Chore(deps): Bump the npm-minor-patch group across 1 directory with 14 updates

[dependabot]

Bumps the npm-minor-patch group with 14 updates in the / directory:

Package	From	To
@tanstack/react-query	5.100.10	5.100.14
@tanstack/react-query-devtools	5.100.10	5.100.14
@tanstack/react-router	1.170.4	1.170.8
@tanstack/router-core	1.171.2	1.171.6
date-fns	4.2.1	4.3.0
fallow	2.75.0	2.80.0
@tanstack/router-plugin	1.168.6	1.168.11
@types/node	25.9.0	25.9.1
@types/react	19.2.14	19.2.15
@vitest/coverage-v8	4.1.6	4.1.7
@vitest/ui	4.1.6	4.1.7
rolldown	1.0.1	1.0.2
vite	8.0.13	8.0.14
vitest	4.1.6	4.1.7

Updates @tanstack/react-query from 5.100.10 to 5.100.14

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-devtools@​5.100.14

@​tanstack/react-query-next-experimental@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14

@​tanstack/react-query-persist-client@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-persist-client-core@​5.100.14

@​tanstack/react-query@​5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

@​tanstack/react-query-devtools@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-next-experimental@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-persist-client@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query@​5.100.13

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

• Updated dependencies [d423168]:
  • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.11

Commits

• See full diff in compare view

Updates @tanstack/react-query-devtools from 5.100.10 to 5.100.14

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-devtools@​5.100.14

@​tanstack/react-query-devtools@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-devtools@​5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.12
  • @​tanstack/react-query@​5.100.12

@​tanstack/react-query-devtools@​5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.11
  • @​tanstack/react-query@​5.100.11

Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-devtools@​5.100.14

5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.13
  • @​tanstack/react-query@​5.100.13

5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.12
  • @​tanstack/react-query@​5.100.12

5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.11
  • @​tanstack/react-query@​5.100.11

Commits

• See full diff in compare view

Updates @tanstack/react-router from 1.170.4 to 1.170.8

Release notes

Sourced from @​tanstack/react-router's releases.

@​tanstack/react-router@​1.170.8

Patch Changes

• Add support for Rsbuild client output formats, including module output by default and IIFE output for classic script environments. (#7477)

  Client entry scripts and preloads are now represented as root route manifest assets, script preloads follow the manifest script format, and script asset cross-origin configuration uses the script key. The transformAssets script callback context now exposes only kind: 'script' and url, keeping script format handling internal to manifest rendering.

• Updated dependencies [51a97a1]:

  • @​tanstack/router-core@​1.171.6

@​tanstack/react-router@​1.170.7

Patch Changes

• Updated dependencies [5268ba4]:
  • @​tanstack/router-core@​1.171.5

Changelog

Sourced from @​tanstack/react-router's changelog.

1.170.8

Patch Changes

• Add support for Rsbuild client output formats, including module output by default and IIFE output for classic script environments. (#7477)

  Client entry scripts and preloads are now represented as root route manifest assets, script preloads follow the manifest script format, and script asset cross-origin configuration uses the script key. The transformAssets script callback context now exposes only kind: 'script' and url, keeping script format handling internal to manifest rendering.

• Updated dependencies [51a97a1]:

  • @​tanstack/router-core@​1.171.6

1.170.7

Patch Changes

• Updated dependencies [5268ba4]:
  • @​tanstack/router-core@​1.171.5

1.170.6

Patch Changes

• Fix hash navigation being overridden by stale scroll restoration entries. (#7447)

• Updated dependencies [0300f87, 0300f87]:

  • @​tanstack/router-core@​1.171.4

1.170.5

Patch Changes

• Updated dependencies [5fa9e55]:
  • @​tanstack/router-core@​1.171.3

Commits

• 658c224 ci: Version Packages (#7478)
• 51a97a1 feat(start): support rsbuild iife client output (#7477)
• b47b338 ci: Version Packages (#7467)
• 35a7d9c ci: Version Packages (#7452)
• 0300f87 fix: fix scroll restoration issues (#7447)
• 254cb88 ci: Version Packages (#7435)
• 9f6258f chore: update zod to v4.4.3 (#7441)
• 5fa9e55 feat: deferred hydration (#7362)
• See full diff in compare view

Updates @tanstack/router-core from 1.171.2 to 1.171.6

Release notes

Sourced from @​tanstack/router-core's releases.

