chore: migrate to pnpm and enable minimum release age#175
Open
chore: migrate to pnpm and enable minimum release age#175
Conversation
Migrates got-scraping from npm to pnpm and adds a 1-day minimum release age supply-chain guard at the package-manager layer (pnpm-workspace.yaml) and at the Renovate layer. Internal `@apify/*` and `@crawlee/*` packages are whitelisted at both layers. This repo previously had no Renovate config; a standard config is added now. Notable changes: - package.json: set packageManager to pnpm@10.24.0; bump engines node >=18 (was >=16; pnpm 10 needs Node 18+); "npm run" -> "pnpm" in scripts - pnpm-workspace.yaml: non-monorepo minimumReleaseAge settings only - .npmrc: node-linker=hoisted + link-workspace-packages=true + prefer-workspace-packages=true + public-hoist-pattern[]=* (last one ensures transitive types are visible to tsc like they were under npm's hoisted layout) - tsconfig.json: skipLibCheck: true (standard, suppresses ow/quick-lru d.ts incompatibilities with TS 5.9 lib types) - src/agent/wrapped-agent.ts + src/index.ts: two small casts to satisfy stricter type resolution under pnpm (npm happened to hide these mismatches via different node_modules layout; the same code paths at runtime) - New .github/actions/pnpm-install composite action (cached pnpm store, year-month + lockfile hash key — pattern from apify/apify-cli#1068) - CI workflows (check.yml, release.yaml, publish-to-npm.yaml): delegate install to the composite; use pnpm/pnpm publish --no-git-checks; Node matrix 18/20/22/24 - New renovate.json with minimumReleaseAge "1 day", internalChecksFilter "strict", and @apify/* + @crawlee/* whitelist Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
github-actions
bot
added
the
t-tooling
This was referenced Apr 14, 2026
Replaces the local .github/actions/pnpm-install composite copy with the shared one from apify/workflows@main. Identical behavior, less duplication.
…m release-age gate
Silences npm warnings about unknown options like node-linker; pnpm reads the same keys from pnpm-workspace.yaml in camelCase form.
Block accidental npm/yarn install — npm 10.5+ and pnpm 10.x both honor devEngines.packageManager and refuse to run when it doesn't match.
barjin
approved these changes
Apr 16, 2026
Member
barjin
left a comment
barjin
left a comment
There was a problem hiding this comment.
Lgtm, just one curious question ⬇️
|
|
||
| createConnection(options: NetConnectOpts, callback?: (err: Error | null, stream: Duplex) => void): Duplex { | ||
| return this.agent.createConnection(options, callback); | ||
| return this.agent.createConnection(options, callback) as Duplex; |
Member
There was a problem hiding this comment.
Why does the package manager migration require a cast in the code?
Member
Author
There was a problem hiding this comment.
The lockfile regeneration during the pnpm migration resolved a newer @types/node where agent.createConnection() returns Duplex | null | undefined instead of just Duplex. Without the cast, tsc fails:
Type 'Duplex | null | undefined' is not assignable to type 'Duplex'.
The newer typing is more correct (the underlying Node API can return null/undefined), so the cast is the right fix here.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
devEngines.packageManager breaks pnpm commands that delegate to npm (pnpm version, pnpm pkg set, etc). Use the battle-tested only-allow approach instead (same as Vite, Vue, Astro).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Part of the org-wide supply-chain hardening + pnpm migration. Migrates got-scraping from npm to pnpm and adds a 1-day minimum release age guard at two layers:
minimumReleaseAge: 1440inpnpm-workspace.yamlblocks installs of versions < 1 day oldminimumReleaseAge: "1 day"delays PR creation@apify/*and@crawlee/*excluded at both layersThis repo previously had no Renovate config; a standard one is added.
Changes
package.json:packageManager: pnpm@10.24.0;engines.node >= 18(pnpm 10 requires Node 18+, was>=16);npm run→pnpmin scriptspnpm-workspace.yaml: non-monorepo minimum release age settings only.npmrc:node-linker=hoisted,link-workspace-packages=true,prefer-workspace-packages=true,public-hoist-pattern[]=*(the last one mirrors npm's transitive-type hoisting so tsc sees the same types)tsconfig.json:skipLibCheck: true(standard; suppresses ow/quick-lru.d.tsincompatibilities with TS 5.9'sMapIteratorlib types)src/agent/wrapped-agent.ts+src/index.ts: two small casts — same runtime behavior, satisfy stricter type resolution under pnpm that npm's hoisting happened to hide.github/actions/pnpm-installcomposite action (cached pnpm store, keyed by year-month + lockfile hash — pattern from chore: move to pnpm from yarn apify-cli#1068)pnpm publish --no-git-checks; Node matrix now 18/20/22/24renovate.jsonwithminimumReleaseAge "1 day",internalChecksFilter "strict",@apify/*+@crawlee/*whitelist🤖 Generated with Claude Code