs/tokens/src/const/tokensList.json

📚 Learning: on polygon, the native usdc address is 0x3c499c542cef5e3811e1192ce70d8cc03d5c3359, while 0x2791bca1f...

Learnt from: cowdan
PR: cowprotocol/cowswap#5715
File: libs/common-const/src/tokens.ts:378-407
Timestamp: 2025-05-26T12:45:05.113Z
Learning: On Polygon, the native USDC address is 0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359, while 0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174 is the bridged USDC. The native USDC should be preferred over the bridged version for token definitions.

Applied to files:

• libs/tokens/src/const/defaultFavoriteTokens.ts

📚 Learning: in libs/wallet/src/web3-react/utils/switchchain.ts, the team prefers using record

Learnt from: alfetopito
PR: cowprotocol/cowswap#5992
File: libs/wallet/src/web3-react/utils/switchChain.ts:36-38
Timestamp: 2025-08-05T14:27:05.023Z
Learning: In libs/wallet/src/web3-react/utils/switchChain.ts, the team prefers using Record<SupportedChainId, string | null> over Partial<Record<SupportedChainId, string>> for WALLET_RPC_SUGGESTION to enforce that all supported chain IDs have explicit values set, even if some might be null. This ensures compile-time completeness checking.

Applied to files:

• libs/wallet/src/web3-react/Web3Provider/hooks/useEagerlyConnect.ts
• apps/cowswap-frontend/src/modules/wallet/containers/ConnectWalletOptions.tsx
• apps/cowswap-frontend/src/modules/appData/utils/fullAppData.ts
• libs/wallet/src/web3-react/connection/metaMaskSdk.tsx

📚 Learning: jsx can be imported as a named export from react in modern react versions (react 17+). the import `i...

Learnt from: alfetopito
PR: cowprotocol/cowswap#5830
File: apps/cowswap-frontend/src/modules/trade/containers/TradeWidget/index.tsx:1-2
Timestamp: 2025-06-16T15:58:00.268Z
Learning: JSX can be imported as a named export from React in modern React versions (React 17+). The import `import { JSX } from 'react'` is valid and does not cause compilation errors.

Applied to files:

• libs/wallet/src/web3-react/connection/metaMaskSdk.tsx

🧬 Code Graph Analysis (2)

apps/cowswap-frontend/src/modules/wallet/containers/ConnectWalletOptions.tsx (3)

libs/common-utils/src/userAgent.ts (1)

• isMobile (40-40)

libs/wallet/src/web3-react/connection/metaMaskSdk.tsx (1)

• MetaMaskSdkOption (45-56)

libs/wallet/src/index.ts (1)

• MetaMaskSdkOption (53-53)

apps/cowswap-frontend/src/modules/appData/utils/fullAppData.ts (2)

libs/common-utils/src/environments.ts (2)

• EnvironmentName (77-77)
• environmentName (79-97)

apps/cowswap-frontend/src/modules/appData/types.ts (1)

• AppDataInfo (4-9)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Setup
• GitHub Check: Cypress

🔇 Additional comments (16)

libs/wallet/src/web3-react/connection/metaMaskSdk.tsx (2)

1-1: LGTM! Proper ReactNode import added.

The ReactNode import is correctly added to support the explicit return type annotation.

---

45-45: LGTM! Explicit return type improves type safety.

The explicit ReactNode return type annotation enhances type safety and aligns with TypeScript best practices for React components.

apps/cowswap-frontend/src/modules/wallet/containers/ConnectWalletOptions.tsx (3)

26-26: LGTM! Explicit return type improves type safety.

The explicit ReactNode return type annotation enhances type safety and maintains consistency with other React components in the codebase.

---

38-42: LGTM! Improved MetaMask SDK option logic.

The conditional rendering logic correctly prevents duplicate MetaMask options by:

• Checking for existing injected MetaMask providers (hasInjectedMetaMask)
• Avoiding SDK option on mobile devices where it's not needed
• Only showing the SDK option when no native MetaMask injection is detected

This provides a better user experience by avoiding redundant wallet connection options.

---

88-88: LGTM! Consistent return type annotation.

The explicit ReactNode return type maintains consistency with the parent component and improves type safety.

package.json (2)

77-77: LGTM!

The minor version bump from ^3.2.0 to ^3.3.0 aligns with the app data refactoring seen in the codebase.

---

81-81: LGTM!

The SDK version update from 6.0.0-RC.80 to 6.1.0-RC.0 appears to be a coordinated update with the app data changes.

libs/tokens/src/const/tokensList.json (1)

16-20: Ondo Protocol Token List URL Verified

• File: libs/tokens/src/const/tokensList.json (lines 16–20)
  The URL responds with HTTP 200 and returns valid JSON as expected.
  No further changes needed.

libs/tokens/src/const/defaultFavoriteTokens.ts (1)

96-102: LGTM!

Good decision to remove COW_TOKEN_POLYGON from default favorites due to lack of liquidity. The explanatory comment provides helpful context for future maintainers.

apps/cowswap-frontend/.env (1)

63-69: LGTM!

Clearing the app data environment variables aligns well with the refactoring in fullAppData.ts where app data is now managed programmatically with proper fallbacks. This approach is more maintainable than embedding JSON strings in environment variables.

apps/cowswap-frontend/src/modules/appData/utils/fullAppData.ts (6)

1-1: LGTM!

Good addition of the import for LATEST_APP_DATA_VERSION from the updated @cowprotocol/app-data package, replacing hardcoded version values.

---

4-4: LGTM!

The relative import path suggests proper file organization.

---

26-28: Good addition of explicit return type.

Adding AppDataInfo return type annotation improves code clarity and follows TypeScript best practices.

---

30-34: Good addition of explicit return type.

Adding void return type annotation for this side-effect function is appropriate and follows TypeScript best practices.

---

36-38: LGTM!

The simplified lookup using the APP_DATA_PER_ENV record with fallback to DEFAULT_FULL_APP_DATA is clean and efficient.

---

40-44: Well-designed helper function.

The addEnvToDefaultAppData function properly extends the default app data object with environment information and returns a properly serialized JSON string. The shallow copy with spread operator is appropriate here.

[coderabbitai]

🛠️ Refactor suggestion

Excellent refactoring using Record type for environment mapping.

The replacement of the switch statement with APP_DATA_PER_ENV record is much cleaner and more maintainable. The use of Record<EnvironmentName, string> ensures compile-time completeness checking, which aligns with the team's preference for explicit type coverage (as seen in previous learnings about Record<SupportedChainId, string | null>).

The fallback mechanism with addEnvToDefaultAppData provides robust default behavior when environment variables are not set.

🤖 Prompt for AI Agents

In apps/cowswap-frontend/src/modules/appData/utils/fullAppData.ts around lines 8
to 19, the code is already well-refactored by replacing the switch statement
with a Record type mapping for environment data, ensuring type safety and
maintainability. No changes are needed as the current implementation meets the
team's standards and includes a proper fallback mechanism.