@​tanstack/router-core@​1.171.6

Patch Changes

• Add support for Rsbuild client output formats, including module output by default and IIFE output for classic script environments. (#7477)

  Client entry scripts and preloads are now represented as root route manifest assets, script preloads follow the manifest script format, and script asset cross-origin configuration uses the script key. The transformAssets script callback context now exposes only kind: 'script' and url, keeping script format handling internal to manifest rendering.

@​tanstack/router-core@​1.171.5

Patch Changes

• Fix hash scrolling with resetScroll={false} (#7464)

Changelog

Sourced from @​tanstack/router-core's changelog.

1.171.6

Patch Changes

• Add support for Rsbuild client output formats, including module output by default and IIFE output for classic script environments. (#7477)

  Client entry scripts and preloads are now represented as root route manifest assets, script preloads follow the manifest script format, and script asset cross-origin configuration uses the script key. The transformAssets script callback context now exposes only kind: 'script' and url, keeping script format handling internal to manifest rendering.

1.171.5

Patch Changes

• Fix hash scrolling with resetScroll={false} (#7464)

1.171.4

Patch Changes

• Fix hash navigation being overridden by stale scroll restoration entries. (#7447)

• Preserve carried scroll positions across SPA navigations that create new restoration keys. (#7447)

1.171.3

Patch Changes

• Add deferred Hydrate boundary support for TanStack Start. (#7362)

  Hydrate boundaries can now be code-split by the Start compiler, preload their generated client chunks, preserve server-rendered fallback HTML, and replay interaction-triggered events after hydration. The compiler integration now uses a Start-owned compiler plugin for Hydrate virtual modules across Vite and Rsbuild, with dev invalidation for generated virtual modules.

  Shared AST utilities used by the router code-splitter and Hydrate virtual modules were moved into @tanstack/router-utils so both pipelines can retain referenced top-level declarations, unwrap local exports, and let dead-code elimination remove unused route module code.

Commits

• 658c224 ci: Version Packages (#7478)
• 51a97a1 feat(start): support rsbuild iife client output (#7477)
• b47b338 ci: Version Packages (#7467)
• 5268ba4 fix: Fix hash scrolling with resetScroll={false} (#7464)
• 35a7d9c ci: Version Packages (#7452)
• 0300f87 fix: fix scroll restoration issues (#7447)
• d024a54 perf: optimize and test rewrite (#7448)
• 254cb88 ci: Version Packages (#7435)
• 5fa9e55 feat: deferred hydration (#7362)
• See full diff in compare view

Updates date-fns from 4.2.1 to 4.3.0

Release notes

Sourced from date-fns's releases.

v4.3.0

Kudos to @​ImRodry and @​puneetdixit200 for their contributions.

Fixed

• Fixed missing modularized optimization fallback (for Next.js and others). See #4193.

• Fixed pt locale first day of week to be Sunday. See #4195 by @​ImRodry.

• Fixed zh-CN, zh-HK, and zh-TW locale month parsing for October, November, and December. See #4194 by @​puneetdixit200.

