Main v1.39.0

[Dargon789]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fnm	Ready	Preview, Comment	Mar 2, 2026 6:37am

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
🔚	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sourcery-ai]

Sorry @Dargon789, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces significant updates across the project, focusing on core dependency upgrades, refining command-line interface functionalities, and laying the groundwork for a new project website. Key changes include a new global Node.js version management option, more robust symlink operations, and a simplification of the installation process. These changes aim to improve the tool's reliability, maintainability, and user experience.

Highlights

• Major Rust Dependency Updates: Numerous Rust crates, including chrono, clap, duct, libc, os_pipe, shared_child, syn, tar, and thiserror, were upgraded to their latest versions, enhancing stability and performance.
• New Global Version Management for fnm env: The fnm env command now includes a --global option, allowing users to configure a single Node.js version to be used globally across all shell sessions, providing an alternative to the per-shell multishell solution.
• Robust Symlink Handling: A new two_phase_symlink mechanism was introduced to safely create and replace symlinks, preventing potential race conditions during Node.js version switching in fnm env and fnm use commands.
• Simplified fnm install Command: The install command has been streamlined by removing the --progress and --use flags, and its internal logic for executing hooks, enabling corepack, and tagging aliases has been removed, focusing its responsibility solely on installing Node.js versions.
• Enhanced Remote Version Listing: The fnm list-remote command now supports improved sorting and filtering of remote Node.js versions, and its internal error handling for remote listing has been simplified.
• New Project Website Infrastructure: A new site directory was added, setting up a Next.js application with associated configuration files, indicating the development of a new project website or documentation portal.
• Semver Crate Migration: The project migrated its internal version parsing and handling from the node_semver crate to the standard semver crate, improving consistency and reducing dependency complexity.

Changelog

• .changeset/fifty-emus-type.md
  • Added remote version sorting and filtering capabilities.
• .changeset/moody-fans-shake.md
  • Updated non-major Rust dependencies.
• .changeset/tame-bobcats-mate.md
  • Added support to install the latest Node.js version.
• .changeset/warm-rice-appear.md
  • Implemented support for fnm install --latest to install the latest Node.js version.
• .changeset/wet-donkeys-jump.md
  • Updated development dependencies.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/rust.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[Dargon789]

@Mergifyio update

[Dargon789]

@Mergifyio refresh

[mergify]

update

☑️ Nothing to do, the required conditions are not met

Details

• #commits-behind > 0 [📌 update requirement]
• -closed [📌 update requirement]
• -conflict [📌 update requirement]
• queue-position = -1 [📌 update requirement]

[mergify]

refresh

✅ Pull request refreshed

[gemini-code-assist]

Code Review

This pull request introduces dependency updates, refactoring, and new features, such as a new website and the --global flag for the env command. However, a medium-severity vulnerability was identified in the zip extraction logic, where file permissions from the archive are applied without respecting the system's umask, potentially leading to insecure file permissions in shared environments. Additionally, critical issues include the removal of version sorting in remote_node_index.rs which could affect "latest" version resolution, flawed logic for the --latest flag in ls-remote, and a significant feature regression due to the removal of SemverRange support.

I am having trouble creating individual review comments. Click here to see my feedback.

src/remote_node_index.rs (77-79)

The list function no longer sorts the returned versions. The previous implementation sorted the versions, which is crucial because the remote index.json is not guaranteed to be sorted. Other parts of the application, such as the install command's logic for the latest version, rely on this list being sorted to correctly identify the latest version. Without sorting, it might pick an incorrect version. Please reintroduce the sorting to prevent this bug.

    let mut value: Vec<IndexedNodeVersion> = resp.json()?;
    value.sort_by_key(|v| v.version.clone());
    Ok(value)

src/user_version.rs (5-9)

The SemverRange variant has been removed from the UserVersion enum. This removes support for specifying versions using semver ranges (e.g., ^14.0.0, ~12.2.1), which is a significant feature regression. Was this removal intentional? If not, it should be restored to maintain backward compatibility and feature parity. The semver crate provides VersionReq for this purpose, which could replace the node_semver::Range.

src/commands/ls_remote.rs (59-66)

The current logic for handling the --latest flag is incorrect. It sorts the versions in ascending order and then truncates the list to the first element, which results in returning the oldest matching version, not the latest. To fix this, you should sort the versions, then reverse the order if sorting descending, and only then truncate the list if --latest is specified.

        all_versions.sort_by_key(|v| v.version.clone());
        if let SortingMethod::Descending = self.sort {
            all_versions.reverse();
        }
        if self.latest {
            all_versions.truncate(1);
        }

docs/commands.md (431)

The help section for the help command is empty. It would be beneficial to include a brief description of what the command does, similar to the other commands in this document.

Print this message or the help of the given subcommand(s)

site/app/page.tsx (3-14)

The component uses inline styles. While this is acceptable for a very simple component, it's generally better to use CSS Modules or a CSS-in-JS library for styling in Next.js/React applications. This improves maintainability, allows for pseudo-classes and media queries, and avoids mixing styling concerns with component logic.

src/archive/tar.rs (43)

The dbg! macro is used here for debugging. It should be removed from the test code before merging to avoid polluting test output. This also applies to line 62.

src/archive/tar.rs (62)

The dbg! macro is used here for debugging. It should be removed from the test code before merging to avoid polluting test output.