🛡️ Sentinel: Fix incorrect EOL status for old Node versions

[google-labs-jules]

Fix: Ensure old Node versions are correctly identified as EOL

The checkEOL function previously returned false (not EOL) for versions not present in the EOL_DATES map. This meant that very old, unsupported Node versions (e.g., 16, 14, 0.10) were incorrectly identified as supported.

This change:

1. Calculates the minimum major version tracked in EOL_DATES.
2. Updates checkEOL to return true for any version older than this minimum.
3. Adds tests to verify that versions like 16.0.0 and 0.10.0 are now correctly marked as EOL.

This is a security enhancement to prevent the library from giving a false sense of security on outdated runtimes.

---

PR created automatically by Jules for task 4188325528809582166 started by @srod

---

Summary by cubic

Fix EOL detection for very old Node versions. They are now correctly flagged as EOL to avoid false support.

• Bug Fixes
  • Treat majors below the minimum tracked in EOL_DATES as EOL in checkEOL.
  • Remove eolDate from NodeVersion; add tests for 12.0.0, 16.0.0, and 0.10.0 to verify behavior.

^{Written for commit 555d2f4. Summary will update on new commits.}

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Improved end-of-life detection for very old Node versions not explicitly listed in the system.

• Tests

  • Added test coverage for older Node version compatibility checks.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 555d2f4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces a MIN_TRACKED_MAJOR constant representing the minimum major version in EOL_DATES, augments the checkEOL function to classify any version below this threshold as EOL, and adds two test cases validating EOL detection for old Node versions.

Changes

Cohort / File(s)	Summary
Core EOL logic src/index.ts	Adds MIN_TRACKED_MAJOR constant; augments checkEOL with boundary check to mark versions below minimum tracked major as EOL
Test coverage src/index.test.ts	Adds two new test cases asserting isEOL returns true for Node versions 0.10.0 and 16.0.0

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• ⚡ Bolt: Optimize node version comparison #771: Modifies the same checkEOL logic in src/index.ts by adding MIN_TRACKED_MAJOR and treating older majors as EOL
• 🎨 Palette: Expose eolDate and improve JSDoc #790: Updates EOL logic in src/index.ts and related tests with EOL_DATES/eolDate and checkEOL/getVersion changes
• feat: add eolDate to NodeVersion #786: Refactors EOL computation in src/index.ts to expose eolDate and modifies boundary logic for older versions

Poem

🐰 Hop along the version line,
Where old Nodes fade just fine,
MIN_TRACKED guards the boundary true,
EOL calls for v0.10! 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: fixing incorrect EOL status for old Node versions, which aligns with the PR's core objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (e49eb38) to head (555d2f4).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #787   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           46        41    -5     
  Branches        16        14    -2     
=========================================
- Hits            46        41    -5     

Flag	Coverage Δ
unittests	100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[srod]

@greptile

[cubic-dev-ai]

No issues found across 2 files

[google-labs-jules]

@greptile

Acknowledged.

[greptile-apps]

Greptile Summary

Fixed a bug where old Node versions not in the EOL_DATES map (e.g., Node 0.10, 10, 12) were incorrectly reported as not EOL. The fix dynamically calculates the minimum tracked version and marks anything below it as EOL.

• Added MIN_TRACKED_MAJOR constant that computes the minimum version from EOL_DATES keys (currently 14)
• Updated checkEOL to return true for any version below the minimum tracked version
• Added test coverage for Node 16 (tracked in EOL_DATES) and Node 0.10 (below minimum)
• Security enhancement that prevents false sense of security on unsupported runtimes

Confidence Score: 5/5

• This PR is safe to merge - it's a straightforward bug fix with proper test coverage.
• The change is minimal, well-scoped, and logically correct. It adds a simple check that versions below the minimum tracked version are considered EOL. The implementation uses standard JavaScript methods and introduces no new dependencies or complexity. Test coverage verifies the new behavior.
• No files require special attention.

Important Files Changed

Filename	Overview
src/index.ts	Added MIN_TRACKED_MAJOR constant and updated checkEOL to return true for versions below minimum tracked. Logic is correct and well-implemented.
src/index.test.ts	Added two new tests for very old Node versions (16 and 0.10). Tests verify the new EOL behavior correctly.

Sequence Diagram

sequenceDiagram
    participant User
    participant getVersion
    participant checkEOL
    participant EOL_DATES

    User->>getVersion: Request version info
    getVersion->>checkEOL: Check if major version is EOL
    checkEOL->>checkEOL: Convert major to number
    alt majorNum < MIN_TRACKED_MAJOR (14)
        checkEOL-->>getVersion: return true (EOL)
    else majorNum >= MIN_TRACKED_MAJOR
        checkEOL->>EOL_DATES: Lookup EOL date
        alt EOL date exists
            checkEOL->>checkEOL: Compare current date vs EOL date
            checkEOL-->>getVersion: return date comparison result
        else No EOL date
            checkEOL-->>getVersion: return false (not EOL)
        end
    end
    getVersion-->>User: Return NodeVersion object with isEOL

Loading

[srod]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/index.test.ts (1)

303-313: Consider enhancing test coverage and determinism.