Commits

• f95bcf1 (docs): Add missing tsx dependency
• baaca11 Add //pkgs/core:release/docs task
• 8aa0373 Update docs website secrets location in scripts
• c7ad6eb Promote to v4.3.0
• da8c548 Add change log entry for Chinese locale fix (#4194)
• f8d8fa8 Split Chinese locale tests (#4194)
• b9c5865 Fix Chinese locale month parsing (#4194)
• 39d1e14 Add pt fix change log entry (#4195)
• f3f1963 Fix pt locale first day of week to be Sunday (#4195)
• cd6ebda Add basic AGENTS.md
• Additional commits viewable in compare view

Updates fallow from 2.75.0 to 2.80.0

Release notes

Sourced from fallow's releases.

v2.80.0: optional review guidance, summary scope, Fumadocs plugin

Highlights

This release adds optional inline review guidance and a diff-scoped sticky summary mode for CI integrations, ships a built-in Fumadocs plugin, and lands a batch of false-positive fixes for Wrangler precedence, TanStack Start virtual modules, MDX code fences, Node script runners, Bun's bare runtime module, prebuild package maps, and React Router type imports.

Added

• Inline review comments can include optional rule guidance. Set FALLOW_REVIEW_GUIDANCE=true (or GitHub Action review-guidance: true) to append collapsed "What to do" blocks to review-github and review-gitlab comments using the existing rule guides from fallow explain. Default stays off. fallow/unused-type review comments also pick up the same one-line export-stripping suggestions as unused-export. Thanks @​OmerGronich for the request. (Closes #659)

• Sticky PR/MR summary comments can scope project-level findings to the diff. Set FALLOW_SUMMARY_SCOPE=diff (or GitHub Action summary-scope: diff) to apply the diff filter to dependency, catalog, and override findings in pr-comment-github and pr-comment-gitlab. The default all preserves the existing behavior where sticky summaries include those findings even when their fixed package.json or workspace-manifest anchor line is outside the diff. Inline review comments are unaffected. Thanks @​OmerGronich for the request. (Closes #661)

Fixed

• Fumadocs MDX projects no longer report configured docs content as unused. A built-in Fumadocs plugin activates from fumadocs-mdx, fumadocs-core, fumadocs-ui, or source.config.*, keeps source.config.* and .source/**/*.{ts,tsx,js,jsx,...} reachable, suppresses fumadocs-mdx:* virtual imports, credits packages imported by the source config, and extracts literal dir values from defineCollections, defineDocs, and direct defineConfig({ collections }) entries as MDX content roots. (Closes #633)

• Wrangler config precedence now matches Wrangler's selected config file. Projects with multiple sibling wrangler.* config files previously credited every main value as an entry, so stale migration leftovers (e.g. wrangler.toml) could keep dead worker files alive. Fallow now only reads main from the highest-precedence sibling: wrangler.json, then wrangler.jsonc, then wrangler.toml. All sibling configs themselves remain credited as used. (Closes #630)

• TanStack Start :v virtual modules no longer surface as unlisted dependencies. Imports such as tanstack-start-manifest:v and tanstack-start-injected-head-scripts:v are now recognized as plugin-registered framework virtual modules, and skipped from unlisted-dependency and unresolved-import reporting when the TanStack plugin is active. (Closes #636)

• Node package-script and forked runner entrypoints no longer report as unused. Package scripts such as node scripts/process-messages resolve extensionless directory paths to their index.* files, and statically resolvable local child_process.fork() targets from proven node:child_process imports are credited as dynamic entrypoints, including the fork(path.resolve(fileURLToPath(import.meta.url), '../runner.js')) shape. (Closes #638)

• MDX documentation code fences no longer create unresolved imports. Fenced TypeScript examples in .mdx files were previously extracted like executable top-level statements, so docs snippets with virtual // file: boundaries reported false unresolved-import findings. Fenced code blocks are now skipped during MDX import/export extraction, while real top-level imports continue through the parser path. (Closes #639)

• Workspace and self package imports that point at missing prebuild output now resolve back to source. Packages such as Nitro and Redux Toolkit could previously report false unresolved-imports, unlisted-dependencies, unused-dependencies, and unused-files when package.json imports or exports selected dist targets before a build had run. Fallow now uses the nearest package manifest for #... imports and known root/workspace package manifests for self or workspace specifiers, maps project-relative output targets back to tracked src candidates, and preserves dependency usage metadata when those imports resolve to internal source files. (Closes #641)

