fix(core): Change prepack back to prepare for git dependency builds

[yamadashy]

Summary

• Change prepack back to prepare lifecycle script
• Change npm ci --omit=dev to npm prune --omit=dev in Dockerfile and CI

Background

PR #1215 changed prepare to prepack, but npm's prepack does not actually run when installing git dependencies (npm bug: npm/pacote#257).

As a result, when website/server installs "repomix": "github:yamadashy/repomix#main", the lib/ directory is never built, causing TypeScript compilation to fail.

The reality of npm prepack

• npm docs claim prepack "runs when installing a git dependency"
• However, pacote (npm's internal library) intentionally only runs prepare, not prepack, in dir.js
• This behavior is the same across npm 5-11 (prepack has never worked for git deps)
• A fix PR (pacote#419) was closed without merge in May 2025

Why npm prune is needed

prepare runs during npm ci --omit=dev, but devDependencies (rimraf, tsc) are not available, causing npm run build to fail. npm prune --omit=dev does not trigger lifecycle scripts, avoiding this issue.

Reverts

• Reverts the lifecycle script change from PR refactor(config): Replace prepare with prepack lifecycle script #1215
• Reverts the npm prune to npm ci --omit=dev change from PR Replace npm prune with npm ci --omit=dev for consistency #1218

Checklist

• Run npm run test
• Run npm run lint

[github-actions]

⚡ Performance Benchmark

Latest commit:	37fa9f7
Status:	✅ Benchmark complete!
Ubuntu:	2.49s (±0.03s) → 2.49s (±0.03s) · +0.00s (+0.1%)
macOS:	1.32s (±0.16s) → 1.36s (±0.07s) · +0.04s (+3.3%)
Windows:	3.11s (±0.14s) → 3.11s (±0.06s) · +0.00s (+0.0%)

Details

• Packing the repomix repository with node bin/repomix.cjs
• Warmup: 2 runs (discarded)
• Measurement: 10 runs / 20 on macOS (median ± IQR)
• Workflow run

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d218a9aa-5159-414f-b04f-8e35a5ed6ffd

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The pull request replaces redundant dependency reinstallation steps with in-place pruning in CI and Docker workflows, and shifts the npm build lifecycle hook from prepack to prepare to trigger builds during the prepare phase rather than pre-publishing.

Changes

Cohort / File(s)	Summary
CI/CD Dependency Management .github/workflows/ci.yml, Dockerfile	Replaced npm ci --omit=dev with npm prune --omit=dev to remove dev dependencies from existing node_modules instead of reinstalling from lockfile, streamlining the dependency setup in both environments.
Build Lifecycle Hook package.json	Changed npm lifecycle hook from prepack to prepare to trigger the build step during the package prepare phase instead of immediately before publishing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• refactor(config): Replace prepare with prepack lifecycle script #1215: Directly modifies the same npm lifecycle hook (prepack ↔ prepare) addressing build behavior during package operations.
• feat(build): Add prepare script for GitHub-based npm install #1053: Adds prepare lifecycle script to run builds, sharing the same npm lifecycle hook strategy as this PR.
• Replace npm prune with npm ci --omit=dev for consistency #1218: Also toggles between npm ci --omit=dev and npm prune --omit=dev in CI and Docker dependency steps, addressing identical code-level changes.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: reverting the lifecycle script from prepack back to prepare to fix git dependency builds.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description provides comprehensive context including summary, background, technical reasoning, reverts, and checklist items aligned with the template.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/prepack-to-prepare

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

このプルリクエストは、git 依存関係としてインストールされた場合にパッケージのビルドが失敗する問題を解決することを目的としています。以前の変更で prepare から prepack に切り替えたことが原因で、npm のバグにより prepack スクリプトが実行されず、必要なビルド成果物が生成されませんでした。この変更により、prepare スクリプトに戻し、npm prune を使用することで、開発依存関係なしでビルドプロセスが正常に完了するようにします。

Highlights

• スクリプトライフサイクルイベントの変更: パッケージのビルドスクリプトを prepack から prepare に戻しました。これにより、git 依存関係としてインストールされた際にビルドスクリプトが正しく実行されるようになります。
• Dockerビルドプロセスの最適化: Dockerfile内の依存関係の剪定コマンドを npm ci --omit=dev から npm prune --omit=dev に変更しました。これは、prepare スクリプトが npm ci で実行される際に開発依存関係がないためにビルドが失敗する問題を回避するためです。

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/ci.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[claude]

Code Review

Overall: Looks good - This is a clean, well-motivated revert with a thorough explanation of the underlying npm/pacote bug.

Changes Review

All three changes are correct and consistent:

1. package.json: prepack → prepare - Correct fix. prepare reliably runs for git dependency installs, while prepack does not due to the pacote bug ([BUG] prepack is not called on installation of git packages npm/pacote#257).

2. Dockerfile: npm ci --omit=dev → npm prune --omit=dev - Correct. Since prepare runs during npm ci, it would fail without devDependencies (rimraf, tsc). npm prune removes devDeps without triggering lifecycle scripts, avoiding this chicken-and-egg problem.

3. ci.yml: Same npm ci --omit=dev → npm prune --omit=dev change, keeping CI consistent with the Dockerfile.

Observations

• The CI build step at line 307 explicitly runs rimraf and tsc from node_modules/.bin/ rather than relying on prepare, which is the right approach since CI needs --sourceMap --declaration flags and must support older Node versions without node --run.
• The prepare script will also run on npm install for local development, which is fine since devDependencies (rimraf, tsc) are available in that context.

Potential Concerns

Details

• prepare runs on every npm install: This means every contributor's npm install will trigger a build. This is standard practice for TypeScript packages and shouldn't be an issue, but it does add a few seconds to install time. This was the previous behavior before PR refactor(config): Replace prepare with prepack lifecycle script #1215 changed it.
• No lockfile concerns with npm prune: Unlike npm ci which reinstalls from the lockfile, npm prune only removes packages. Since the full npm ci already ran earlier in both the Dockerfile and CI workflow, the dependency tree is already correct - prune just strips devDeps from it. This is actually more efficient than re-running npm ci.

No bugs, security issues, or test coverage concerns. The change is minimal and reverts to a previously working configuration with a well-understood fix for the npm prune interaction.

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying repomix with    Cloudflare Pages

Latest commit:	37fa9f7
Status:	✅  Deploy successful!
Preview URL:	https://6a118e54.repomix.pages.dev
Branch Preview URL:	https://fix-prepack-to-prepare.repomix.pages.dev

View logs

[coderabbitai]

🧹 Nitpick comments (1)

Dockerfile (1)

14-18: Change is correct; consider removing redundant build step.

Using npm prune --omit=dev instead of npm ci --omit=dev is the right approach—it removes devDependencies without re-triggering lifecycle scripts that would fail without build tools.

However, with prepare: npm run build in package.json, npm ci on line 14 already triggers the build automatically. The explicit npm run build on line 15 is now redundant and adds to Docker build time.

♻️ Optional optimization to remove redundant build

 RUN npm ci \
-    && npm run build \
     && npm link \
     && npm prune --omit=dev \
     && npm cache clean --force

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 14 - 18, Remove the redundant explicit build step:
since package.json runs "prepare": "npm run build", the initial npm ci will
already run the build, so delete the standalone npm run build invocation in the
Dockerfile (the line calling npm run build) and keep npm ci, npm link, npm prune
--omit=dev, and npm cache clean --force as-is to avoid re-triggering lifecycle
scripts and reduce image build time.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Dockerfile`:
- Around line 14-18: Remove the redundant explicit build step: since
package.json runs "prepare": "npm run build", the initial npm ci will already
run the build, so delete the standalone npm run build invocation in the
Dockerfile (the line calling npm run build) and keep npm ci, npm link, npm prune
--omit=dev, and npm cache clean --force as-is to avoid re-triggering lifecycle
scripts and reduce image build time.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 55c0940b-6bfc-4576-aa6c-7924247ef9e6

📥 Commits

Reviewing files that changed from the base of the PR and between 356df2f and 71581c1.

📒 Files selected for processing (3)

• .github/workflows/ci.yml
• Dockerfile
• package.json

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.18%. Comparing base (356df2f) to head (37fa9f7).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1282   +/-   ##
=======================================
  Coverage   87.18%   87.18%           
=======================================
  Files         115      115           
  Lines        4324     4324           
  Branches     1002     1002           
=======================================
  Hits         3770     3770           
  Misses        554      554           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[claude]

Updated Review (post second commit)

My previous review still stands. The second commit (37fa9f7) correctly removes the redundant npm run build from the Dockerfile, addressing the suggestions from both @gemini-code-assist and @coderabbitai.

Bot Comment Evaluation

Bot	Suggestion	Status
gemini-code-assist	Remove redundant npm run build from Dockerfile since prepare runs during npm ci	Priority: Recommended — Valid suggestion, already addressed in commit 37fa9f7
coderabbitai	Same — remove redundant build step	Priority: Recommended — Valid suggestion, already addressed in commit 37fa9f7
devin-ai-integration	No issues found	Agreed

Final Assessment

Approve — All changes are correct. The PR cleanly reverts the problematic prepack change from #1215 and the npm ci --omit=dev from #1218, with the additional optimization of removing the now-redundant explicit build step in the Dockerfile.

🤖 Generated with Claude Code