Skip to content

Move sharedtokens #2350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
HerrTopi merged 1 commit into from
Jan 21, 2026
Merged

Move sharedtokens #2350

HerrTopi merged 1 commit into from
Jan 21, 2026
+83 −42

Conversation

@HerrTopi
Copy link
Contributor

@HerrTopi HerrTopi commented Jan 12, 2026

This should re-arrange the internals of the themes, but keep the interface mostly intact.

sharedTokens should go the same level as primitives and semantics are, its type should be in the commonTypes

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2026
View reviewed changes
scripts/bootstrap.js

function bootstrap() {
execSync(path.resolve('scripts/clean.js'), opts)

Check warning

Code scanning / CodeQL

Shell command built from environment values

This shell command depends on an uncontrolled [absolute path](1).

Copilot Autofix

AI 20 days ago

In general, to fix this problem you should not embed dynamic paths or other environment-derived values directly into a shell command string. Instead, invoke the target program in a way that bypasses shell interpretation, by either (a) using execFileSync with a command and an array of arguments, or (b) using fork (for Node scripts). This ensures that paths containing spaces or special characters are passed as literal arguments, not parsed by the shell.

For this specific script, the problematic line is:

execSync(path.resolve('scripts/clean.js'), opts)

This runs a shell and asks it to execute whatever the resolved path string is, which is both unnecessary and brittle. The best fix that preserves existing functionality is to invoke the Node interpreter directly and pass the resolved script path as an argument, using execFileSync from child_process. We already import from child_process, so we can extend the destructuring to include execFileSync, and then change the call on line 68 to:

execFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts)

Here:

  • process.execPath is the absolute path to the Node executable running this script.
  • The Node script path is passed as a separate argument (in an array), so no shell is involved.
  • We continue to use the same opts ({ stdio: 'inherit' }) so output behavior stays the same.

No other behavior in buildProject or bootstrap changes, and no new external dependencies are required.

Suggested changeset 1
scripts/bootstrap.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/scripts/bootstrap.js b/scripts/bootstrap.js
--- a/scripts/bootstrap.js
+++ b/scripts/bootstrap.js
@@ -24,7 +24,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
  */
-const { execSync, fork } = require('child_process')
+const { execSync, execFileSync, fork } = require('child_process')
 const path = require('path')
 
 const opts = { stdio: 'inherit' }
@@ -65,7 +65,7 @@
 }
 
 function bootstrap() {
-  execSync(path.resolve('scripts/clean.js'), opts)
+  execFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts)
   buildProject()
 }
 
EOF
@@ -24,7 +24,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
const { execSync, fork } = require('child_process')
const { execSync, execFileSync, fork } = require('child_process')
const path = require('path')

const opts = { stdio: 'inherit' }
@@ -65,7 +65,7 @@
}

function bootstrap() {
execSync(path.resolve('scripts/clean.js'), opts)
execFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts)
buildProject()
}

Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions
Copy link

github-actions bot commented Jan 12, 2026
edited
Loading

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-01-21 15:15 UTC

@HerrTopi HerrTopi changed the base branch from master to v12 January 12, 2026 11:44
@HerrTopi HerrTopi self-assigned this Jan 12, 2026
@HerrTopi
build(ui-themes,ui-scripts,emotion): move SharedTokens to the upper-m…
11cb993 
…ost level of the themes and its type to the common theTypes

INSTUI-4887
@HerrTopi HerrTopi requested review from balzss and matyasf January 12, 2026 16:40
matyasf
matyasf approved these changes Jan 13, 2026
View reviewed changes
Copy link
Collaborator

@matyasf matyasf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I tested it with the components that use the shared tokens and found no issues

@HerrTopi HerrTopi merged commit fc57d6b into v12 Jan 21, 2026
8 of 9 checks passed
@HerrTopi HerrTopi deleted the move-sharedtokens branch January 21, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matyasf matyasf matyasf approved these changes

@balzss balzss balzss approved these changes

Assignees

@HerrTopi HerrTopi

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@HerrTopi @matyasf @balzss