• Bun's bare bun runtime module is no longer reported as an unlisted dependency. import { SQL } from "bun" and type-only imports from "bun" are recognized as a Bun runtime builtin, alongside the existing bun:* builtin recognition. Real packages such as bun-types, @types/bun, bunyan, and bun/* subpaths remain normal dependencies. (Closes #642)

• React Router v7 and Remix generated ./+types/* route modules no longer surface as unresolved imports. Route modules using import type { Route } from "./+types/root" previously reported false-positive findings because those files are generated by the framework's typegen step and are often gitignored. The React Router and Remix plugins now declare ./+types/ as a generated type-import prefix; the suppression is plugin-gated and type-only, so runtime imports under the same prefix still report. (Closes #645)

• Windows CI is green again. The Fumadocs integration test now normalizes path separators before asserting on unused_files, restoring the Windows leg of ci.yml. No user-visible behavior change.

Full Changelog: fallow-rs/fallow@v2.79.0...v2.80.0

v2.78.1: npm postinstall no longer hits GitHub rate limits

Patch release

Fixed

• npm install fallow postinstall no longer fails on shared-IP CI runners with digest-unavailable. The postinstall verifier previously fetched each platform binary's expected SHA-256 from the unauthenticated GitHub release API. Pooled CI IPs (Buildkite, GitHub Actions shared runners, internal build clusters) routinely exceeded GitHub's 60 req/hr unauthenticated limit, and pnpm install --frozen-lockfile aborted with fallow: binary verification failed ... (digest-unavailable): GitHub release API returned HTTP 403: API rate limit exceeded. The release workflow's npm-prep job now computes the SHA-256 of every binary inside each @fallow-cli/<platform> package and writes it into the platform package's package.json under fallowDigests. verify-binary.js reads that embedded value first and only falls back to the GitHub API for older platform packages that lack the field, so steady-state installs perform zero network calls during digest verification. The Ed25519 signature layer and the FALLOW_SKIP_BINARY_VERIFY escape hatch are unchanged. (Closes #597. Thanks @​drgnkpr for the report.)

• Windows clippy on main is green again. Replaced an unfulfilled #[expect(dead_code)] annotation on ScopedChild::id with #[allow]. The function is pub inside a pub mod, so rustc never flags it as dead under -D warnings, and the previous expect annotation broke ci.yml's Windows leg. No user-visible behavior change.

Upgrade

npm install -g fallow@2.78.1

Full Changelog: fallow-rs/fallow@v2.78.0...v2.78.1

... (truncated)

Changelog

Sourced from fallow's changelog.

[2.80.0] - 2026-05-24

Added

• Inline review comments can include optional rule guidance. Set FALLOW_REVIEW_GUIDANCE=true (or GitHub Action review-guidance: true) to append collapsed "What to do" blocks to review-github / review-gitlab comments using the existing rule guides from fallow explain. The default remains off so existing review bodies stay stable. fallow/unused-type review comments now also get the same safe one-line export-stripping suggestions as unused-export when the source line is directly fixable. (Closes #659.)

• Sticky PR/MR summary comments can scope project-level dependency findings to the diff. Set FALLOW_SUMMARY_SCOPE=diff (or GitHub Action summary-scope: diff) to apply the diff filter to dependency/catalog/override findings in pr-comment-github and pr-comment-gitlab. The default all preserves the existing behavior where sticky summaries include those project-level findings even when their fixed package.json or workspace-manifest anchor line is outside the diff. Inline review comments are unaffected. (Closes #661.)

