chore: fix-packagejson

[ryanbas21]

JIRA Ticket

n/a

Description

Fix the repository settings in package.json for provenance.

Summary by CodeRabbit

• Chores
  • Updated repository metadata for the journey-client package to improve package discovery and source attribution (added repository type, URL, and directory fields).

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5d6747a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7b342a32-96a8-45d5-9220-80729e75e8e7

📥 Commits

Reviewing files that changed from the base of the PR and between a7dea24 and 5d6747a.

📒 Files selected for processing (1)

• packages/journey-client/package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/journey-client/package.json

---

📝 Walkthrough

Walkthrough

Added a repository object to packages/journey-client/package.json with type, url, and directory fields; no other functional or dependency changes.

Changes

Cohort / File(s)	Summary
Package Manifest packages/journey-client/package.json	Added repository object: type: "git", url: "git+https://github.com/ForgeRock/ping-javascript-sdk.git", directory: "packages/journey-client". No changes to dependencies, exports, or main/module/types.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore: version-2-make-private-packages-public #502: Modifies packages/journey-client/package.json (removes "private": true); related metadata changes to the same manifest.

Suggested reviewers

• cerebrl
• ancheetah

Poem

🐇
I nibbled at JSON, neat and bright,
Planted a repo link by moonlight,
A small hop here, a tiny cheer,
Journey-client now knows where to steer,
🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'chore: fix-packagejson' is vague and uses a non-descriptive term that doesn't clearly convey what was changed; it lacks specificity about which package or what aspect of package.json was fixed.	Use a more descriptive title like 'chore: add repository metadata to journey-client package.json' to clearly indicate what was fixed and in which package.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description follows the required template structure with JIRA Ticket and Description sections, providing a brief explanation of the changes for provenance purposes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-repository-packagejson

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/journey-client/package.json`:
- Around line 39-40: Remove "vitest" and "vitest-canvas-mock" entries from the
dependencies section of package.json and ensure they remain declared under
devDependencies (they're already present there); update the lockfile by running
your package manager (npm/yarn/pnpm install) so downstream consumers don't
receive these test-only packages. Use the dependency names "vitest" and
"vitest-canvas-mock" to locate the entries to remove.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b74c5d8-91f8-4f8a-9ed1-fc1b23a8aff8

📥 Commits

Reviewing files that changed from the base of the PR and between d119831 and 324f406.

📒 Files selected for processing (1)

• packages/journey-client/package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify these packages are test-only (not imported by runtime source).
echo "Checking runtime source imports in packages/journey-client/src ..."
rg -nP --type=ts -C2 "['\"](vitest|vitest-canvas-mock)['\"]" packages/journey-client/src || true

echo
echo "Checking test wiring files ..."
rg -nP -C2 "vitest-canvas-mock|setupFiles|test:" \
  packages/journey-client/vite.config.ts \
  packages/journey-client/vitest.setup.ts

Repository: ForgeRock/ping-javascript-sdk

Length of output: 13583

---

🏁 Script executed:

cat packages/journey-client/package.json

Repository: ForgeRock/ping-javascript-sdk

Length of output: 2072

---

Move vitest and vitest-canvas-mock from runtime dependencies to devDependencies only.

These packages are test-only and should not be installed for downstream consumers. They are imported exclusively in test files (.test.ts) and test configuration (vitest.setup.ts), never in production source code. Remove them from dependencies; they are already correctly declared in devDependencies.

Proposed fix

   "dependencies": {
     "@forgerock/sdk-logger": "workspace:*",
     "@forgerock/sdk-oidc": "workspace:*",
     "@forgerock/sdk-request-middleware": "workspace:*",
     "@forgerock/sdk-types": "workspace:*",
     "@forgerock/sdk-utilities": "workspace:*",
     "@forgerock/storage": "workspace:*",
     "@reduxjs/toolkit": "catalog:",
-    "tslib": "^2.3.0",
-    "vitest": "catalog:vitest",
-    "vitest-canvas-mock": "catalog:vitest"
+    "tslib": "^2.3.0"
   },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/journey-client/package.json` around lines 39 - 40, Remove "vitest"
and "vitest-canvas-mock" entries from the dependencies section of package.json
and ensure they remain declared under devDependencies (they're already present
there); update the lockfile by running your package manager (npm/yarn/pnpm
install) so downstream consumers don't receive these test-only packages. Use the
dependency names "vitest" and "vitest-canvas-mock" to locate the entries to
remove.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 5d6747a

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	2s	View ↗
nx affected -t build lint test typecheck e2e-ci	✅ Succeeded	2m 22s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-16 21:25:07 UTC

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@547

@forgerock/device-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/device-client@547

@forgerock/journey-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/journey-client@547

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@547

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@547

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@547

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@547

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@547

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@547

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@547

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@547

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@547

commit: 5d6747a

[github-actions]

Deployed 83f32a8 to https://ForgeRock.github.io/ping-javascript-sdk/pr-547/83f32a8a09e1b431d580f68687ad2a0c96276b0c branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🆕 New Packages

🆕 @forgerock/journey-client - 87.3 KB (new)
🆕 @forgerock/journey-client - 0.0 KB (new)

➖ No Changes

➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/iframe-manager - 2.4 KB
➖ @forgerock/sdk-oidc - 4.8 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-types - 7.9 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/davinci-client - 41.3 KB
➖ @forgerock/sdk-utilities - 11.2 KB
➖ @forgerock/oidc-client - 24.9 KB

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}

[coderabbitai]

♻️ Duplicate comments (1)

packages/journey-client/package.json (1)

39-40: ⚠️ Potential issue | 🟠 Major

Remove vite and vitest-canvas-mock from runtime dependencies.

Both packages are build/test tools that should only be in devDependencies (where they're already declared). Adding them to dependencies causes downstream consumers to install unnecessary packages.

• vite is a build tool used only in vite.config.ts
• vitest-canvas-mock is imported only in vitest.setup.ts for test mocking

,

Proposed fix

   "dependencies": {
     "@forgerock/sdk-logger": "workspace:*",
     "@forgerock/sdk-oidc": "workspace:*",
     "@forgerock/sdk-request-middleware": "workspace:*",
     "@forgerock/sdk-types": "workspace:*",
     "@forgerock/sdk-utilities": "workspace:*",
     "@forgerock/storage": "workspace:*",
     "@reduxjs/toolkit": "catalog:",
-    "tslib": "^2.3.0",
-    "vite": "catalog:vite",
-    "vitest-canvas-mock": "catalog:vitest"
+    "tslib": "^2.3.0"
   },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/journey-client/package.json` around lines 39 - 40, Remove the
runtime dependency entries for "vite" and "vitest-canvas-mock" from the
package.json dependencies block so they are not installed by downstream
consumers; these tools are already declared in devDependencies and should remain
only there—locate the dependencies object in package.json and delete the "vite":
"catalog:vite" and "vitest-canvas-mock": "catalog:vitest" entries (do not modify
the devDependencies entries).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@packages/journey-client/package.json`:
- Around line 39-40: Remove the runtime dependency entries for "vite" and
"vitest-canvas-mock" from the package.json dependencies block so they are not
installed by downstream consumers; these tools are already declared in
devDependencies and should remain only there—locate the dependencies object in
package.json and delete the "vite": "catalog:vite" and "vitest-canvas-mock":
"catalog:vitest" entries (do not modify the devDependencies entries).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0a5742df-afdf-44d6-93cf-5d847785ed0c

📥 Commits

Reviewing files that changed from the base of the PR and between c70a88c and a7dea24.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• packages/journey-client/package.json