@tanstack/create - npm Package Compare versions

Comparing version 0.63.8 to 0.63.9

CHANGELOG.md

 # @tanstack/create
 
+## 0.63.9
+
+### Patch Changes
+
+- fix(create): correct netlify.toml key, eslint scripts, and missing eslint dep ([`e38729f`](https://github.com/TanStack/cli/commit/e38729fe0b6a16e8d34417d2334baf2b2db94942))
+
+  - The generated `netlify.toml` for both React and Solid used `dir` under
+    `[build]`, which is not a valid Netlify configuration key. Per Netlify's
+    TanStack Start guide it must be `publish`. Closes #423.
+  - The eslint toolchain had `format` and `check` scripts swapped: `format`
+    ran prettier in read-only mode while `check` mutated files. Swap them so
+    `format` writes (`prettier --write . && eslint --fix`) and `check` is
+    read-only (`prettier --check .`). Closes #403.
+  - `@tanstack/eslint-config` lists `eslint` as a peer dependency, so eslint
+    was not installed by package managers that don't auto-install peers. Add
+    `eslint` to `devDependencies` in the eslint toolchain. Closes #417.
+
 ## 0.63.8
@@ -4,0 +21,0 @@

dist/frameworks/react/hosts/netlify/assets/netlify.toml

 [build]
   command = "vite build"
-  dir = "dist/client"
+  publish = "dist/client"
 [dev]
@@ -5,0 +5,0 @@ command = "npm run dev"

dist/frameworks/react/toolchains/eslint/package.json

 {
   "scripts": {
     "lint": "eslint",
-    "format": "prettier --check .",
-    "check": "prettier --write . && eslint --fix"
+    "format": "prettier --write . && eslint --fix",
+    "check": "prettier --check ."
   },
   "devDependencies": {
     "@tanstack/eslint-config": "latest",
+    "eslint": "^9.20.0",
     "prettier": "^3.8.1"
   }
 }

dist/frameworks/solid/hosts/netlify/assets/netlify.toml

 [build]
   command = "vite build"
-  dir = "dist/client"
+  publish = "dist/client"
 [dev]
@@ -5,0 +5,0 @@ command = "npm run dev"

dist/frameworks/solid/toolchains/eslint/package.json

 {
   "scripts": {
     "lint": "eslint",
-    "format": "prettier --check .",
-    "check": "prettier --write . && eslint --fix"
+    "format": "prettier --write . && eslint --fix",
+    "check": "prettier --check ."
   },
   "devDependencies": {
     "@tanstack/eslint-config": "latest",
+    "eslint": "^9.20.0",
     "prettier": "^3.8.1"
   }
 }

package.json

 {
   "name": "@tanstack/create",
-  "version": "0.63.8",
+  "version": "0.63.9",
   "description": "TanStack Application Builder Engine",
@@ -5,0 +5,0 @@ "type": "module",

src/frameworks/react/hosts/netlify/assets/netlify.toml

 [build]
   command = "vite build"
-  dir = "dist/client"
+  publish = "dist/client"
 [dev]
@@ -5,0 +5,0 @@ command = "npm run dev"

src/frameworks/react/toolchains/eslint/package.json

 {
   "scripts": {
     "lint": "eslint",
-    "format": "prettier --check .",
-    "check": "prettier --write . && eslint --fix"
+    "format": "prettier --write . && eslint --fix",
+    "check": "prettier --check ."
   },
   "devDependencies": {
     "@tanstack/eslint-config": "latest",
+    "eslint": "^9.20.0",
     "prettier": "^3.8.1"
   }
 }

src/frameworks/solid/hosts/netlify/assets/netlify.toml

 [build]
   command = "vite build"
-  dir = "dist/client"
+  publish = "dist/client"
 [dev]
@@ -5,0 +5,0 @@ command = "npm run dev"

src/frameworks/solid/toolchains/eslint/package.json

 {
   "scripts": {
     "lint": "eslint",
-    "format": "prettier --check .",
-    "check": "prettier --write . && eslint --fix"
+    "format": "prettier --write . && eslint --fix",
+    "check": "prettier --check ."
   },
   "devDependencies": {
     "@tanstack/eslint-config": "latest",
+    "eslint": "^9.20.0",
     "prettier": "^3.8.1"
   }
 }

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 9 instances in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 9 instances in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14669189

0.01%

No dependency changes