chore: cleanup benchmark and (dev)Dependencies

[JounQin]

Important

Clean up benchmark by removing unused imports, update hashing functions, add Node.js 18 to CI, and update dependencies.

• Benchmark Cleanup:
  • Remove unused imports encodeUrl and flattie from benchmark.js.
  • Update hashing functions in benchmark.js to use base64url encoding.
• CI Workflow:
  • Add Node.js version 18 to the matrix in ci.yml.
• Dependencies:
  • Update @1stg/common-config to ^14.3.0, @types/node to ^22.16.0, @types/web to ^0.0.245, eslint to ^9.30.1, prettier to ^3.6.2, react-router-dom to ^7.6.3, and vite to ^7.0.2 in package.json.
  • Remove ab64 and flattie from devDependencies in package.json.

^{This description was created by for 7e64b2a. You can customize this summary. It will automatically update as commits are pushed.}

Summary by CodeRabbit

• New Features

  • Expanded compatibility by testing on Node.js 18 in addition to newer versions.

• Bug Fixes

  • Improved hashing functions to operate directly on input objects and produce base64 URL-safe hashes, resulting in faster execution and higher throughput.

• Documentation

  • Updated benchmark results in documentation to reflect improved performance metrics.

• Chores

  • Updated and cleaned up development dependencies.
  • Removed unused packages from the project.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7e64b2a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The updates include broadening Node.js version coverage in CI, upgrading development dependencies, removing unused packages, and updating the benchmark implementation to hash objects directly with base64url encoding. Benchmark results in both documentation and output files were refreshed to reflect improved performance metrics. No exported or public API changes were made.

Changes

File(s)	Change Summary
.github/workflows/ci.yml	Added Node.js v18 to the CI matrix for broader version testing.
package.json	Upgraded several dev dependencies; removed ab64 and flattie from devDependencies.
benchmark.js	Removed object flattening and explicit URL encoding; hash functions now use base64url encoding directly.
README.md, benchmark.txt	Updated benchmark results to reflect improved latency and throughput metrics for all tasks.

Suggested labels

internal, documentation

Poem

A bunny hops through code so bright,
With hashes swift as morning light.
Benchmarks leap, dependencies trimmed,
Old encodings quietly dimmed.
Node’s new friends join the run,
CI matrix widened—more fun!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

benchmark.js

Oops! Something went wrong! :(

ESLint: 9.30.1

Error [ERR_MODULE_NOT_FOUND]: Cannot find package '@1stg/eslint-config' imported from /eslint.config.js
at Object.getPackageJSONURL (node:internal/modules/package_json_reader:255:9)
at packageResolve (node:internal/modules/esm/resolve:767:81)
at moduleResolve (node:internal/modules/esm/resolve:853:18)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:801:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:725:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:708:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:309:38)
at #link (node:internal/modules/esm/module_job:202:49)

Warning

Review ran into problems

🔥 Problems

Check-run timed out after 90 seconds. Some checks/pipelines were still in progress when the timeout was reached. Consider increasing the reviews.tools.github-checks.timeout_ms value in your CodeRabbit configuration to allow more time for checks to complete.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0235026 and 7e64b2a.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (5)

• .github/workflows/ci.yml (1 hunks)
• README.md (1 hunks)
• benchmark.js (1 hunks)
• benchmark.txt (1 hunks)
• package.json (2 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

benchmark.js (1)

src/index.ts (2)

• stableHash (34-99)
• stableHash (101-101)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Lint and Test with Node.js 24 on windows-latest
• GitHub Check: Lint and Test with Node.js 22 on macos-latest
• GitHub Check: Lint and Test with Node.js 24 on ubuntu-latest
• GitHub Check: Lint and Test with Node.js 20 on windows-latest
• GitHub Check: Lint and Test with Node.js 24 on macos-latest
• GitHub Check: Lint and Test with Node.js 22 on windows-latest
• GitHub Check: Lint and Test with Node.js 18 on windows-latest

🔇 Additional comments (6)

package.json (1)

54-54: Dependency versions verified—please run a local security audit

All updated packages exist at the specified versions on npm:

• @1stg/common-config@14.3.0
• @types/node@22.16.0
• @types/web@0.0.245
• eslint@9.30.1
• prettier@3.6.2
• react-router-dom@7.6.3
• vite@7.0.2

Since the sandbox environment couldn’t perform an npm audit, double-check for known vulnerabilities by running npm audit (or your preferred security scanner) in your local environment before merging.

