fix(ENG-12333): downgrade nanoid to 3.3.11 to fix CJS compatibility#19
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
hiskudin
changed the title
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
hiskudin
changed the title
There was a problem hiding this comment.
Pull request overview
This PR restores CommonJS compatibility for the published dist/index.cjs bundle by downgrading nanoid to the last CJS-compatible major line (v3), avoiding ERR_REQUIRE_ESM crashes in CJS/Lambda environments.
Changes:
- Downgrade
nanoidfrom5.0.9(ESM-only) to3.3.11(CJS-compatible). - Update
package-lock.jsonto reflect the resolvednanoid@3.3.11package metadata.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Pins nanoid to 3.3.11 to ensure CJS require() compatibility for the CJS build. |
| package-lock.json | Regenerates lock entries to resolve nanoid@3.3.11 at the top level (and dedupe prior nested resolution). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — straightforward nanoid downgrade to restore CJS compatibility.
Extended reasoning...
Overview
This PR downgrades nanoid from 5.0.9 to 3.3.11 in package.json and package-lock.json. No source code is modified. The lockfile change also removes the duplicate postcss/node_modules/nanoid entry since the root dependency now matches what postcss needs.
Security risks
None. nanoid 3.3.11 is the latest in the v3 line and remains actively maintained. The downgrade is from ESM-only v5 back to the last CJS-compatible major, which is a well-understood compatibility fix.
Level of scrutiny
Minimal scrutiny needed — this is a two-file dependency version change with no logic modifications. The package exports CJS via dist/index.cjs and the PR description correctly identifies the ERR_REQUIRE_ESM issue that nanoid v4+ causes in CJS contexts.
Other factors
The change is self-contained and mechanical. The nanoid API surface used by this project (nanoid() for ID generation) is identical between v3 and v5, so no code changes are needed alongside the downgrade.
Summary
nanoidfrom5.0.9to3.3.11nanoidv4+ is ESM-only and cannot berequire()'d from a CJS bundle, causingERR_REQUIRE_ESMcrashes in production Lambda environmentsTest plan
dist/index.cjsno longer throwsERR_REQUIRE_ESMat startup🤖 Generated with Claude Code
Summary by cubic
Downgrade
nanoidto3.3.11to restore CommonJS compatibility and stopERR_REQUIRE_ESMcrashes in CJS/Lambda runtimes.nanoidv4+ is ESM-only and brokerequire()in our CJS build.Written for commit 4b070fd. Summary will update on new commits.