chore: add scripts to bundle typescript definitions

[rolznz]

Used in alby-agent-skill

Summary by CodeRabbit

• Chores
  • Added TypeScript declaration bundling to improve type definition distribution and provide better IDE support.
  • Updated build configuration to enable enhanced declaration-type generation.
  • Performed minor internal code improvements and cleanup.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request adds TypeScript declaration bundling infrastructure to the project through new build scripts and development tooling, introduces a TypeScript declaration configuration file for the React package, and removes an unused private state property from the SendPayment component.

Changes

Cohort / File(s)	Summary
Declaration Bundling Configuration package.json, react/package.json	Added dts build script to generate bundled TypeScript declaration files using dts-bundle-generator with specified external import and inline handling. Added dts-bundle-generator (^9.5.1) as a development dependency.
TypeScript Declaration Config react/tsconfig.dts.json	New configuration file extending base tsconfig.json with skipLibCheck enabled and node types included for declaration generation.
Component Cleanup src/components/pages/bc-send-payment.ts	Removed unused private state property _qr of type QRCode | null.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A bundler hops into our build,
Declaration files, neatly milled,
Old state removed without a fuss,
TypeScript types now bless us,
Hopping forward with cleaner dust!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: adding scripts to bundle TypeScript definitions via dts-bundle-generator across package.json files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/dts-bundle-generator

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	dts-bundle-generator@​9.5.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code in npm @babel/traverse CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL) Affected versions: < 7.23.2; >= 8.0.0-alpha.0 < 8.0.0-alpha.4 Patched version: 7.23.2 From: ? → npm/microbundle@0.15.1 → npm/@babel/traverse@7.22.8 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/traverse@7.22.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report