Npm artifact validation

[jonathannorris]

Add a new CI job and script to validate the actual npm tarball, ensuring the published artifact is correctly packaged and functional.

The existing CI only tested the source code. This change introduces a direct validation of the npm pack generated tarball, verifying its contents and ensuring it can be installed and imported correctly by consumers using both ESM and CommonJS, thus preventing issues with the actual published package.

  

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's continuous integration by adding a crucial step to validate the integrity and functionality of the npm package artifact. By simulating a consumer's environment and testing both ESM and CommonJS imports, it ensures that the distributed package will work as expected, thereby improving reliability and preventing post-release issues.

Highlights

• New CI Job for NPM Artifact Validation: A new CI job and script have been introduced to directly validate the npm tarball, ensuring the published artifact is correctly packaged and functional.
• Comprehensive Artifact Verification: The new validation process verifies the contents of the npm pack generated tarball, ensuring it can be installed and imported correctly by consumers using both ESM and CommonJS.
• Prevention of Publication Issues: This change aims to prevent issues with the actual published package by catching packaging or compatibility problems before release, which were not covered by previous source code-only tests.

Changelog

• package.json
  • Added a new validate:npm-artifact script to trigger the npm artifact validation process.
• scripts/validate-npm-artifact.mjs
  • Created a new Node.js script to perform comprehensive validation of the npm package artifact.
  • Implemented logic to build the workspace package, pack it, and assert its file contents.
  • Included tests for installing the packed artifact in a temporary consumer environment.
  • Added checks to verify successful import and functionality for both ESM and CommonJS module systems.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/ci.yml

Activity

• No activity has been recorded yet for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a valuable validation script for the npm artifact, which is a great step towards ensuring package quality. The script is well-written. I have two suggestions to enhance it further: one to improve robustness by dynamically reading the package name, and another to improve the debugging experience by preserving temporary files on failure.

[gemini-code-assist]

The package name is hardcoded. It's better to read it from the package.json file to make this script more robust against future changes to the package name. This requires using top-level await and importing readFile from node:fs/promises.

First, update your import on line 3:

import { mkdtemp, mkdir, readFile, rm, writeFile } from 'node:fs/promises';

Then, you can replace this line with the following:

const { name: packageName } = JSON.parse(await readFile(join(packageDir, 'package.json'), 'utf-8'));

[gemini-code-assist]

The finally block cleans up the temporary directory even if the script fails. This makes debugging difficult because the artifacts that caused the failure are deleted. It's better to preserve the temporary directory on failure and log its path.

Consider changing the structure from try...finally to try...catch and moving the cleanup to only run on success. For example:

  try {
    // ... validation logic from lines 105-139
  } catch (error) {
    console.error(`\nValidation failed. To debug, check the contents of the temporary directory: ${tempRoot}\n`);
    throw error;
  }

  // Cleanup only on success
  await rm(tempRoot, { force: true, recursive: true });

This change would involve refactoring the try...finally block starting at line 104.