Fixed

• Fumadocs MDX projects no longer report configured docs content as unused. Before, projects that load Markdown and MDX through source.config.*, generated .source modules, and fumadocs-mdx:* virtual imports could surface source.config.ts, generated source modules, and configured docs pages as unused-file or report generated virtual imports as dependency noise. After, a built-in Fumadocs plugin activates from fumadocs-mdx, fumadocs-core, fumadocs-ui, or source.config.*; keeps source.config.* and .source/**/*.{ts,tsx,js,jsx,mts,mjs,cts,cjs} reachable; traverses the hidden .source directory; suppresses fumadocs-mdx:* virtual imports; credits packages imported by the source config; and extracts literal dir values from defineCollections, defineDocs, and direct defineConfig({ collections }) object entries as Markdown/MDX/JSON/YAML content roots. The plugin deliberately avoids a blanket content/** fallback so unrelated orphan content still reports. (Closes #633.)

• Wrangler config precedence now matches Wrangler's selected config file. Before, projects with multiple sibling wrangler.* config files could have every main value credited as an entry point, so stale migration leftovers such as wrangler.toml could keep dead worker files alive even when Wrangler would run wrangler.json or wrangler.jsonc instead. After, fallow keeps all sibling Wrangler config files themselves used, but only reads main entries from the highest-precedence sibling selected by Wrangler's current order: wrangler.json, then wrangler.jsonc, then wrangler.toml. (Closes #630.)

• MDX documentation code fences no longer create unresolved imports. Before, import and export lines inside fenced TypeScript examples in .mdx files were extracted like executable top-level MDX statements, so docs snippets with virtual // file: boundaries could report false unresolved-import findings. After, fenced Markdown code blocks are skipped during MDX import/export extraction, while real top-level MDX imports continue to be analyzed. The extraction cache version is bumped so warm .mdx entries are re-extracted on upgrade. (Closes #639.)

• Bun's bare bun runtime module is no longer reported as an unlisted dependency. Before, fallow recognized bun:* specifiers such as bun:sqlite as Bun platform builtins, but still treated import { SQL } from "bun" and type-only imports from "bun" as an npm package named bun that had to be listed in package.json. After, the exact bare bun specifier is recognized as a Bun runtime builtin, while real packages such as bun-types, @types/bun, bunyan, and bun/* subpaths remain normal dependencies. (Closes #642.)

• TanStack Start :v virtual modules no longer surface as unlisted dependencies. Before, imports such as tanstack-start-manifest:v and tanstack-start-injected-head-scripts:v were treated as package names in TanStack Start projects. After, the TanStack Router / Start plugin registers those colon-prefixed runtime modules as framework virtual modules, so they are skipped by unlisted-dependency and unresolved-import reporting only when the TanStack plugin is active. Thanks @​BartWaardenburg for the report. (Closes #636.)

• Node package-script and forked runner entrypoints no longer report as unused. Package scripts such as node scripts/process-messages now resolve extensionless directory paths to scripts/process-messages/index.* after exact-file and source-extension probing. Statically resolvable local child_process.fork() targets from proven node:child_process / child_process imports or requires are also credited as dynamic entrypoints, including the const runner = path.resolve(filename, "../runner.js"); fork(runner) shape where filename comes from fileURLToPath(import.meta.url). The extractor cache version is bumped so warm caches re-extract files with forked runner targets. (Closes #638.)

• Windows CI is green again. The Fumadocs integration test now normalizes \\ to / on the unused_files paths it asserts against, restoring the Windows leg of ci.yml. No user-visible behavior change.

