fix(deps): add missing sharp dependencies

[kadams54]

Fixes #524

Summary by CodeRabbit

• Chores
  • Added two development dependencies (node-addon-api and node-gyp) to the project’s devDependencies to support native build tooling and development workflows; no other dependency versions, scripts, or public APIs were changed.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f22ef908-6c4e-4ba2-8224-9a3aa3da363b

📥 Commits

Reviewing files that changed from the base of the PR and between 635098b and 84cca1d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Two development dependencies, node-addon-api@^8.7.0 and node-gyp@^12.2.0, were added to devDependencies in package.json.

Changes

Dependency addition for native module build

Layer / File(s)	Summary
Dev Dependencies package.json	Added node-addon-api@^8.7.0 and node-gyp@^12.2.0 to devDependencies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 I nudged two deps into place with care,
node-addon-api and node-gyp in the air.
Sharp stopped sighing, the build took flight,
Hops of joy through morning light. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title mentions 'sharp dependencies' but the actual change adds node-addon-api and node-gyp, which are dependencies needed for sharp to build. The title is partially related but uses 'sharp' generically rather than clearly specifying it's about adding build tools.
Linked Issues check	✅ Passed	The PR adds both node-addon-api (^8.7.0) and node-gyp (^12.2.0) as devDependencies, directly addressing issue #524's requirement to add these packages to fix the npm install failure.
Out of Scope Changes check	✅ Passed	The changes are limited to adding the two specific devDependencies required by issue #524; no unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

package.json (1)

31-32: ⚡ Quick win

This fix may be insufficient when libvips is globally installed (e.g. via brew install vips) on Node 24.

When libvips is globally installed, sharp detects it and attempts to build from source instead of using prebuilt binaries. This build fails on Node.js 24 LTS with a C++ compilation error (NewOrCopy not found in Napi::Buffer) — an error that adding node-addon-api does not resolve. The workaround for that case is SHARP_IGNORE_GLOBAL_LIBVIPS=1 npm install, which forces the prebuilt binary download.

Consider documenting this environment-specific workaround in the README or .env.example, and/or adding it to an .npmrc:

sharp_ignore_global_libvips=true

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 31 - 32, The package.json change adding
node-addon-api/node-gyp doesn't address failures when libvips is globally
installed and sharp builds from source on Node 24; update docs and config to
document and enforce the workaround by (a) adding a note to README and
.env.example explaining to set SHARP_IGNORE_GLOBAL_LIBVIPS=1 before npm install
when brew/other global libvips is present, and (b) add an .npmrc entry
sharp_ignore_global_libvips=true to force use of prebuilt sharp binaries during
install; reference the package.json dependency names (node-addon-api, node-gyp)
and the env var SHARP_IGNORE_GLOBAL_LIBVIPS in the documentation so maintainers
know why this is needed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Around line 31-32: Update the root package.json devDependency "node-gyp" from
"^12.2.0" to "^12.3.0": locate the "node-gyp" entry in package.json and change
its version string to "^12.3.0", then run your package manager (npm/yarn/pnpm)
to refresh the lockfile and install updated devDependencies so the repo uses
node-gyp 12.3.0.

---

Nitpick comments:
In `@package.json`:
- Around line 31-32: The package.json change adding node-addon-api/node-gyp
doesn't address failures when libvips is globally installed and sharp builds
from source on Node 24; update docs and config to document and enforce the
workaround by (a) adding a note to README and .env.example explaining to set
SHARP_IGNORE_GLOBAL_LIBVIPS=1 before npm install when brew/other global libvips
is present, and (b) add an .npmrc entry sharp_ignore_global_libvips=true to
force use of prebuilt sharp binaries during install; reference the package.json
dependency names (node-addon-api, node-gyp) and the env var
SHARP_IGNORE_GLOBAL_LIBVIPS in the documentation so maintainers know why this is
needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b90b79f2-d9d4-4458-8030-1625b894d333

📥 Commits

Reviewing files that changed from the base of the PR and between cd68977 and 91d3fc2.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json