.github/workflows/ci.yml (1)

17-17: Good addition of Node.js 18 to the CI matrix.

Adding Node.js 18 to the test matrix improves compatibility coverage and aligns well with the package.json engines requirement of ">=12.0.0". Node.js 18 is an LTS version, making this a solid choice for testing.

README.md (1)

187-190: Benchmark results show impressive performance improvements.

The updated benchmark results demonstrate significant performance gains:

• stable-hash-x latency reduced to ~1019ns with 1.16M+ ops/s throughput
• stable-hash shows similar improvements with 1.15M+ ops/s throughput
• All tasks show better performance metrics

These improvements align well with the optimizations in benchmark.js that removed object flattening and intermediate encoding steps.

benchmark.js (2)

53-53: JSDoc parameter type improvements are more precise.

The parameter types have been refined from unknown to object, which is more accurate since all these functions specifically expect objects to hash.

Also applies to: 60-60, 70-70, 77-77

---

56-57: Excellent optimization: direct base64url encoding improves performance.

The switch to direct base64url encoding eliminates intermediate encoding steps, which explains the significant performance improvements seen in the benchmark results. This is a clean optimization that:

1. Removes unnecessary dependency on ab64 and flattie packages
2. Simplifies the hashing pipeline
3. Achieves better performance as demonstrated in the updated benchmarks

The implementation correctly uses crypto.createHash('sha512').update().digest('base64url') for consistent URL-safe base64 encoding across all functions.

Also applies to: 63-67, 73-74, 80-81

benchmark.txt (1)

4-7: Benchmark results are consistent and show excellent performance gains.

The updated benchmark results are consistent with the README.md and demonstrate the effectiveness of the optimization changes:

• stable-hash-x: ~1019ns latency, 1.16M+ ops/s throughput
• stable-hash: ~1058ns latency, 1.15M+ ops/s throughput
• All tasks show improved performance metrics

These results validate the benchmark.js optimizations that removed object flattening and intermediate encoding steps.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​esbuild/​aix-ppc64@​0.25.5
	@​esbuild/​android-arm64@​0.25.5
	@​esbuild/​darwin-arm64@​0.25.5
	@​esbuild/​darwin-x64@​0.25.5
	@​esbuild/​freebsd-arm64@​0.25.5
	@​esbuild/​freebsd-x64@​0.25.5
	@​esbuild/​linux-arm@​0.25.5
	@​esbuild/​linux-arm64@​0.25.5
	@​esbuild/​linux-ia32@​0.25.5
	@​esbuild/​linux-loong64@​0.25.5
	@​esbuild/​linux-mips64el@​0.25.5
	@​esbuild/​linux-ppc64@​0.25.5
	@​esbuild/​linux-riscv64@​0.25.5
	@​esbuild/​linux-s390x@​0.25.5
	@​esbuild/​linux-x64@​0.25.5
	@​esbuild/​openbsd-arm64@​0.25.5
	@​esbuild/​openbsd-x64@​0.25.5
	@​esbuild/​sunos-x64@​0.25.5
	@​esbuild/​win32-arm64@​0.25.5
	@​esbuild/​win32-ia32@​0.25.5
	@​esbuild/​win32-x64@​0.25.5
	@​esbuild/​netbsd-arm64@​0.25.5
	@​esbuild/​netbsd-x64@​0.25.5
	@​unrs/​resolver-binding-win32-x64-msvc@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-win32-arm64-msvc@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-win32-ia32-msvc@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-linux-x64-gnu@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-linux-x64-musl@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-freebsd-x64@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-android-arm64@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-linux-arm64-gnu@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-linux-arm64-musl@​1.9.2 ⏵ 1.11.0				+1
	@​unrs/​resolver-binding-android-arm-eabi@​1.9.2 ⏵ 1.11.0				+1
See 198 more rows in the dashboard

View full report

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (0235026)	63	63	100.00%
Head commit (7e64b2a)	63 (+0)	63 (+0)	100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#14)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (0235026) to head (7e64b2a).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #14   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           69        69           
  Branches        26        26           
=========================================
  Hits            69        69           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/stable-hash-x@14

commit: 7e64b2a

[Copilot]

Pull Request Overview

This PR cleans up benchmarking scripts and bumps development dependencies across the codebase.