[2.79.0] - 2026-05-22

Added

• Ember.js / Glimmer / Embroider plugin. New built-in plugin activates on ember-source, ember-cli, @embroider/core, @embroider/compat, or @glimmer/component. Whitelists the build- / CLI- / runtime-resolved tooling that no source file imports (ember-source itself, ember-cli, ember-cli-htmlbars, etc.) so those packages do not surface as unused-dependency. Packages that a modern Ember app imports directly (@glimmer/component, @glimmer/tracking, etc.) are deliberately omitted; the normal import graph credits them, and listing them in the tooling allowlist would mask real removals when a user drops the dependency. Declares scoped used-class-member rules for Component, Route, Controller, Service, Helper, Modifier, Application, and Router so framework-invoked lifecycle methods (model, setupController, etc.) are not flagged as unused on subclasses. Declares the specific @ember/* paths that ember-source exposes through the AMD loader (classic) and the Embroider rewriter (@ember/application, @ember/array, etc.) as virtual-module prefixes so they no longer surface as unresolved-import or unlisted-dependency. The list is deliberately enumerated rather than a blanket @ember/ because parts of the @ember/* namespace are real npm packages users install explicitly (@ember/test-helpers, @ember/render-modifiers, etc.); a blanket prefix would mask legitimate missing-dep bugs when one of those is removed from package.json. The source of truth for the enumeration is ember-source's package.json#exports field. Because matching is prefix-based, new subpaths under existing roots (e.g. future @ember/object/... additions) are covered automatically. Known gaps: bare import Ember from 'ember' and v1 addon subpaths like ember-in-viewport/modifiers/in-viewport still need ignoreDependencies or an inline suppression until addon-shape resolution is added (not planned). Exposes Ember's classic-layout filesystem conventions (app/components/**, app/routes/**, app/services/**, tests/**/*-test.{js,ts,gjs,gts}, config/, ember-cli-build.js, testem.js) as entry-point globs since the Ember resolver loads those modules by convention rather than via static import. Scoped to strict-mode Ember apps and v2 addons: classic v1 addon layouts (addon/, addon-test-support/) are intentionally out of scope because they predate strict-mode .gts / .gjs and gain nothing from the plugin's value-adds; v1-addon maintainers can declare those paths via entry in their fallow config. .gts / .gjs single-file components were already parseable thanks to the existing \<template>-stripping helper; tracking imports referenced only inside \<template> blocks (and inside co-located .hbs templates) is intentionally deferred, which will extend the same scaffolding with sfc_template-style scanning. Thanks @​mike-engel for the plugin (PR #369).
• Glimmer \<template> blocks credit imported-binding usage in .gts / .gjs. Imports referenced only inside a \<template>...</template> block are no longer flagged as unused-import: PascalCase tag invocation (<HelloWorld />), mustache helper ({{capitalize x}}), triple-stash helper ({{{formatHtml body}}}), sub-expression helper ({{if (and a b) "y" "n"}}), element modifier ({{on "click" handle}}), and dotted reference ({{utils.formatDate value}}) are all credited. Handlebars/Glimmer built-in keywords (if, unless, each, let, yield, etc.), this.* chains, @arg references, and named-argument keys are never resolved as imports. Block-parameter introductions (as |item index|) are accumulated as template-scope locals so they shadow same-named imports. Co-located .hbs templates remain a known limitation: imports referenced only inside a sibling .hbs file still surface as unused on the sibling .js/.ts; the plugin's entry_patterns keep the JS sibling reachable as a file, and migrating to .gts removes the limitation entirely. The extraction cache (CACHE_VERSION bumped to 95) invalidates automatically on upgrade so warm .gts / .gjs entries are re-extracted with template-visible import usage.

Fixed

• React Router v7 and Remix generated ./+types/* route modules no longer surface as unresolved imports when the generated files are absent from a clean checkout. Before, route modules using import type { Route } from "./+types/root" reported false-positive unresolved-import findings because those modules are produced by the framework's typegen step and are often gitignored. After, the React Router and Remix plugins declare ./+types/ as a generated type-import prefix. The suppression is plugin-gated and type-only, so runtime imports under the same prefix still report normally. (Closes #645.)

• JSX resource attributes no longer report as unresolved imports. Before, generic TSX metadata such as <link rel="stylesheet" href="style-a.css" />, <link rel="modulepreload" href="/vendor.js" />, and <script src="./script-a.js" /> emitted synthetic side-effect imports, so serializer tests in projects like Hono produced large false unresolved-imports clusters for runtime HTML literals. After, generic JSX resource attributes are ignored by default, while HTML files and bare html tagged-template asset scanning keep their existing graph edges. The extraction cache version is bumped so warm caches drop stale JSX resource edges. (Closes #640.)

