Add pre-merge check for non-locked packages (Fixes #50604) #50613

harshasiddartha · 2025-11-01T11:16:30Z

Description

This PR adds a pre-merge check to ensure that all packages in package.json files use specific versions instead of range specifiers (^, ~, >=, <=, >, <, *, x, latest, etc.).

Changes

✅ Added scripts/check-package-versions.js script that:
- Scans all package.json files in the repository
- Checks dependencies, devDependencies, peerDependencies, and optionalDependencies
- Detects range specifiers and reports violations
- Provides warnings for engines field (which typically allows ranges)
✅ Added check-package-versions script to package.json scripts section
✅ Added GitHub Actions workflow job checkPackageVersions to .github/workflows/pull_request.yml:
- Runs on PR open, reopen, and synchronize events
- Fails the CI if any package.json files contain range specifiers
- Uses Node.js 24 (matching the project's engine requirement)

Testing

✅ Script successfully validates existing package.json files
✅ Current package.json already uses specific versions (chalk: 4.1.2)
✅ Script correctly identifies range specifiers when tested

Related Issue

Fixes #50604

Checklist

Code follows the project's style guidelines
Tests have been added/updated
Documentation has been updated (if needed)
All existing tests pass
No new warnings introduced

- Add check-package-versions.js script to validate package.json files - Script checks dependencies, devDependencies, peerDependencies, and optionalDependencies - Detects range specifiers (^, ~, >=, <=, >, <, *, x, latest, etc.) - Add check-package-versions script to package.json - Add GitHub Actions workflow job to run check on PRs - Fixes brave#50604

diracdeltas · 2025-11-01T23:46:54Z

@mihaiplesa PTAL as i think you may have started working on this

mihaiplesa · 2025-11-05T19:07:04Z

@harshasiddartha thank you for the contribution but we've chosen a different approach so closing this.

harshasiddartha requested a review from a team as a code owner November 1, 2025 11:16

This comment was marked as spam.

Sign in to view

mihaiplesa closed this Nov 5, 2025

This comment was marked as spam.

Sign in to view

brave locked as spam and limited conversation to collaborators Nov 13, 2025

Add pre-merge check for non-locked packages (Fixes #50604) #50613

Add pre-merge check for non-locked packages (Fixes #50604) #50613

Conversation

harshasiddartha commented Nov 1, 2025

Description

Changes

Testing

Related Issue

Checklist

Uh oh!

diracdeltas commented Nov 1, 2025

Uh oh!

This comment was marked as spam.

mihaiplesa commented Nov 5, 2025

Uh oh!

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

This comment was marked as spam.

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants