feat: mime npm package

[BCsabaEngine]

Summary by CodeRabbit

Release Notes

• New Features

  • Updated to version 1.6.0, replacing mime-types with the mime npm package for improved MIME type handling.

• Documentation

  • Enhanced README.md with installation instructions and usage details for the svelteesp32 package.
  • Changelog updated to reflect new versioning and significant changes.

• Bug Fixes

  • Improved compatibility with web standards by changing the MIME type for JavaScript to text/javascript.

• Workflow Enhancements

  • Updated CI workflows to support multiple Node.js versions and improved organization of build steps.

[coderabbitai]

Walkthrough

This pull request encompasses several updates across multiple files, primarily focusing on the transition from the mime-types package to the mime package, along with updates to Node.js versions in CI workflows. The workflows have been enhanced to support multiple Node.js versions (22.x, 20.x, and 18.x), and the version number in package.json is incremented to 1.6.0. Additionally, the CHANGELOG.md is updated to reflect these changes, including a new version entry and details about the MIME type updates.

Changes

File	Change Summary
.github/workflows/ci-dev.yaml	Job name updated; Node.js version strategy added; multiple steps added for dependencies, format, and lint checks; build step renamed.
.github/workflows/ci-full.yaml	Job name updated; Node.js version strategy added; multiple steps added for dependencies, format, and lint checks; build step renamed; package job updated.
CHANGELOG.md	New version entry 1.6.0 added; replaced mime-types with mime npm package.
README.md	Updated to reflect changes in the svelteesp32 package, including MIME type updates and version history.
package.json	Version updated from 1.5.2 to 1.6.0; removed @types/mime-types; replaced mime-types with mime.
src/index.ts	Import statement updated from mime-types to mime; variable name changed for clarity.

Possibly related PRs

• feat: support PsychicHttp v2 #29: The changes in this PR involve updating the Node.js version in the GitHub Actions workflow files, which is directly related to the main PR's update of the Node.js version in the .github/workflows/ci-dev.yaml file.
• chore: update demo app deps #31: This PR also includes updates to the CHANGELOG.md and package.json files, which may not directly relate to the Node.js version changes but are part of the overall project maintenance that includes the CI configuration updates.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (1)

README.md (1)

15-16: Fix markdown style: Remove blank line in blockquote.

The documentation update clearly explains the package transition. However, there's a minor markdown style issue.

Apply this change:

-> Starting with version v1.6.0, mime npm package is used instead of mime-types (application/javascript -> text/javascript)
-
-> Starting with version v1.5.0, PsychicHttp v2 is also supported.
+> Starting with version v1.6.0, mime npm package is used instead of mime-types (application/javascript -> text/javascript)
+> Starting with version v1.5.0, PsychicHttp v2 is also supported.

🧰 Tools

🪛 Markdownlint (0.35.0)

16-16: null
Blank line inside blockquote

(MD028, no-blanks-blockquote)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 67be273 and 33f6819.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• .github/workflows/ci-dev.yaml (1 hunks)
• .github/workflows/ci-full.yaml (2 hunks)
• CHANGELOG.md (1 hunks)
• README.md (1 hunks)
• package.json (2 hunks)
• src/index.ts (4 hunks)

🧰 Additional context used

🪛 Markdownlint (0.35.0)

README.md

16-16: null
Blank line inside blockquote

(MD028, no-blanks-blockquote)

🔇 Additional comments (4)

.github/workflows/ci-full.yaml (1)

17-17: ⚠️ Potential issue

Critical: Reconsider Node.js 22.x for release pipeline

Using Node.js 22.x (unstable) in a release pipeline that publishes to NPM is risky:

1. Unstable versions may have breaking changes
2. Build artifacts might differ between stable and unstable versions
3. NPM publishing should use LTS versions for reliability

Recommend using the latest LTS version (20.x) for the release pipeline to ensure stable builds and deployments.

Also applies to: 50-50

package.json (1)

3-3: LGTM! Version bump and dependency changes look good.

The version bump to 1.6.0 follows semver correctly for a new feature. The transition from mime-types to mime package is properly reflected in the dependencies.

Also applies to: 73-73

src/index.ts (1)

7-7: LGTM! Clean transition to mime package with improved variable naming.

The changes correctly implement the new mime package's API while improving code clarity by:

• Using mime.getType() instead of lookup()
• Renaming the variable from mime to mimeType to avoid shadowing

Also applies to: 34-34, 59-59, 75-75

README.md (1)

Line range hint 73-73: Verify mime package version for security.

Let's check for any security advisories for the mime package version 4.0.4.

✅ Verification successful

Let me check the actual version of mime being used in the project.

---

The mime package version 4.0.4 is secure

The project uses mime ^4.0.4 which is not affected by any known security vulnerabilities. The only reported vulnerabilities were in versions < 1.4.1 and between 2.0.0 and 2.0.3, both related to ReDoS attacks. These were patched in versions 1.4.1 and 2.0.3 respectively. Version 4.0.4 is well beyond these vulnerable versions.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for security advisories for mime package
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "mime") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 856

---

Script:

#!/bin/bash
# Check for mime package version in package.json files
fd package.json --exec cat {} | jq 'if .dependencies.mime then .dependencies.mime else empty end, if .devDependencies.mime then .devDependencies.mime else empty end'

Length of output: 178

🧰 Tools

🪛 Markdownlint (0.35.0)

16-16: null
Blank line inside blockquote

(MD028, no-blanks-blockquote)

---

18-18: null
Blank line inside blockquote

(MD028, no-blanks-blockquote)

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (1)

.github/workflows/ci-dev.yaml (1)

24-31: Well-structured step separation with clear naming

Good practices observed:

• Using npm ci instead of npm install
• Separate steps for different checks
• Clear step naming

Consider adding continue-on-error: true to the format and lint checks if you want to collect all issues rather than failing fast:

      - name: Run Format Check
        continue-on-error: true
        run: npm run format:check

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 33f6819 and 8a828fc.

📒 Files selected for processing (2)

• .github/workflows/ci-dev.yaml (1 hunks)
• .github/workflows/ci-full.yaml (2 hunks)

🔇 Additional comments (4)

.github/workflows/ci-dev.yaml (3)

10-14: Matrix strategy improvement noted, but unstable Node.js version concerns remain

The addition of a matrix strategy to test across multiple Node.js versions is a good practice. However, as previously noted, Node.js 22.x is currently unstable.

Consider either:

1. Using only LTS versions: [20.x, 18.x]
2. Adding a comment explaining the intentional inclusion of 22.x for early compatibility testing

---

18-23: LGTM! Good use of caching and latest action version

The setup is well-configured with:

• Latest setup-node action version
• Proper matrix version reference
• NPM cache for improved performance

---

33-34: LGTM! Clear step naming

The build step is well-named for better workflow readability.

.github/workflows/ci-full.yaml (1)

10-34: Changes mirror ci-dev.yaml improvements

The changes maintain consistency with ci-dev.yaml, which is good practice. The same considerations about Node.js versions and step structure apply.