chore(deps): dedupe vite to @voidzero-dev/vite-plus-core

[fengmk2]

Problem

A redundant standalone vite@8.0.0 was being installed even though the Vite+ toolchain bundles its own vite via @voidzero-dev/vite-plus-core. vp why vite showed real vite pulled in by @voidzero-dev/vite-plus-test, vite-plus, and @vitest/coverage-v8.

The existing pnpm-workspace.yaml overrides entry could not eliminate it: vite is only ever declared as a peerDependency (^6 || ^7 || ^8) in this tree, and with autoInstallPeers: true pnpm resolves that peer straight from its range — bypassing overrides, which only rewrite declared dependency edges.

Fix

• Declare vite as a direct devDependency aliased to @voidzero-dev/vite-plus-core. This gives the toolchain peers a root-level vite provider to dedupe onto, so no separate real vite is auto-installed.
• The existing peerDependencyRules.allowAny: [vite, vitest] relaxes the ^6||^7||^8 vs 0.1.x range check so vite-plus-core is accepted.
• The overrides entry is kept as a safety net for any future regular (non-peer) transitive dep on vite.

Also simplifies minimumReleaseAgeExclude from 11 enumerated entries to the @voidzero-dev/* glob plus vite-plus (pnpm supports glob patterns since 10.16).

Verification

• vp why vite → resolves only to @voidzero-dev/vite-plus-core@0.1.23; no standalone vite in the graph
• grep -c "vite@8.0.0" pnpm-lock.yaml → 0 (was a ~300-line subtree)
• Clean reinstall leaves no node_modules/.pnpm/vite@8* directory
• vp check (fmt + lint + typecheck): pass
• Smoke test test/diagnostics_channel.test.ts: 5/5 pass

Summary by CodeRabbit

• Chores
  • Updated development dependencies to latest versions for improved build tooling performance.
  • Streamlined workspace configuration to simplify package management.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1d88f773-d030-4ad3-87c2-a517e826a7b2

📥 Commits

Reviewing files that changed from the base of the PR and between 9f1916e and 0a065bd.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• package.json
• pnpm-workspace.yaml

---

📝 Walkthrough

Walkthrough

This PR adds a vite devDependency alias pointing to @voidzero-dev/vite-plus-core@^0.1.23 and simplifies workspace release exclusion rules by replacing explicit @voidzero-dev/vite-plus-* package names with a single @voidzero-dev/* wildcard pattern.

Changes

Vite-Plus-Core Toolchain Setup

Layer / File(s)	Summary
Vite-Plus-Core dependency alias and workspace exclusion package.json, pnpm-workspace.yaml	Vite devDependency is aliased to @voidzero-dev/vite-plus-core@^0.1.23, and workspace minimumReleaseAgeExclude is consolidated from an enumerated list of vite-plus variants to a single namespace wildcard @voidzero-dev/*.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• node-modules/urllib#783: Both PRs update vite-plus/vite-plus-core versions and workspace minimumReleaseAgeExclude rules in package.json and pnpm-workspace.yaml.
• node-modules/urllib#752: Both PRs adjust @voidzero-dev Vite toolchain wiring by adding or updating vite-plus-core dependency configuration.
• node-modules/urllib#647: Both PRs integrate Vite+ by adding or overriding vite to point to @voidzero-dev/vite-plus-core.

Poem

🐰 A vite alias so neat and true,
Wildcard patterns make work anew,
The namespace spreads with a single star,
Dependency dance, both near and far! ⭐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: adding vite as an aliased devDependency to @voidzero-dev/vite-plus-core to prevent duplicate installations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/dedupe-vite-to-vite-plus-core

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/node-modules/urllib@797

commit: 0a065bd

[gemini-code-assist]

Code Review

This pull request adds the 'vite' dependency mapped to 'npm:@voidzero-dev/vite-plus-core@^0.1.23' in package.json, simplifies the 'minimumReleaseAgeExclude' list in pnpm-workspace.yaml using a wildcard pattern for '@voidzero-dev/*', and updates the pnpm-lock.yaml file accordingly, which cleans up several unused transitive dependencies. There are no review comments, and I have no feedback to provide.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.65%. Comparing base (9f1916e) to head (0a065bd).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #797   +/-   ##
=======================================
  Coverage   94.65%   94.65%           
=======================================
  Files          10       10           
  Lines         730      730           
  Branches      228      228           
=======================================
  Hits          691      691           
  Misses         36       36           
  Partials        3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Eliminates a redundant standalone vite@8.0.0 install by aliasing a root-level vite devDependency to @voidzero-dev/vite-plus-core, so peer resolution dedupes onto the Vite+ core package. Also simplifies the minimumReleaseAgeExclude list to a glob.

Changes:

• Add vite devDependency aliased to @voidzero-dev/vite-plus-core@^0.1.23 in package.json.
• Replace 10 enumerated @voidzero-dev/* entries in pnpm-workspace.yaml's minimumReleaseAgeExclude with the @voidzero-dev/* glob.
• Update pnpm-lock.yaml to dedupe onto @voidzero-dev/vite-plus-core@0.1.23, removing the standalone vite@8.0.0, rolldown@1.0.0-rc.9, @emnapi/*, @rolldown/*, and related subtrees.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File	Description
package.json	Adds aliased vite devDependency pointing at vite-plus-core.
pnpm-workspace.yaml	Collapses per-package excludes into @voidzero-dev/* glob.
pnpm-lock.yaml	Re-resolves vite-plus / vitest peer deps onto vite-plus-core and drops the standalone vite/rolldown subtrees.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.