• Combined human summaries are less repetitive, and fallow explain accepts issue labels with spaces. Before, fallow --summary in human mode could print both a section header and the summary renderer's own title for the same analysis, and combined runs could repeat the loaded config: notice once per analysis phase. After, combined summary sections keep their high-level headers without duplicating titles, config-load notices are deduped per config file, and fallow explain unused files / fallow explain code duplication work the same as the existing hyphenated spellings.

• Public class members exposed through non-private package entry points are no longer reported as removable internals. Library-style packages that re-export builder or database classes from package.json entry points (main, root exports, or subpath exports) previously reported every uncalled public method as unused-class-member, even though those methods are part of the consumer API. find_unused_members now treats classes reached from an actual non-private package entry point re-export, from the transitive export * closure rooted at one, or from src/**/index.* source subpath indexes in packages with no exports map as public API and skips class member findings for those exports. The skip is limited to class methods/properties, so enum member behavior, private app packages, and internal reachable classes are unchanged. Covers renamed re-exports, default-as-named re-exports, source-first root index.js fallbacks, package subpath exports, exportless source subpath indexes, and multi-hop star barrels. (Closes #643.)

• Workspace and self package imports that point at missing prebuild output now resolve back to source. Before, packages such as Nitro and Redux Toolkit could report false unresolved-imports, unlisted-dependencies, unused-dependencies, and unused-files when package.json imports or exports selected dist targets before a build had run. After, fallow uses the nearest package manifest for #... imports and known root/workspace package manifests for self or workspace package specifiers, maps project-relative output targets back to tracked src candidates, and preserves dependency usage metadata when those package imports resolve to internal source files. Unmatched hash aliases, missing source targets, undeclared workspace imports, and unrelated unused files still report. (Closes #641.)

• Cloudflare Workers, Content Collections, and Node module.register() loaders no longer surface as false positives. Three convention-driven shapes were previously reported as unused-file / unused-export because fallow had no static way to follow them. After: (1) Cloudflare Workers projects with "main": "src/worker.tsx" (or any env.<name>.main override) in wrangler.{toml,json,jsonc} keep that worker entry alive; the static glob also widens to src/{index,worker}.{ts,tsx,js,jsx,mts,mjs} so JSX worker entries from rwsdk, React Router worker, and Hono on Workers stay reachable without reading the config. (2) Content Collections projects (@content-collections/{core,vite,next,solid-start,remix-vite,qwik,vinxi}) keep their root content-collections.{ts,tsx,js,jsx,mts,mjs,cts,cjs} config alive, and the @content-collections/* packages stay credited as tooling deps. The plugin activates when any framework integration is a direct dep, so the common case of installing only @content-collections/vite (with core arriving transitively) still works. (3) Node module.register('./hooks/loader.ts', import.meta.url) calls (or the register(url) form where url is bound to new URL('./loader.ts', import.meta.url), including the conditional condition ? srcUrl : distUrl shape) now credit the loader file's hook exports: the current initialize / resolve / load / globalPreload set plus the legacy getFormat / getSource / transformSource for projects still on older Node. The extraction cache version is bumped, so users on warm caches will see a one-time re-extract on first run after upgrading. Thanks @​M-Hassan-Raza for the patch. (Closes #588, #589, #590.)

• Playwright extend() fixture helpers are credited as used class members. Before, helper classes referenced only as Playwright fixtures (test.extend({ helper: async ({}, use) => use(new MyHelper(page)) })) had every public method reported as unused-class-member because the visitor only tracked direct call expressions, not the property-access shape that fixture consumers use (await helper.click('button')). After, the AST visitor's class-member usage tracker credits identifier references to fixture-bound helper classes the same way it credits direct invocations, so Playwright Page Object Model patterns no longer surface false-positive removable-internal findings.

