feat(mobile): optimize the mobile common package name and import path and improve xss dependency #2777
Conversation
…, and improve xss dependency
|
Caution Review failedThe pull request is closed. WalkthroughThe pull request involves a comprehensive update across multiple mobile component files, primarily focusing on changing import statements from Changes
Suggested Labels
Suggested Reviewers
Poem
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (70)
Finishing Touches
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
WalkthroughThis pull request optimizes the mobile common package name and import path by changing imports from Changes
|
![petercat-assistant[bot]](https://avatars.githubusercontent.com/in/875736?s=60&v=4){kind=small}
| @@ -51,8 +51,8 @@ | |||
| item.type === 'filter' | |||
| ? 'IconUnfilter' | |||
| : item.type === 'selection' && item.state.showPopup | |||
| ? 'IconUp' | |||
| : 'IconDown' | |||
| ? 'IconUp' | |||
There was a problem hiding this comment.
The indentation change here seems to be purely stylistic and does not impact functionality. Ensure this change is intentional and consistent with the project's style guidelines.
|
[e2e-test-warn] The title of the Pull request should look like "fix(vue-renderless): [action-menu, alert] fix xxx bug". Please make sure you've read our contributing guide |
…, and improve xss dependency
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🔭 Outside diff range comments (1)
packages/mobile/components/form-item/src/mobile.vue (1)
Line range hint
91-93: Add XSS protection for validation messages.The validation messages are rendered directly in the template without sanitization. Given that these messages could potentially contain user-provided content, they should be sanitized to prevent XSS attacks.
Consider using the new XSS dependency mentioned in the PR to sanitize the validation messages:
validateMessage = state.validateMessage ? ( validatePosition === 'right' ? ( - <div class="tiny-mobile-input-form__error align-right">{state.validateMessage}</div> + <div class="tiny-mobile-input-form__error align-right">{sanitize(state.validateMessage)}</div> ) : ( - <div class="tiny-mobile-input-form__error align-left">{state.validateMessage}</div> + <div class="tiny-mobile-input-form__error align-left">{sanitize(state.validateMessage)}</div> ) ) : nullAdd the import at the top of the file:
import { sanitize } from '@mobile-root/common/xss'Also applies to: 96-98
🧹 Nitpick comments (4)
packages/mobile/components/user-head/src/mobile.vue (1)
Line range hint
1-1: Consider documenting the package migration.The changes consistently update import paths from '@mobile-root/vue-common' to '@mobile-root/common' across components. Consider:
- Adding a migration guide for package consumers
- Documenting the new props in the date-picker component
- Adding deprecation warnings for the old import path if backward compatibility is needed
packages/mobile/components/popover/src/mobile.vue (1)
Line range hint
1-1: Add comprehensive tests for the package reorganization.The widespread changes to import paths from '@mobile-root/vue-common' to '@mobile-root/common' affect multiple components. While the changes appear consistent, comprehensive testing is recommended to ensure:
- All required exports are available in the new path
- Component functionality remains unchanged
- No breaking changes are introduced
- Proper error handling for missing exports
Consider adding integration tests that verify the proper functioning of all affected components with the new common module.
packages/mobile/components/progress/src/mobile.vue (1)
Line range hint
1-1: Consider implementing a global XSS prevention strategy.Given that multiple components handle user input, consider implementing a global XSS prevention strategy using the new XSS dependency. This could be done through:
- A Vue plugin that automatically sanitizes v-model inputs
- A common utility function for sanitizing user input
- Middleware that sanitizes props before they reach components
This would provide consistent protection across all components rather than implementing it individually.
packages/mobile/components/form-item/src/mobile.vue (1)
Line range hint
32-186: Consider refactoring the render function for better maintainability.The render function is quite complex and handles multiple responsibilities. Consider breaking it down into smaller, more focused methods for better maintainability and testing.
Suggestions:
- Extract the error rendering logic into a separate method
- Move the form item content rendering logic to a dedicated method
- Consider using Vue's Composition API for better code organization
Example refactor:
// Extract error rendering private renderError(validateMessage: string, validateIcon: Component) { const { classPrefix, isErrorInline, isErrorBlock } = this; return h( 'div', { class: { [`${classPrefix}form-item__error`]: true, [`${classPrefix}form-item__error--inline`]: isErrorInline, [`${classPrefix}form-item__error--block`]: isErrorBlock }, attrs: { title: [validateMessage] } }, [ validateIcon ? h(validateIcon, { class: 'validate-icon' }) : null, <span class={`${classPrefix}form-item__validate-message`}>{validateMessage}</span> ] ); }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (70)
packages/mobile/components/action-sheet/src/mobile.vue(1 hunks)packages/mobile/components/alert/src/mobile.vue(1 hunks)packages/mobile/components/avatar/src/mobile.vue(1 hunks)packages/mobile/components/badge/src/mobile.vue(1 hunks)packages/mobile/components/button/src/mobile.vue(1 hunks)packages/mobile/components/checkbox-group/src/mobile.vue(1 hunks)packages/mobile/components/checkbox/src/checkbox.ts(1 hunks)packages/mobile/components/checkbox/src/mobile.vue(1 hunks)packages/mobile/components/container/src/mobile.vue(1 hunks)packages/mobile/components/date-picker/src/date-picker.ts(1 hunks)packages/mobile/components/date-picker/src/mobile.vue(1 hunks)packages/mobile/components/dialog-box/src/dialog-box.ts(1 hunks)packages/mobile/components/dialog-box/src/mobile.vue(1 hunks)packages/mobile/components/dropdown-item/src/mobile.vue(1 hunks)packages/mobile/components/dropdown-menu/src/mobile.vue(2 hunks)packages/mobile/components/exception/src/mobile.vue(1 hunks)packages/mobile/components/file-upload/src/file-upload.ts(1 hunks)packages/mobile/components/file-upload/src/mobile.vue(1 hunks)packages/mobile/components/form-item/src/label-wrap.ts(1 hunks)packages/mobile/components/form-item/src/mobile.vue(1 hunks)packages/mobile/components/form/src/mobile.vue(1 hunks)packages/mobile/components/image-viewer/src/mobile.vue(1 hunks)packages/mobile/components/image-viewer/src/mobileTouch.ts(1 hunks)packages/mobile/components/index-bar-anchor/src/index.vue(1 hunks)packages/mobile/components/index-bar/src/mobile.vue(1 hunks)packages/mobile/components/input/src/input.ts(1 hunks)packages/mobile/components/input/src/mobile.vue(1 hunks)packages/mobile/components/label/src/mobile.vue(1 hunks)packages/mobile/components/list/src/mobile.vue(1 hunks)packages/mobile/components/loading/index.ts(1 hunks)packages/mobile/components/loading/src/directive.ts(1 hunks)packages/mobile/components/loading/src/mobile.vue(1 hunks)packages/mobile/components/loading/src/service.ts(1 hunks)packages/mobile/components/mask/src/mobile.vue(1 hunks)packages/mobile/components/message/index.ts(1 hunks)packages/mobile/components/mini-picker/src/mobile.vue(1 hunks)packages/mobile/components/modal/index.ts(1 hunks)packages/mobile/components/modal/src/mobile.vue(1 hunks)packages/mobile/components/multi-select-item/src/mobile.vue(1 hunks)packages/mobile/components/multi-select/src/mobile.vue(1 hunks)packages/mobile/components/multi-select/src/multi-select.ts(1 hunks)packages/mobile/components/nav-bar/src/mobile.vue(1 hunks)packages/mobile/components/numeric/src/mobile.vue(1 hunks)packages/mobile/components/picker-column/src/mobile.vue(1 hunks)packages/mobile/components/popover/src/mobile.vue(1 hunks)packages/mobile/components/popup/src/mobile.vue(1 hunks)packages/mobile/components/progress/src/mobile.vue(1 hunks)packages/mobile/components/pull-refresh/src/mobile.vue(1 hunks)packages/mobile/components/radio-group/src/mobile.vue(1 hunks)packages/mobile/components/radio/src/mobile.vue(1 hunks)packages/mobile/components/search/src/mobile.vue(1 hunks)packages/mobile/components/slider/src/mobile.vue(1 hunks)packages/mobile/components/switch/src/mobile.vue(1 hunks)packages/mobile/components/tab-item/src/mobile.vue(1 hunks)packages/mobile/components/tabbar-item/src/mobile.vue(1 hunks)packages/mobile/components/tabbar/src/mobile.vue(1 hunks)packages/mobile/components/table/src/mobile.vue(1 hunks)packages/mobile/components/tabs/src/mobile.vue(1 hunks)packages/mobile/components/tabs/src/tab-nav/mb.vue(1 hunks)packages/mobile/components/tag/src/mobile.vue(1 hunks)packages/mobile/components/time-line/src/mobile.vue(1 hunks)packages/mobile/components/time-line/src/time-line.ts(1 hunks)packages/mobile/components/toast/src/mobile.vue(1 hunks)packages/mobile/components/toast/src/service.ts(1 hunks)packages/mobile/components/tooltip/src/mobile.vue(1 hunks)packages/mobile/components/upload-list/src/mobile.vue(1 hunks)packages/mobile/components/upload/src/mobile.vue(1 hunks)packages/mobile/components/user-head/src/mobile.vue(1 hunks)packages/mobile/components/wheel/src/mobile.vue(1 hunks)packages/mobile/package.json(1 hunks)
