Add legacy ESM export subpath, fix Phase 6 docs findings#31
Merged
Conversation
added 3 commits
June 17, 2026 12:40
- package.json: expose dist/latency-test.legacy.esm.js via a "./legacy"
exports subpath so bundler consumers can `import "@adasp/latency-test/legacy"`
instead of reaching into node_modules directly. Documented in install.md
and build-output.md.
- docs/examples/svelte.md: explicit close tags instead of self-closing
<latency-test /> (Svelte 5 compiler warning).
- docs/examples/angular.md: documents re-enabling zone.js on CLI 22+
zoneless scaffolds (npm install, polyfill load order, provideZoneChangeDetection,
markForCheck()).
- docs/examples/{react,nextjs}.md: JSX IntrinsicElements augmentation now
works on all React versions via `declare module 'react'` with the
required `import type {} from 'react'` (verified against
@types/react 19.2.17 — the previous "React 19+ auto-detects" claim was false).
- docs/examples/vanilla-js.md: CDN snippet adds <title>, SRI hash +
crossorigin on the pinned script tag, and type="module" on the inline
script to remove a custom-element upgrade race.
- connect() examples (vanilla-js, react, vue, svelte x2, angular, nextjs):
clear stale error state on retry and close the AudioContext created
before a failed getUserMedia() call, instead of leaking it.
- docs/index.md, docs/install.md, docs/examples/host-gain.md: same
AudioContext-leak pattern fixed in the Quick Start / host-gain snippets.
Closes #29
Closes #30
npm audit --audit-level=high was failing on 3 devDependency-only vulnerabilities (esbuild/vite/vitepress, transitive through vitepress's docs tooling). None of these ship in the published package (files whitelist is dist/, README.md, CHANGELOG.md, LICENSE only), and there is no available fix that doesn't break docs:build (esbuild 0.28.1 breaks vite 5.4.21's destructuring transform for legacy browser targets). Scoping the audit to --omit=dev makes the check reflect actual shipped risk; confirmed it passes clean (0 vulnerabilities).
The earlier --omit=dev CI scoping worked around the 3 devDependency vulnerabilities (esbuild GHSA-67mh/gv7w/g7r4, vite GHSA-4w7w/v6wh/fx2h) but didn't actually fix them. A real fix exists: - package.json: bump direct esbuild to ^0.28.1, and add overrides forcing vite to 6.4.3 and vite's nested esbuild to ^0.28.1 — both versions clear every advisory. vitepress@1.6.4 declares vite: ^5.4.14 (a <6.0.0 range), so this is an intentional compatibility override past its declared range, not a semver-safe bump. - docs/.vitepress/config.mjs: set vite.build.target and vite.optimizeDeps.esbuildOptions.target to es2020. Without this, docs:build fails — esbuild 0.28.x can't downlevel destructuring syntax for the older browser targets vite computes by default (chrome87/safari14/etc). Raising the floor to es2020 means esbuild never needs to perform that lowering. This only affects the docs site's own output target, not the published component bundles, which have a separate build pipeline and already ship a dedicated legacy build for older browsers. - .github/workflows/ci.yml: revert the audit step to the original unscoped `npm audit --audit-level=high` now that it passes clean. Verified locally: npm audit (0 vulnerabilities), typecheck, test, build:component:all, docs:build, docs:dev (HTTP 200 smoke test), and npm pack --dry-run all pass with vite@6.4.3 + esbuild@0.28.1 resolved throughout the tree.
fan-droide
pushed a commit
that referenced
this pull request
Jun 17, 2026
CLAUDE.md, agents/CLAUDE_REVIEW.md, and agents/SESSION_HANDOFF.md still described Phase 6 (framework example verification, issue #30) as the only remaining v1 item and pinned CDN references to @1.2.0 — both stale now that PR #31 closed #29/#30 and v1.2.1 shipped. Updated all three to reflect the closed gate, the 1.2.1 release, and the semver nuance raised during external review (patch vs. minor for the new ./legacy exports subpath).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
dist/latency-test.legacy.esm.jsvia a"./legacy"exports subpath inpackage.jsonso bundler consumers canimport "@adasp/latency-test/legacy", with docs added ininstall.mdandbuild-output.md.declare module 'react'pattern, verified against@types/react19.2.17), and CDN snippet hardening (title, SRI hash, module-script race fix) invanilla-js.md.connect()example bug (stale error state on retry + leakedAudioContexton failedgetUserMedia()) identically across all 7 framework example implementations, plus the same pattern indocs/index.md,docs/install.md, anddocs/examples/host-gain.md.Test plan
npm test— 34/34 passingnpm run typecheck— cleannpm run docs:build— cleanimport("@adasp/latency-test/legacy")resolves to the legacy builddeclare module 'react'JSX augmentation fix in an isolated TS sandbox against@types/react@19.2.17Closes #29
Closes #30