Contributions

19 PRs merged across 8 upstream repos. Plus a public patches repo with drop-in fixes shipped before merge in Bun, npm, pnpm, and Yarn formats. The workflow: find the bug, file the upstream PR, drop the patch into the repo so my projects (and anyone else hitting the same thing) can ship without waiting. When the fix lands in a release, I bump the dep and delete the patch. Every merged PR listed here shipped as a patch first.

Merged PRs

• expo/expo (8 PRs):
  • #44548 textContentType modifier wrapping SwiftUI’s textContentType(_:) with all 45 UITextContentType values. Wires @expo/ui TextField and SecureField into iOS keychain autofill for passwords, emails, addresses, credit cards, and OTP codes. Before this, @expo/ui text fields could not participate in iOS autofill at all. Includes #available guards for the iOS 17+ values (creditCardExpiration, birthdate, etc.) and iOS 17.4+ values (cellularEID, cellularIMEI)
  • #44547 textInputAutocapitalization modifier (iOS 15+) with all four TextInputAutocapitalization modes: never, words, sentences, characters. Before this, the only way to disable auto-capitalization on @expo/ui TextField was forcing keyboardType="ascii-capable", which changed the keyboard layout entirely. Username and email fields can now behave correctly without that workaround
  • #43958 PersistentFileLog.readEntries race condition where reads bypassed the serialQueue that guards every write. Caused flaky UpdatesLogReaderTests.PurgeOldLogs failures in expo-updates CI when a read executed before a queued write flushed to disk and returned entries1.count == 1 instead of 2. Fix wraps readEntries in serialQueue.sync so reads wait for pending writes. No deadlock risk because all callers are external to the queue
  • #43955 scrollTargetBehavior and scrollTargetLayout modifiers (iOS 17+) for paging and view-aligned scroll snapping in @expo/ui ScrollView. Brings SwiftUI’s snap-paging API to React Native through @expo/ui modifier composition with #available guards for iOS 17, tvOS 17, and macOS 14
  • #43923 defaultScrollAnchorForRole modifier (iOS 18+) wrapping the two-parameter defaultScrollAnchor(_:for:) overload. Lets you set independent scroll anchors per ScrollAnchorRole (initialOffset, sizeChanges, alignment), so a chat view can anchor to bottom globally but start at top via a per-role override. Also added null support to match Apple’s UnitPoint? signature and the missing @platform macos 14.0+ JSDoc to the single-arg version from #43914
  • #43914 defaultScrollAnchor modifier (iOS 17+) for controlling where a ScrollView or List starts. Removes the need for scaleEffect(y: -1) flips, reversed data arrays, and inverted scroll indicator hacks that chat UIs traditionally relied on. Reuses the existing UnitPointOptions enum and falls back to a no-op on iOS < 17
  • #43228 per-axis scaleEffect accepting { x, y } in addition to number. Unblocks the inverted-list pattern for chat threads: flip the List vertically with scaleEffect({ x: 1, y: -1 }) and flip each row back, so messages anchor to the bottom and new content pushes up naturally. Backwards-compatible: scaleEffect(0.5) still normalizes to { x: 0.5, y: 0.5 } in the TS layer before hitting native
  • #43158 ClipShapeModifier and MaskModifier were silently rendering Rectangle for any shape other than circle or roundedRectangle because they used a raw String field instead of the ShapeType enum from #40748. Every other shape modifier (BackgroundModifier, ContainerShapeModifier, ContentShapeModifier, GlassEffectModifier) already used ShapeType. Switched both to exhaustive ShapeType switching with no default fallthrough, added roundedCornerStyle and cornerSize fields, and unblocked capsule and ellipse in clipShape() and mask()
• get-convex/better-auth (4 PRs):
  • #218 four bugs causing stale auth state and incorrect isAuthenticated values. (1) getCookie() parsed cookies from JSON, which turned expires into a string. Comparing string < new Date() coerced the Date to a number and the string to NaN, and NaN < anything is always false, so expired cookies were never filtered out. (2) Cookies persisted after /get-session returned null, so combined with bug 1, stale credentials shipped indefinitely. (3) Sign-out stored "{}" in localCacheName and JSON.parse("{}") returns truthy {}, breaking if (sessionData) checks. Fix stores "null" so JSON.parse("null") returns null. (4) isAuthenticated was session !== null, which returned true for {} (from bug 3) and undefined during loading edges. Fix uses Boolean(session?.session)
  • #245 widened the better-auth peer dep from exact 1.4.9 to >=1.4.9 <1.5.0 after verifying every import path is stable across 1.4.9 through 1.4.18. Explicitly excludes 1.5.0, which moved createAuthEndpoint and createAuthMiddleware from better-auth/plugins to better-auth/api, removed the better-auth/adapters/test export path, and deleted runAdapterTest entirely