✅ Files skipped from review due to trivial changes (32)
- packages/mobile/components/image-viewer/src/mobileTouch.ts
- packages/mobile/components/loading/src/directive.ts
- packages/mobile/components/file-upload/src/file-upload.ts
- packages/mobile/components/loading/src/service.ts
- packages/mobile/components/slider/src/mobile.vue
- packages/mobile/components/index-bar-anchor/src/index.vue
- packages/mobile/components/upload/src/mobile.vue
- packages/mobile/components/picker-column/src/mobile.vue
- packages/mobile/components/loading/src/mobile.vue
- packages/mobile/components/modal/src/mobile.vue
- packages/mobile/components/tab-item/src/mobile.vue
- packages/mobile/components/pull-refresh/src/mobile.vue
- packages/mobile/components/multi-select/src/multi-select.ts
- packages/mobile/components/file-upload/src/mobile.vue
- packages/mobile/components/input/src/mobile.vue
- packages/mobile/components/modal/index.ts
- packages/mobile/components/numeric/src/mobile.vue
- packages/mobile/components/list/src/mobile.vue
- packages/mobile/components/dropdown-menu/src/mobile.vue
- packages/mobile/components/upload-list/src/mobile.vue
- packages/mobile/components/form-item/src/label-wrap.ts
- packages/mobile/components/multi-select/src/mobile.vue
- packages/mobile/components/multi-select-item/src/mobile.vue
- packages/mobile/components/tooltip/src/mobile.vue
- packages/mobile/components/image-viewer/src/mobile.vue
- packages/mobile/components/toast/src/service.ts
- packages/mobile/components/checkbox/src/checkbox.ts
- packages/mobile/components/popup/src/mobile.vue
- packages/mobile/components/dialog-box/src/mobile.vue
- packages/mobile/components/index-bar/src/mobile.vue
- packages/mobile/components/date-picker/src/date-picker.ts
- packages/mobile/components/tabs/src/tab-nav/mb.vue
🔇 Additional comments (39)
packages/mobile/package.json (2)
Line range hint
1-24: Verify the intentional removal of private flagThe removal of
"private": truemakes this package publishable. Please confirm this is intentional and aligns with the project's release strategy.Run this script to check other related packages' visibility status:
32-32: Review XSS dependency version and usageWhile adding XSS protection is beneficial, version 1.0.14 might not be the latest stable version. Additionally, ensure proper implementation across components.
Run this script to check for potential security issues and latest versions:
Consider the following recommendations:
- Document the XSS protection strategy in the component documentation
- Consider using the latest stable version if no conflicts exist
- Ensure consistent XSS protection implementation across all user input processing
✅ Verification successful
Version 1.0.14 is acceptable, implementation appears sound
The package version is only one patch behind latest (1.0.15) with no known vulnerabilities. The implementation is properly centralized in utility modules and consistently used across components.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check latest version and security advisories for xss package echo "Latest version from npm:" curl -s https://registry.npmjs.org/xss/latest | jq '.version' echo "Checking for known vulnerabilities:" gh api graphql -f query=' { securityVulnerabilities(first: 5, ecosystem: NPM, package: "xss") { nodes { advisory { summary severity publishedAt } vulnerableVersionRange firstPatchedVersion { identifier } } } }' # Check if xss is being imported in components echo "Checking xss usage in components:" rg -l "import.*xss" --type ts --type vueLength of output: 694
Script:
#!/bin/bash # Check xss usage in the codebase echo "Checking xss imports in TypeScript and JavaScript files:" rg -l "import.*xss|require.*xss" --type ts --type js echo "Checking xss usage in Vue files (using generic text search):" fd -e vue -x rg -l "xss" {} echo "Checking for direct xss function calls:" rg "xss\(" --type ts --type jsLength of output: 2336
packages/mobile/components/message/index.ts (1)
3-3: Verify module resolution for the new import pathThe import path change from '@mobile-root/vue-common' to '@mobile-root/common' needs verification to ensure the module is correctly resolved.
packages/mobile/components/loading/index.ts (1)
14-14: LGTM! Import path standardizationGood change from relative to absolute import path, which improves maintainability and aligns with the package optimization objective.
packages/mobile/components/label/src/mobile.vue (1)
21-21: Verify consistent import path usage across componentsThe import path change aligns with the package optimization objective. Let's verify consistent usage across other components.