• Bump various devDependency versions and remove unused packages from package.json.
• Refactor benchmark.js to drop external URL-encoding/flattie libs in favor of built-in base64url digests and update benchmark results in benchmark.txt and README.md.
• Extend CI matrix to include Node 18.

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
package.json	Updated devDependency versions, removed ab64 and flattie.
benchmark.js	Removed encodeUrl & flattie imports; use digest('base64url').
benchmark.txt	Updated recorded benchmark numbers.
README.md	Synced benchmark table with latest numbers.
.github/workflows/ci.yml	Added Node 18 to the test matrix.

Comments suppressed due to low confidence (1)

benchmark.js:57

• Node.js 18 does not support the 'base64url' encoding in crypto.Hash.digest, causing this script to fail under Node 18. Consider falling back to .digest('base64') and then replacing +//= characters for URL-safe output or otherwise polyfilling base64url support.

  crypto.createHash('sha512').update(hash(obj)).digest('base64url')

[github-actions]

size-limit report 📦

Path	Size
lib/index.js	595 B (0%)

[github-actions]

Deploy preview for stable-hash-x ready!

✅ Preview
https://stable-hash-l4psqm5px-1stg.vercel.app

Built with commit 7e64b2a.
This pull request is being automatically deployed with vercel-action

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 7e64b2a in 1 minute and 11 seconds. Click for details.

• Reviewed 191 lines of code in 5 files
• Skipped 1 files when reviewing.
• Skipped posting 7 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/ci.yml:17

• Draft comment:
  Added Node.js version 18 in the CI matrix; please confirm that all tests and compatibility are ensured on Node 18.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. README.md:187

• Draft comment:
  Benchmark table metrics have been updated—verify these numbers are reproducible and reflect expected performance.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

3. benchmark.js:3

• Draft comment:
  Removed 'encodeUrl' and 'flattie' imports; ensure that any necessary object flattening or encoding adjustments are now handled internally by the hash implementation.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is asking the author to ensure that the removal of 'encodeUrl' and 'flattie' imports is handled internally by the hash implementation. This is a request for confirmation of intention, which violates the rules. The comment does not provide a specific code suggestion or ask for a specific test to be written.

4. benchmark.js:56

• Draft comment:
  Switching to native 'base64url' encoding simplifies the code; please verify that the Node versions in use fully support this encoding option.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

5. benchmark.js:53

• Draft comment:
  The JSDoc now specifies the parameter as an 'object' instead of 'unknown'. Confirm that this change is intentional since the library supports hashing of primitives too.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

6. benchmark.txt:4

• Draft comment:
  Benchmark output has been refreshed; please ensure these performance improvements are consistent across different environments.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

7. package.json:53

• Draft comment:
  DevDependencies have been updated with several version bumps and removals (e.g. 'ab64' and 'flattie'). Please verify that these changes do not adversely affect builds or tests.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_qFP4M9KbRPepGqqf

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[github-actions]

📊 Package size report   -0.25%↓

File	Before	After
package.json	3.1 kB	-1.56%↓3.0 kB
Total (Includes all files)	19.2 kB	-0.25%↓19.2 kB
Tarball size	5.9 kB	-0.14%↓5.9 kB

Unchanged files

File	Size
lib/index.cjs	1.7 kB
lib/index.d.cts	153 B
lib/index.d.ts	153 B
lib/index.js	1.7 kB
LICENSE	1.1 kB
README.md	11.4 kB

_{🤖 This report was automatically generated by pkg-size-action}

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (0235026)	63	63	100.00%
Head commit (7e64b2a)	63 (+0)	63 (+0)	100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#14)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences