fix: change biome package to @biomejs/biome

[SoniaSandler]

Changes the biome package to @biomejs/biome

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates Biome linter and formatter to version 2.3.9 with new centralized configuration, consolidates ESLint rules, refactors authentication flow logic with explicit type checks and error handling, and introduces a restoreSessions() method to restore previously stored authentication sessions from secrets. Multiple files receive formatting and code style adjustments.

Changes

Cohort / File(s)	Summary
Tooling & Configuration biome.jsonc, eslint.config.mjs, package.json	New Biome configuration file with formatting, linting rules (noParameterAssign, useAsConstAssertion, useEnumInitializers, etc.), and JavaScript parser settings. Updated package.json dependency from biome ^0.3.3 to @biomejs/biome ^2.3.9. Consolidated ESLint TypeScript projects to single-line array and removed duplicate rules.
Authentication Flow Core src/auth-flows-helpers.ts, src/auth-flows.ts	Refactored device code flow with explicit Response type annotation and response.ok check before JSON parsing. Restructured error handling branches for slow_down, expired_token, and access_denied. Minor formatting adjustments to function signatures and loop structures.
Authentication Flow Tests src/auth-flows-helpers.spec.ts, src/auth-flows.spec.ts	Normalized object property keys from quoted strings to unquoted identifiers. Adjusted test formatting, whitespace, and assertion style without changing test logic or runtime behavior.
Session Management src/provider-session-manager.ts, src/provider-session-manager.spec.ts	Added new restoreSessions(): Promise<void> method to load stored authentication sessions from secrets. Enhanced removeSession() error handling and session recreation logic. Test formatting adjustments with no functional changes.
Other Files src/extension.spec.ts, src/github-scopes.ts	Formatting and indentation normalization in extension test scaffolding. Minor type annotation spacing adjustment in github-scopes index signature.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Areas requiring extra attention:

• Logic changes in auth-flows-helpers.ts: Verify explicit response.ok check preserves intended error handling behavior and doesn't mask network failures
• New restoreSessions() method in provider-session-manager.ts: Confirm secret storage integration and session reconstruction logic
• Error handling restructuring in auth-flows.ts: Ensure refactored device code flow branches execute with correct precedence
• Dependency upgrade: Verify Biome ^2.3.9 configuration compatibility and no breaking changes in linting rules

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change in the PR, which is updating the biome package dependency to @biomejs/biome across configuration and package files.
Description check	✅ Passed	The description is directly related to the primary change: updating the biome package to @biomejs/biome, which is evident in the package.json and biome.jsonc changes.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e9f6852 and 65958b5.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (11)

• biome.jsonc (1 hunks)
• eslint.config.mjs (1 hunks)
• package.json (1 hunks)
• src/auth-flows-helpers.spec.ts (4 hunks)
• src/auth-flows-helpers.ts (2 hunks)
• src/auth-flows.spec.ts (6 hunks)
• src/auth-flows.ts (4 hunks)
• src/extension.spec.ts (1 hunks)
• src/github-scopes.ts (1 hunks)
• src/provider-session-manager.spec.ts (5 hunks)
• src/provider-session-manager.ts (4 hunks)

🧰 Additional context used

🧬 Code graph analysis (5)

src/auth-flows-helpers.ts (2)

src/auth-flows.ts (2)

• IGitHubDeviceCodeResponse (28-34)
• sessionId (26-26)

src/config.ts (1)

• config (19-21)

src/auth-flows-helpers.spec.ts (1)

src/auth-flows-helpers.ts (1)

• waitForDeviceCodeAccessToken (25-100)

src/provider-session-manager.spec.ts (2)

src/auth-flows.ts (2)

• PATFlow (81-120)
• deviceFlow (37-78)

src/provider-session-manager.ts (1)

• AUTHENTICATION_SESSIONS_KEY (23-23)

src/auth-flows.spec.ts (2)

src/auth-flows.ts (3)

• sessionId (26-26)
• deviceFlow (37-78)
• PATFlow (81-120)

src/config.ts (1)

• config (19-21)

src/auth-flows.ts (2)

src/config.ts (1)

• config (19-21)

src/github-scopes.ts (1)

• GITHUB_SCOPES (19-32)

🪛 Gitleaks (8.30.0)

src/auth-flows-helpers.spec.ts

[high] 56-56: Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks.