✅ Verification successful
Import path change is consistently applied
The import path
@mobile-root/commonis consistently used across all components in the mobile package, and no occurrences of the old import path were found.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for any remaining old import paths rg -t vue "from '@mobile-root/vue-common'" packages/mobile/componentsLength of output: 105
Script:
#!/bin/bash # Search for both old and new import paths in .vue files echo "=== Searching for old import path ===" rg "from ['|\"]@mobile-root/vue-common['|\"]" packages/mobile/components echo -e "\n=== Searching for new import path ===" rg "from ['|\"]@mobile-root/common['|\"]" packages/mobile/componentsLength of output: 8525
packages/mobile/components/switch/src/mobile.vue (2)
22-22: LGTM! Import path standardizationThe import path change is consistent with the package optimization objective.
Line range hint
1-33: Query: XSS dependency improvementThe PR objectives mention improving XSS dependency, but no related changes are visible in the reviewed files. Could you clarify the XSS-related improvements?
packages/mobile/components/toast/src/mobile.vue (1)
14-14: LGTM! Import path updated consistently.The change from '@mobile-root/vue-common' to '@mobile-root/common' aligns with the PR objectives.
Let's verify the consistency of this import path change across the mobile components:
✅ Verification successful
Import path changes verified and consistent
The change from '@mobile-root/vue-common' to '@mobile-root/common' has been consistently implemented across all mobile components, with no remaining instances of the old import path.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify consistent import path changes across mobile components # Test: Search for any remaining old import paths rg -l "@mobile-root/vue-common" "packages/mobile/components/" # Test: Verify new import path usage rg -l "@mobile-root/common" "packages/mobile/components/"Length of output: 3656
packages/mobile/components/tag/src/mobile.vue (1)
24-24: LGTM! Import path updated correctly.The change from '@mobile-root/vue-common' to '@mobile-root/common' is consistent with other components.
packages/mobile/components/tabbar/src/mobile.vue (1)
25-25: LGTM! Import path updated appropriately.The change from '@mobile-root/vue-common' to '@mobile-root/common' maintains consistency, and the $prefix usage for component naming is preserved correctly.
packages/mobile/components/form/src/mobile.vue (1)
28-28: Verify the new import path exists and is properly configured.The import path has been updated from '@mobile-root/vue-common' to '@mobile-root/common'. While this change aligns with the PR objectives to optimize package names, we should verify the new path is properly configured.
✅ Verification successful
Import path '@mobile-root/common' is properly configured and exports all required symbols.
The new import path is correctly set up with proper alias configurations in both TypeScript and build configurations, and the module exports all the required symbols ($prefix, setup, defineComponent).
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the new @mobile-root/common package exists and is properly configured # Expected: Find package.json or index files in the new common package location # Search for package definition files fd -t f "package.json|index.(js|ts|vue)" -d 3 common packages/mobile/Length of output: 2790
Script:
#!/bin/bash # Check package configuration and exports echo "=== Package Configuration ===" cat packages/mobile/package.json | grep -A 5 -B 5 "mobile-root" echo -e "\n=== Exports Check ===" cat packages/mobile/common/index.tsLength of output: 10104
Script:
#!/bin/bash # Check for alias configuration in various config files echo "=== Workspace Configuration ===" cat package.json | grep -A 5 -B 5 "mobile-root" || echo "No workspace alias found" echo -e "\n=== TypeScript Configuration ===" fd -t f "tsconfig.*json" . | xargs cat | grep -A 5 -B 5 "mobile-root" || echo "No TypeScript alias found" echo -e "\n=== Build Configuration ===" fd -t f "vite.config.*|webpack.config.*" . | xargs cat | grep -A 5 -B 5 "mobile-root" || echo "No build config alias found"Length of output: 1957
packages/mobile/components/mask/src/mobile.vue (1)
28-28: Verify consistency of import path changes across mobile components.The import path change is part of a larger pattern. Let's verify that this change is consistently applied across all mobile components to prevent potential import conflicts.
✅ Verification successful
Import path changes are consistently applied across mobile components
The change from '@mobile-root/vue-common' to '@mobile-root/common' has been consistently implemented across all mobile components and their supporting files. No instances of the old import path remain in the codebase.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Check for any remaining old import paths that might have been missed # Expected: No files should still be using the old import path # Search for any remaining old import paths rg -l "@mobile-root/vue-common" "packages/mobile/components/"Length of output: 59
Script:
#!/bin/bash # Search for the new import path pattern with context rg -C 2 "@mobile-root/common" "packages/mobile/components/" # Also check if there are any other variations of mobile-root imports rg -C 2 "@mobile-root/" "packages/mobile/components/"Length of output: 75530
packages/mobile/components/radio-group/src/mobile.vue (1)
31-31: Verify type compatibility with the new import path.The change affects imports used with TypeScript types (IRadioGroupApi). Ensure that all type definitions are properly exported from the new path.
✅ Verification successful
Type compatibility verified with the new import path.
