Sdk metamask #2594
Sdk metamask #2594
Conversation
This workflow automates the testing and publishing of Node.js packages to GitHub Packages upon release creation.
Add workflow for testing and publishing Node.js packages
|
@Addausi is attempting to deploy a commit to the Consensys Team on Vercel. A member of the Team first needs to authorize it. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| - run: npm ci | ||
| - run: npm publish | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} |
There was a problem hiding this comment.
Workflow publishes private package that cannot be published
This workflow attempts to run npm publish to publish the package to GitHub Packages, but package.json has "private": true which prevents npm publishing. This documentation repository is not intended to be published as an npm package. The npm publish command would fail with an error on every release. This appears to be a copy-pasted GitHub workflow template that doesn't apply to this project.
| with: | ||
| node-version: 20 | ||
| - run: npm ci | ||
| - run: npm test |
There was a problem hiding this comment.
Workflow calls npm test but no test script exists
The build job runs npm test, but package.json has no test script defined in the scripts section. This would cause the workflow to fail with "missing script: test" error. This further confirms the workflow is a copy-pasted template that wasn't adapted for this project.
| - name: Build | ||
| run: | | ||
| npm install | ||
| grunt |
There was a problem hiding this comment.
Workflow uses Grunt but project doesn't have Grunt
The workflow runs grunt as a build step, but the project is a Docusaurus site with no Grunt dependency. The package.json shows this project uses npm run build (docusaurus build) and has no grunt or grunt-cli packages installed. This workflow will fail immediately when triggered with "command not found: grunt".
|
|
||
| strategy: | ||
| matrix: | ||
| node-version: [18.x, 20.x, 22.x] |
There was a problem hiding this comment.
Node version matrix conflicts with project's engine requirement
The workflow matrix tests Node versions 18.x, 20.x, and 22.x, but the project's package.json specifies "engines": { "node": "20.x" }. This means 2 out of 3 matrix configurations (18.x and 22.x) run against unsupported Node versions, which could produce misleading CI results - either false passes on unsupported runtimes or failures that aren't actual bugs.
|
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. |
There was a problem hiding this comment.
SECURITY.md contains unmodified template with wrong versions
This file appears to be a GitHub template that wasn't customized. It references versions 5.1.x, 5.0.x, and 4.0.x, but the actual package version is 1.0.0. The placeholder instructions ("Use this section to tell people...") were left unchanged, which could confuse users trying to report security vulnerabilities.
1 participant
Description
Issue(s) fixed
Fixes #
Preview
Checklist
External contributor checklist
Note
Introduces CI/CD and project metadata setup.
npm-grunt.ymlto build with Grunt across Node18.x/20.x/22.x, andnpm-publish-github-packages.ymlto run tests on release and publish to GitHub Packages.devcontainer/devcontainer.jsonusingmcr.microsoft.com/devcontainers/universal:2SECURITY.mdwith supported versions and vulnerability reporting guidanceWritten by Cursor Bugbot for commit c890c76. This will update automatically on new commits. Configure here.