(github-oauth)

🔇 Additional comments (20)

src/provider-session-manager.spec.ts (2)

22-38: Formatting changes look good.

These are consistent formatting adjustments aligned with the new Biome configuration. The test mock structure and behavior remain unchanged.

---

116-150: Test parameterization formatting is clean.

The test.each structure with destructured parameters is well-formatted and maintains the original test logic.

eslint.config.mjs (1)

43-43: LGTM - Simplified project configuration.

The TYPESCRIPT_PROJECTS array consolidation is a clean simplification. The single tsconfig.json reference is appropriate for this extension project.

src/github-scopes.ts (1)

19-32: Formatting improvements applied consistently.

The type signature spacing correction and inline array formatting align with the new Biome style configuration. The scope mappings are unchanged.

src/extension.spec.ts (1)

30-33: Formatting adjustments look good.

Consistent indentation applied to the mock object structure.

biome.jsonc (1)

1-45: Well-structured Biome configuration.

The configuration is comprehensive and appropriate:

• Line width of 120 provides reasonable flexibility
• Single quotes align with the ESLint configuration
• Disabling organizeImports in assist is correct since ESLint's simple-import-sort handles import ordering (avoiding conflicts)
• Style rules set to error enforce consistent code style

src/provider-session-manager.ts (3)

21-28: Formatting adjustments to imports and field initialization.

The import and onDidChangeSessions initialization formatting aligns with the new Biome style configuration.

---

46-72: Whitespace adjustments in createSession method.

Formatting-only changes to the method body. The authentication flow logic remains unchanged.

---

73-98: Formatting updates to getSessions and removeSession.

The method logic remains intact. The error handling for non-existent session IDs (line 85) and the session entry recreation when empty (lines 93-95) are correctly implemented.

src/auth-flows-helpers.spec.ts (3)

47-59: Formatting updates to test data objects.

The response examples are reformatted to single-line properties. Note: The static analysis warning about the OAuth token at line 56 is a false positive—this is example data from GitHub's official documentation used for testing response parsing, not a real credential.

---

61-71: Improved fetch mock setup formatting.

The mock Response structure is well-formatted and correctly includes both ok: true and the json mock function to match the real fetch API behavior.

---

87-95: Assertion formatting looks good.

The expected session object formatting is consistent with the project's new style guidelines.

src/auth-flows-helpers.ts (3)

25-29: LGTM!

The multi-line function signature improves readability. The parameter types and return type are clear and properly annotated.

---

43-58: Good defensive addition with explicit Response typing and ok check.

The explicit Response type annotation improves type safety, and the response.ok check properly guards against non-2xx responses before attempting to parse JSON. This prevents potential JSON parsing errors on error responses.

---

66-81: Clearer separation of OAuth error handling branches.

The distinct if blocks for slow_down, expired_token, and access_denied improve readability compared to a chained structure. The behavior is preserved while making each error condition more explicit and easier to modify independently.

src/auth-flows.spec.ts (2)

52-58: Formatting-only changes; tests remain functionally equivalent.

The object property keys are now unquoted (valid JavaScript identifiers), and whitespace is normalized. No changes to test logic or assertions.

---

126-148: LGTM!

Multi-line formatting for the prompt string and assertion objects improves readability without affecting test behavior.

src/auth-flows.ts (3)

28-34: LGTM!

Interface property formatting normalized. The type definitions remain correct and clear.

---

39-48: LGTM!

Multi-line formatting for URI construction and fetch options improves readability while preserving the device code flow functionality.

---

100-102: Clearer scope expansion logic with multi-line chaining.

The optional chaining and flatMap transformation are now easier to follow. The logic correctly expands scopes using GITHUB_SCOPES while preserving the original scope in the result.

[jeffmaury]

LGTM

No issue related ?

[SoniaSandler]

@jeffmaury no, I found it out through the GitHub security alerts and immediately went to change it