The tests verify the expected EOL behavior, but there are opportunities to improve:

1. Node 16 test doesn't exercise the new logic: Since Node 16 is present in EOL_DATES with EOL date "2023-09-11", this test validates the existing date-based check rather than the new MIN_TRACKED_MAJOR boundary logic.

2. Missing explicit time setup: Unlike other EOL tests (lines 284, 291, 316), these tests don't call vi.setSystemTime(), making them dependent on the current date being after 2023-09-11.

3. Missing coverage for untracked old versions: Consider adding a test for a version between 0 and 14 that's NOT in EOL_DATES (e.g., Node 12, 10, or 8) to specifically validate the new MIN_TRACKED_MAJOR logic.

🔎 Suggested improvements

 test("should return true for very old version (Node 16)", () => {
+    vi.setSystemTime(new Date("2026-01-01"));
     mockVersion.node = "16.0.0";
     const v = getVersion();
     expect(v.isEOL).toBe(true);
 });

+test("should return true for untracked old version (Node 12)", () => {
+    // Node 12 is not in EOL_DATES but is < MIN_TRACKED_MAJOR
+    mockVersion.node = "12.0.0";
+    const v = getVersion();
+    expect(v.isEOL).toBe(true);
+});
+
 test("should return true for very old version (Node 0.10)", () => {
+    vi.setSystemTime(new Date("2026-01-01"));
     mockVersion.node = "0.10.0";
     const v = getVersion();
     expect(v.isEOL).toBe(true);
 });

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e49eb38 and d19518c.

📒 Files selected for processing (2)

• src/index.test.ts
• src/index.ts

🧰 Additional context used

📓 Path-based instructions (4)

src/**/*.ts

📄 CodeRabbit inference engine (AGENTS.md)

Use TypeScript with strict type checking for all source files

Files:

• src/index.ts
• src/index.test.ts

src/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Configure linting and formatting with Biome: 4 spaces indentation, double quotes, no semicolons

Files:

• src/index.ts
• src/index.test.ts

src/index.ts

📄 CodeRabbit inference engine (AGENTS.md)

src/index.ts: Export main entry point from src/index.ts including getVersion function, isAtLeast method, isLTS property, and NodeVersion interface
Maintain EOL_DATES constant in src/index.ts mapping Node.js major versions to End of Life dates
Handle version string parsing with strict input validation and support for optional v prefixes

Files:

• src/index.ts

src/**/*.test.ts

📄 CodeRabbit inference engine (AGENTS.md)

src/**/*.test.ts: Co-locate test files with source files using the *.test.ts naming convention
Use vitest for all testing; tests should be co-located in src/ directory

Files:

• src/index.test.ts

🧠 Learnings (7)

📓 Common learnings

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/index.ts : Maintain EOL_DATES constant in src/index.ts mapping Node.js major versions to End of Life dates

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/index.ts : Maintain EOL_DATES constant in src/index.ts mapping Node.js major versions to End of Life dates

Applied to files:

• src/index.ts
• src/index.test.ts

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/index.ts : Handle version string parsing with strict input validation and support for optional v prefixes

Applied to files:

• src/index.ts

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/index.ts : Export main entry point from src/index.ts including getVersion function, isAtLeast method, isLTS property, and NodeVersion interface

Applied to files:

• src/index.ts
• src/index.test.ts

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/types.ts : Define all type interfaces in src/types.ts, including NodeVersion structure with major, minor, and methods

Applied to files:

• src/index.ts
• src/index.test.ts

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to src/**/*.test.ts : Use vitest for all testing; tests should be co-located in src/ directory

Applied to files:

• src/index.test.ts

📚 Learning: 2026-01-05T20:10:06.257Z

Learnt from: CR
Repo: srod/node-version PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-01-05T20:10:06.257Z
Learning: Applies to package.json : Ensure package.json specifies type: module for ESM-only distribution and engines: >=20.0.0 for Node.js support

Applied to files:

• src/index.test.ts

🧬 Code graph analysis (1)

src/index.test.ts (1)

src/index.ts (1)

• getVersion (56-126)

🔇 Additional comments (2)

src/index.ts (2)

24-27: LGTM! Clean solution for tracking the minimum EOL version.

The MIN_TRACKED_MAJOR constant correctly calculates the minimum major version tracked in EOL_DATES, establishing the boundary below which all versions are automatically considered EOL.

---

32-42: LGTM! Correctly implements fallback EOL logic for untracked versions.

The updated checkEOL function properly handles the case where very old versions (< MIN_TRACKED_MAJOR) are not present in the EOL_DATES map by treating them as EOL. The logic flows well:

1. Check if version is numerically valid and below the minimum tracked version → EOL
2. Otherwise, use the existing date-based EOL check

[google-labs-jules]

@coderabbitai review

This is a command for another bot (@coderabbitai), so I will ignore it.