install: ignore patchedDependencies from folder dependency's package.json#29594
Open
robobun wants to merge 4 commits into
Open
install: ignore patchedDependencies from folder dependency's package.json#29594robobun wants to merge 4 commits into
patchedDependencies from folder dependency's package.json#29594robobun wants to merge 4 commits into
Claude / Claude Code Review
completed
May 4, 2026 in 13m 8s
Code review found 1 potential issue
Found 1 candidates, confirmed 1. See review comments for details.
Details
| Severity | Count |
|---|---|
| 🔴 Important | 0 |
| 🟡 Nit | 0 |
| 🟣 Pre-existing | 1 |
| Severity | File:Line | Issue |
|---|---|---|
| 🟣 Pre-existing | src/install/lockfile/Package.zig:1322-1323 |
Pre-existing: unchecked .e_object access on patchedDependencies value |
Annotations
Check notice on line 1323 in src/install/lockfile/Package.zig
claude / Claude Code Review
Pre-existing: unchecked .e_object access on patchedDependencies value
Pre-existing (not introduced here, and this PR actually *reduces* its surface): `patched_deps.expr.data.e_object` is accessed without checking the union tag, so a root `package.json` with e.g. `"patchedDependencies": []` or `"patchedDependencies": "foo"` would hit a Zig safety panic instead of a clean error. The same unchecked access exists in the second block at ~L1655. Since these lines are being re-indented anyway, a one-line `if (patched_deps.expr.data == .e_object)` guard (matching the adja
Loading