• HTML asset scanner skips build-time template-placeholder specifiers. <script src="{{rootURL}}assets/app.js"> (Ember's app/index.html), <script src="###APPNAME###/..."> (ember-cli blueprint scaffolds), and the equivalent shapes from any other framework that embeds Handlebars / Mustache / Jinja2 / pre-compiled Vue or Angular template syntax inside checked-in HTML are filtered at extraction time instead of being seeded as unresolvable specifiers that surface as unresolved-import. {{ and ### are never valid characters in a real <script src> / <link href> path, so the filter is generic across template engines rather than gated on a plugin. Applies to <script src>, <link rel="stylesheet" href>, and <link rel="modulepreload" href>.

[2.78.1] - 2026-05-22

... (truncated)

Commits

• 017658e chore: release v2.80.0
• 4ce7795 feat: add PR comment summary scope
• c82ba6f feat: add optional review guidance
• ac81b92 fix(core): honor Wrangler config precedence
• ef3298d feat: add Fumadocs plugin
• a13ec35 fix(extract): credit Node script runner entrypoints
• f92318a fix(tanstack): suppress Start virtual modules
• a9cefb4 fix(core): treat bare bun as builtin
• 2f8fc77 fix(mdx): ignore imports inside documentation code fences
• e4bb70d fix(plugins): suppress React Router route type imports
• Additional commits viewable in compare view

Updates @tanstack/router-plugin from 1.168.6 to 1.168.11

Release notes

Sourced from @​tanstack/router-plugin's releases.

@​tanstack/router-plugin@​1.168.11

Patch Changes

• Updated dependencies [51a97a1]:
  • @​tanstack/router-core@​1.171.6
  • @​tanstack/react-router@​1.170.8
  • @​tanstack/router-generator@​1.167.10

@​tanstack/router-plugin@​1.168.10

Patch Changes

• Updated dependencies [5268ba4]:
  • @​tanstack/router-core@​1.171.5
  • @​tanstack/react-router@​1.170.7
  • @​tanstack/router-generator@​1.167.9

@​tanstack/router-plugin@​1.168.9

Patch Changes

• Updated dependencies [7df0d02]:
  • @​tanstack/router-generator@​1.167.8

@​tanstack/router-plugin@​1.168.8

Patch Changes

• Updated dependencies [0300f87, 0300f87]:
  • @​tanstack/router-core@​1.171.4
  • @​tanstack/react-router@​1.170.6
  • @​tanstack/router-generator@​1.167.7

@​tanstack/router-plugin@​1.168.7

Patch Changes

• Update chokidar to v5. (#7439)

• Add deferred Hydrate boundary support for TanStack Start. (#7362)

  Hydrate boundaries can now be code-split by the Start compiler, preload their generated client chunks, preserve server-rendered fallback HTML, and replay interaction-triggered events after hydration. The compiler integration now uses a Start-owned compiler plugin for Hydrate virtual modules across Vite and Rsbuild, with dev invalidation for generated virtual modules.

  Shared AST utilities used by the router code-splitter and Hydrate virtual modules were moved into @tanstack/router-utils so both pipelines can retain referenced top-level declarations, unwrap local exports, and let dead-code elimination remove unused route module code.

• Updated dependencies [5fa9e55]:

  • @​tanstack/router-core@​1.171.3
  • @​tanstack/router-utils@​1.162.1
  • @​tanstack/react-router@​1.170.5
  • @​tanstack/router-generator@​1.167.6

Changelog

Sourced from @​tanstack/router-plugin's changelog.

1.168.11

Patch Changes

• Updated dependencies [51a97a1]:
  • @​tanstack/router-core@​1.171.6
  • @​tanstack/react-router@​1.170.8
  • @​tanstack/router-generator@​1.167.10

1.168.10

Patch Changes

• Updated dependencies [5268ba4]:
  • @​tanstack/router-core@​1.171.5
  • @​tanstack/react-router@​1.170.7
  • @​tanstack/router-generator