  • #267 concurrent fetchAccessToken dedup with useRef. On page load, sessionId transitions from undefined to a value, which creates a new fetchAccessToken reference and triggers ConvexProviderWithAuth to call setAuth() again while the first request is still in-flight. React 18 StrictMode doubles this in dev. Each /convex/token call hits the DB for session middleware and runs JWT signing, so N concurrent calls meant N redundant round-trips with only one result used. Fix stores the in-flight promise in a useRef so concurrent callers share it, with forceRefreshToken: true bypassing the guard and .finally() clearing the ref after resolution. Closes #219, likely reduces the action count reported in #186
  • #278 removed the dead react-dom peer dep declaration. Zero imports of react-dom, ReactDOM, createRoot, hydrateRoot, flushSync, or createPortal across all 32 files in src/. None of the exports (/react, /nextjs, /react-start) touch it. The declaration was generating peer dep warnings in bun and pnpm projects that don’t use react-dom
• napi-rs/napi-rs (1 PR): #3189 cross-compile regression in the v3 CLI rewrite. When --cross-compile / -x was passed for a linux or darwin target, pickBinary() in cli/src/api/build.ts skipped cargo-zigbuild if host platform, arch, and abi matched target, logged a warning, then silently fell through to cargo build. The whole point of --cross-compile on a native build is to pin a lower glibc via zig’s linker. Without it, building x86_64-unknown-linux-gnu on ubuntu-latest (glibc 2.39) produced binaries incompatible with glibc < 2.35 systems like Amazon Linux 2023 (glibc 2.34) and Vercel’s build container. v2 had this fix in #1432 (resolving #1430) but it wasn’t carried over during the v3 rewrite in #1492. Fix removes the platform-match conditions in the else branch of pickBinary() so --cross-compile always uses cargo-zigbuild for non-Windows targets
• shadcn-ui/ui (1 PR): #9331 registered the @ramonclaudio-coderabbit shadcn registry in the official open source directory per request in #8892. Adds entries to apps/v4/public/r/registries.json and apps/v4/registry/directory.json so the registry is discoverable through the shadcn CLI. The registry itself ships a framework-agnostic CodeRabbit API client, pluggable storage adapters (LocalStorage, Convex, Supabase, PostgreSQL, MySQL), and React components for generating developer activity reports
• oven-sh/bun (1 PR): #21855 added the decompress property to the BunFetchRequestInit interface with JSDoc documentation. The option already worked at runtime in Bun’s fetch(), but TypeScript users had to @ts-ignore it on every call to disable response decompression. Now it’s a first-class typed option, no escape hatch required
• fuma-nama/fumadocs (2 PRs):
  • #2092 fixed the TanStack Start template in create-fumadocs-app. Wired the vite-react plugin with the required customViteReactPlugin: true flag, configured a custom NotFound component for TanStack Router, and bumped deps to current versions. Resolved four issues at once: TanStack Start vite-react plugin warning, missing custom 404 component warning, module resolution errors during client-side navigation, and React hydration errors caused by useMemo null references that flashed errors mid-route-change
  • #2095 prettier formatting fix that unblocked the changesets release PR #2093 for create-fumadocs-app@15.7.0. The release PR was stuck on a formatting check, so I ran the formatter and shipped the diff so the release could go out
• rudrankriyam/App-Store-Connect-CLI (1 PR): #784 Mac App Store screenshot support for the asc CLI. New --provider macos grabs the frontmost window of a running macOS app by bundle ID using screencapture -l <windowID>, where the window ID comes from a Swift one-liner piped to swift - via CGWindowListCopyWindowInfo. No cgo, no extra binaries. New --device mac renders to the 2880x1800 APP_DESKTOP canvas without a device bezel, with optional title, subtitle, and background color overlays via --title, --subtitle, --bg-color, --title-color, and --subtitle-color. Using canvas flags on a non-canvas device returns an error instead of silently ignoring them. Requires Screen Recording permission for the terminal and Xcode Command Line Tools for swift. Also fixed ASC_TIMEOUT being silently ignored for screenshots capture and screenshots frame, both now use ContextWithTimeout. Tested against a regular windowed app and a menubar panel app
• TanStack/db (1 PR): #17 corrected the stale README link to the example todo app, repointing it at examples/react/todo. Tiny fix, but it was the first thing I clicked when I landed on the repo and it 404’d. Was PR #17 in the repo, early days