The IRadioGroupApi interface is properly maintained in the mobile package, and the path alias @mobile-root/* is correctly configured in tsconfig.json to resolve the new import path.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify type definitions in the new common package # Expected: Find type definition files in the new location # Search for type definition files fd -e d.ts -e ts "types|index" packages/mobile/common/Length of output: 181
Script:
#!/bin/bash # Search for IRadioGroupApi type definition in both old and new locations echo "=== Searching in old location ===" rg "IRadioGroupApi" packages/mobile/vue-common/ -A 5 echo -e "\n=== Searching in new location ===" rg "IRadioGroupApi" packages/mobile/common/ -A 5Length of output: 329
Script:
#!/bin/bash # Find all radio group related files echo "=== Finding radio group related files ===" fd "radio" --type f echo -e "\n=== Searching for type definitions in these files ===" rg "interface.*Radio" --type tsLength of output: 6885
Script:
#!/bin/bash # Check for path aliases and module resolution echo "=== Checking tsconfig for path aliases ===" fd tsconfig.json cat $(fd tsconfig.json) echo -e "\n=== Checking package.json in mobile package ===" cat packages/mobile/package.jsonLength of output: 12777
packages/mobile/components/checkbox-group/src/mobile.vue (1)
29-29: Import path change looks good, but XSS improvements are not visible.While the import path change is consistent with other files, the PR description mentions XSS dependency improvements which are not visible in these changes.
packages/mobile/components/badge/src/mobile.vue (1)
41-41: LGTM! Verify package consumers.The import path change aligns with the PR objectives. However, this change might affect package consumers.
Let's verify if there are any direct imports of '@mobile-root/vue-common' in the codebase that need to be updated:
✅ Verification successful
Import path change is safe to proceed
No other references to '@mobile-root/vue-common' were found in the codebase, indicating this change is isolated and won't impact other consumers.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for direct imports of the old package rg -l "@mobile-root/vue-common" --type ts --type vueLength of output: 80
Script:
#!/bin/bash # Search for direct imports without file type restrictions rg "@mobile-root/vue-common" # Check package.json files for the dependency fd "package.json" --exec grep -l "@mobile-root/vue-common" {}Length of output: 90
packages/mobile/components/tabbar-item/src/mobile.vue (1)
35-35: LGTM!The import path change is consistent with the package optimization objective.
packages/mobile/components/date-picker/src/mobile.vue (1)
38-38: Document the newly added props.While the import path change is consistent, the newly added props (modelValue, type, clearable, etc.) lack documentation and type definitions.
Let's check if these props are documented elsewhere:
Also applies to: 47-47
packages/mobile/components/user-head/src/mobile.vue (1)
41-41: LGTM!The import path change is consistent with the package optimization objective.
packages/mobile/components/button/src/mobile.vue (1)
48-48: LGTM! Verify consistent usage across codebase.The import path update aligns with the PR objectives to optimize the mobile common package.
Let's verify this change is consistently applied across all mobile components:
✅ Verification successful
Import path migration successfully verified
The migration from '@mobile-root/vue-common' to '@mobile-root/common' is complete and consistently applied across all mobile components.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for any remaining imports from old path rg "@mobile-root/vue-common" "packages/mobile/components" # Search for consistent usage of new path rg "@mobile-root/common" "packages/mobile/components"Length of output: 8303
packages/mobile/components/alert/src/mobile.vue (1)
31-31: LGTM! Verify security implications.The import path update is consistent with the package optimization. Since this is a security-sensitive component (alerts), ensure the new common package maintains all security features.
Let's verify the security features are preserved:
✅ Verification successful
Security features verified - no issues found
The security mechanisms are preserved in the new common package, including XSS protection, HTML sanitization, and content escaping utilities. The alert component maintains access to all necessary security features through the shared utilities.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for security-related code in both old and new packages rg -A 5 "sanitize|escape|xss" "packages/mobile/common" rg -A 5 "sanitize|escape|xss" "packages/mobile/vue-common"Length of output: 180
Script:
#!/bin/bash # First, find the correct paths echo "=== Finding package locations ===" fd -t d "common$|vue-common$" echo -e "\n=== Checking security patterns in relevant files ===" # Broader security-related pattern search in common packages rg -i "(sanitize|escape|xss|innerHTML|textContent|purify|security|dangerouslySetInnerHTML)" -g "!*.{test,spec}.*" echo -e "\n=== Looking for alert implementations ===" # Find and check alert-related files fd -t f "alert" -x rg -l "(sanitize|escape|xss|innerHTML|textContent|purify|security|dangerouslySetInnerHTML)" {}Length of output: 34065
packages/mobile/components/radio/src/mobile.vue (1)
50-50: LGTM! Import path update is consistent.The change maintains consistency with other components while preserving all input handling functionality.
packages/mobile/components/exception/src/mobile.vue (1)
41-41: LGTM! Verify error handling preservation.The import path update maintains consistency while preserving the $prefix utility import.
Let's verify error handling utilities are preserved:
packages/mobile/components/action-sheet/src/mobile.vue (1)
55-55: Verify the availability and compatibility of imports from '@mobile-root/common'.The import path has been changed from '@mobile-root/vue-common' to '@mobile-root/common'. While this aligns with the package optimization goal, we should verify that all required exports are available in the new path.
✅ Verification successful
Import path change is valid and compatible
The new
@mobile-root/commonmodule correctly exports all required symbols ($prefix,setup, anddefineComponent) with compatible interfaces. This change appears to be part of an intentional consolidation of common utilities.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the existence and exports of the new common module # Check if the new common module exists and exports the required symbols # Look for the module definition fd -t f "index.(js|ts)" -p "packages/mobile/common" # Check exports in the found files rg -A 5 "export.*{.*(\$prefix|setup|defineComponent).*}" "packages/mobile"Length of output: 387
Script:
#!/bin/bash # Check exports in both old and new modules echo "=== Checking exports in new common module ===" rg -A 5 "export.*(\\\$prefix|setup|defineComponent)" "packages/mobile/common" echo -e "\n=== Checking exports in old vue-common module ===" rg -A 5 "export.*(\\\$prefix|setup|defineComponent)" "packages/mobile/vue-common" echo -e "\n=== Checking file content of common/index.ts ===" cat "packages/mobile/common/index.ts"Length of output: 13716
packages/mobile/components/avatar/src/mobile.vue (1)
13-13: Verify TSX compatibility with the new import path.The component uses TSX syntax and relies on the
hfunction for rendering. Ensure that the new '@mobile-root/common' module properly exports thehfunction and maintains TSX support.✅ Verification successful
TSX support is properly maintained in the new import path
The
@mobile-root/commonmodule correctly re-exports thehfunction from Vue along with necessary TypeScript types and TSX utilities. The implementation maintains full TSX compatibility.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify TSX support in the new common module # Check for h function export and TSX configurations # Look for h function export rg -p "export.*h.*from.*vue" "packages/mobile" # Check for TSX configuration fd -t f "tsconfig.json|vite.config.ts" -x rg -l "jsx|tsx"Length of output: 890
Script:
#!/bin/bash # Check common module exports and h function usage # Look for the common module's exports fd -t f "index.ts|index.js" -p "packages/mobile/common" -x cat {} # Check for h function imports/exports with broader patterns rg -p "import.*\{.*h.*\}.*from.*vue" "packages/mobile" # Check the component's render implementation ast-grep --pattern 'export default defineComponent({ $$$ render() { $$$ } $$$ })'Length of output: 38727
packages/mobile/components/checkbox/src/mobile.vue (1)
67-67: Verify Vue integration with the new common module.The checkbox component relies heavily on Vue's reactivity and event handling. Ensure that the new '@mobile-root/common' module maintains proper Vue integration, especially for v-model support and event handling.
✅ Verification successful
Vue integration is properly maintained in the common module
The new '@mobile-root/common' module correctly exports and maintains all necessary Vue utilities including defineComponent and setup. The module serves as a proper Vue integration layer, ensuring components retain full Vue functionality.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify Vue integration in the new common module # Check for Vue-specific exports and integration points # Look for Vue integration code rg -p "defineComponent.*setup" "packages/mobile/common" # Check for v-model support rg -p "modelValue|update:modelValue" "packages/mobile/common"Length of output: 117
Script:
#!/bin/bash # First, let's find and examine the common module structure fd -t f . "packages/mobile/common" # Then check for Vue-related exports rg -p "export.*{.*define.*Component|setup" "packages/mobile/common" # Look for Vue imports rg -p "from 'vue'|from \"vue\"" "packages/mobile/common" # Check for any files containing Vue component definitions ast-grep --pattern 'defineComponent({ $$$ })'Length of output: 65938
packages/mobile/components/popover/src/mobile.vue (1)
56-56: Verify popper functionality with the new common module.The popover component relies on popper functionality for positioning. Ensure that the new '@mobile-root/common' module maintains all necessary utilities for proper popper integration.
✅ Verification successful
Popper functionality is properly maintained through common module
The popper functionality is correctly preserved through the @mobile-root/common module, which provides access to the popper utilities from utils/deps. The implementation maintains all necessary positioning and transition features required by the popover component.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify popper integration in the new common module # Check for popper-related code and dependencies # Look for popper-related code rg -p "popper|positioning" "packages/mobile/common" # Check for popper dependencies fd "package.json" -x rg -l "popper"Length of output: 85
Script:
#!/bin/bash # Check the actual content of mobile.vue cat "packages/mobile/components/popover/src/mobile.vue" # Search for popper-related code with different variations rg -p -i "popper|popover|position|placement|tooltip" "packages/mobile" # Look for type definitions fd "\.(ts|d\.ts)$" -x rg -l "popper|popover|position"Length of output: 64920
packages/mobile/components/wheel/src/mobile.vue (1)
50-50: Verify the new common package compatibility.The import path has been updated from '@mobile-root/vue-common' to '@mobile-root/common'. While this aligns with the package optimization goal, we should ensure API compatibility.
✅ Verification successful
Import path change verified successfully
The new
@mobile-root/commonpackage exports all required symbols (setup,defineComponent,$prefix) with compatible interfaces.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify that the new common package exports all required symbols # Test: Check if the new package maintains the same exports rg -g '*.{js,ts}' -A 5 "export.*(?:setup|defineComponent|\$prefix)" packages/mobile/common/Length of output: 3212
packages/mobile/components/nav-bar/src/mobile.vue (1)
13-13: Consider XSS prevention for user-provided content.While updating the import path, we should also ensure proper sanitization of user-provided content (title, leftText, rightText) to prevent XSS attacks.
Consider using the new XSS dependency mentioned in the PR objectives for content sanitization. Example implementation:
+ import { sanitize } from '@opentiny/xss' render() { - const { leftArrow, rightArrow, leftText, rightText, $listeners, $attrs, title, zIndex, fixed, subTitle } = this + const { leftArrow, rightArrow, $listeners, $attrs, zIndex, fixed } = this + const leftText = sanitize(this.leftText) + const rightText = sanitize(this.rightText) + const title = sanitize(this.title) + const subTitle = sanitize(this.subTitle)packages/mobile/components/search/src/mobile.vue (1)
69-69: Enhance input sanitization for search functionality.While updating the import path, consider implementing input sanitization for the search functionality to prevent XSS attacks.
Consider sanitizing the input before emitting events:
+ import { sanitize } from '@opentiny/xss' setup(props, context) { - return setup({ props, context, renderless, api }) as unknown as ISearchApi + const api = setup({ props, context, renderless, api }) as unknown as ISearchApi + const originalHandleInput = api.handleInput + api.handleInput = (event) => { + event.target.value = sanitize(event.target.value) + originalHandleInput(event) + } + return api }packages/mobile/components/progress/src/mobile.vue (1)
71-71: LGTM! Import path update is consistent.The import path change aligns with the package optimization goal and maintains consistency with other components.
packages/mobile/components/mini-picker/src/mobile.vue (1)
48-48: LGTM! Verify the new import path.The import path change from
@mobile-root/vue-commonto@mobile-root/commonis consistent with the broader refactoring effort across mobile components.✅ Verification successful
Import path change is consistent with the codebase
The change from
@mobile-root/vue-commonto@mobile-root/commonis verified and matches the standardized import pattern used across all mobile components.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the new import path exists and is properly exported # Test: Check if the new module exists and exports the required functions rg -l "@mobile-root/common" "packages/mobile" | while read -r file; do echo "=== Checking imports in $file ===" rg "import.*from.*@mobile-root/common" "$file" -A 1 doneLength of output: 26974
packages/mobile/components/time-line/src/mobile.vue (1)
84-84: LGTM! Import path update is consistent.The change to import
setupanddefineComponentfrom@mobile-root/commonaligns with the codebase-wide refactoring.packages/mobile/components/tabs/src/mobile.vue (1)
14-14: LGTM! Import path update is consistent.The change to import
setup,h, anddefineComponentfrom@mobile-root/commonaligns with the codebase-wide refactoring.packages/mobile/components/time-line/src/time-line.ts (1)
12-12: LGTM! Import path update is consistent.The change to import
PropTypefrom@mobile-root/commonaligns with the codebase-wide refactoring.packages/mobile/components/table/src/mobile.vue (1)
93-93: Verify consistent usage of the new import path across the codebaseThe import path change aligns with the PR objective to optimize package names and import paths.
Let's verify that this change is consistent across all mobile components:
✅ Verification successful
Import path changes are consistently implemented
The new import path
@mobile-root/commonis uniformly used across all mobile components, with no remaining references to the old path@mobile-root/vue-common.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check for any remaining old import paths rg -l "@mobile-root/vue-common" "packages/mobile/components/" # Verify new import path usage rg -l "@mobile-root/common" "packages/mobile/components/"Length of output: 3656
packages/mobile/components/dropdown-item/src/mobile.vue (1)
102-102: LGTM! Import path updated correctlyThe import statement has been properly updated to use the new common package path, maintaining all necessary imports (setup, defineComponent, directive).
packages/mobile/components/input/src/input.ts (1)
12-12: LGTM! Type import updated correctlyThe PropType import path has been updated while maintaining type safety. This change is compile-time only and won't affect runtime behavior.
packages/mobile/components/dialog-box/src/dialog-box.ts (1)
13-13: Verify $prefix constant value remains unchangedThe import path for $prefix has been updated. While this is likely a safe change, we should verify that the constant's value remains the same to prevent any CSS class name mismatches.
Let's verify the $prefix constant value in both locations:
✅ Verification successful
Import path change for $prefix is safe
The constant maintains its value of 'Tiny' in the new location, ensuring CSS class names will remain consistent.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check the $prefix constant definition in both old and new locations rg -A 1 "export const \$prefix = " "packages/mobile/"Length of output: 52
Script:
#!/bin/bash # Search for $prefix definitions and exports with various patterns echo "=== Searching for $prefix definitions ===" rg "\$prefix\s*=\s*['\"]" echo -e "\n=== Searching for $prefix exports ===" rg "export.*\$prefix" echo -e "\n=== Searching for imports of $prefix ===" rg "import.*\$prefix.*from"Length of output: 319
Script:
#!/bin/bash # Use ast-grep to find export declarations of $prefix ast-grep --pattern 'export const $prefix = $_' # Use ast-grep to find import declarations ast-grep --pattern 'import { $prefix } from $_'Length of output: 540
packages/mobile/components/form-item/src/mobile.vue (1)
13-13: Verify the availability of imported entities in the new package path.The import path has been updated from '@mobile-root/vue-common' to '@mobile-root/common'. While this aligns with the broader package restructuring, we should verify that all imported entities are available in the new location.
Let's verify the package structure and imports:
✅ Verification successful
Import path change is valid and safe
All required exports (
$prefix,setup,parseVnode,h,defineComponent,isVue2) are available in the new@mobile-root/commonpackage with consistent functionality.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check if all required exports are available in the new package ast-grep --pattern 'export { $$$, $prefix, setup, parseVnode, h, defineComponent, isVue2, $$$ }' packages/mobile/common/index.* # Check for any remaining old imports that need to be updated rg -l "@mobile-root/vue-common" packages/Length of output: 172
Script:
#!/bin/bash # First, verify the package exists and check its structure fd . packages/mobile/common/ # Look for exports with different patterns ast-grep --pattern 'export const $prefix' ast-grep --pattern 'export function setup' ast-grep --pattern 'export const parseVnode' ast-grep --pattern 'export function h' ast-grep --pattern 'export const defineComponent' ast-grep --pattern 'export const isVue2' # Check for re-exports rg "export.*(\$prefix|setup|parseVnode|h|defineComponent|isVue2)" -A 2Length of output: 67897
Script:
#!/bin/bash # Check for setup and h exports/imports rg "export.*(setup|h).*=" packages/mobile/common/ -A 1 # Check if these are re-exported from Vue rg "import.*{.*setup.*}.*from.*vue" packages/mobile/common/ -A 1 rg "import.*{.*h.*}.*from.*vue" packages/mobile/common/ -A 1Length of output: 2226
| @@ -25,7 +25,7 @@ | |||
|
|
|||
| <script lang="ts"> | |||
| import { renderless, api } from './renderless/vue' | |||
| import { setup, defineComponent } from '@mobile-root/vue-common' | |||
| import { setup, defineComponent } from '@mobile-root/common' | |||
There was a problem hiding this comment.
💡 Codebase verification
Missing private flag in package.json
The package.json file has the xss dependency correctly configured (version 1.0.14), but the private flag mentioned in the AI summary is missing. This flag is important for package visibility configuration.
packages/mobile/package.json: Add the"private": truefield to prevent accidental publishing
🔗 Analysis chain
LGTM! Import path updated consistently.
The change from '@mobile-root/vue-common' to '@mobile-root/common' aligns with the codebase-wide update.
Let's verify the package.json changes mentioned in the AI summary:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify package.json changes for private flag and xss dependency
# Test: Check package.json modifications
rg -l "\"private\":|\"xss\":" "packages/mobile/"
Length of output: 73
Script:
#!/bin/bash
# Get content of package.json
cat packages/mobile/package.json
Length of output: 1221
优化移动common包名称和引入路径,完善xss依赖
PR
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Issue Number: N/A
What is the new behavior?
Does this PR introduce a breaking change?
Other information
Summary by CodeRabbit
Based on the comprehensive summary of changes, here are the release notes:
Module Restructuring
@mobile-root/vue-commonto@mobile-root/commonacross multiple mobile componentsPackage Configuration
Component Updates
Dependency Management
xsslibrary version 1.0.14 for enhanced securityThese changes appear to be primarily focused on module organization and preparing the package for broader distribution.