Patches

Open (PRs still awaiting upstream merge):

• expo-router 56.0.0-canary-20260212-4f61309: Stack.Toolbar infinite render loop on stateful screens. Any child screen holding local state that re-rendered triggered a loop through Stack.Toolbar, making stateful stack navigators unusable on canary. Patched against the canary while waiting for expo/expo#44563 to merge, which resolves expo/expo#44561
• @shopify/mini-oxygen 4.0.0: Vite 7 support. The real blocker is a ReferenceError: __vite_ssr_exportName__ is not defined from a missing 6th SSR key in the mini-oxygen worker runtime, plus getBuiltins() support, a fetchModule importer fix, deprecated root removal, and bumping the vite peer dep from ^5.1.0 || ^6.2.1 to ^7.0.0. Shipped as Shopify/hydrogen#3493 with three sibling patches so the whole Hydrogen stack installs on Vite 7 together: @shopify/hydrogen 2026.1.0 (widens vite peer dep to ^5.1.0 || ^6.2.1 || ^7.0.0), @shopify/hydrogen-react 2026.1.0 (same), and @shopify/cli-hydrogen 11.1.9 (widens from ^5.1.0 || ^6.2.0 to include ^7.0.0)
• bun 1.3.9: two PRs against bun itself. oven-sh/bun#27085 fixes includePrerelease semantics in peer dep semver validation, where bun was rejecting valid prerelease versions during install. oven-sh/bun#27086 fixes an invalid YAML sequence in the update-root-certs workflow’s labels field that was breaking bun’s own CI
• no patch (CI workflow, not runtime code): @astrojs/compiler needs -x added to the x86_64-unknown-linux-gnu build for glibc compat, same class of issue as the napi-rs regression above. Tracked in withastro/compiler-rs#22
• no patch (docs website feature, not runtime code): shadcn/ui raw <ComponentsList> tag leaks into the copy-to-markdown output on component pages. Tracked in shadcn-ui/ui#9484

Released (PR merged; patch either still active until the next release, already dropped, or tracked without a local patch file):

Active, awaiting next release:

• @expo/ui 56.0.0-canary-20260212-4f61309: textContentType modifier with all 45 UITextContentType values, merged in expo/expo#44548, awaiting the next canary
• @expo/ui 56.0.0-canary-20260212-4f61309: textInputAutocapitalization modifier, merged in expo/expo#44547, awaiting the next canary
• @expo/ui 56.0.0-canary-20260212-4f61309: scrollTargetBehavior and scrollTargetLayout modifiers, merged in expo/expo#43955, awaiting the next canary

Dropped after release (detailed descriptions in the Merged PRs section above):

• @expo/ui 56.0.0-canary-20260212-4f61309 → 56.0.0-canary-20260305-5163746: #43158, #43228
• @expo/ui 56.0.0-canary-20260212-4f61309 → 56.0.0-canary-20260401-5e87ef7: #43914, #43923
• expo-modules-core 56.0.0-canary-20260212-4f61309 → 56.0.0-canary-20260401-5e87ef7: #43958
• @convex-dev/better-auth 0.10.10 → 0.10.11: #218, #245
• @convex-dev/better-auth 0.10.11 → 0.10.12: #267
• @convex-dev/better-auth 0.10.12 → 0.10.13: #278
• bun 1.2.20 → 1.2.21: #21855
• create-fumadocs-app 15.6.4 → 15.6.5: #2092, #2095
• convex 1.31.3 → 1.31.4 (not my PR): WebSocketManager addEventListener guard, patched while reporting (baafbf5)

No patch, tracked in the patches repo for completeness because the upstream change can’t be applied locally: napi-rs/napi-rs#3189 (CLI bundles to dist), shadcn-ui/ui#9331 (docs site JSON), App-Store-Connect-CLI#784 (Swift binary), TanStack/db#17 (README only).

Closed (patches dropped after upstream fixed the underlying issue a different way, or docs-only PRs I closed myself):

• react-native-view-shot 4.0.3: React Native 0.84 new architecture compat. RCTScrollView was removed in 0.84, so the snapshotContentContainer check had to switch to UIScrollView. Never filed a PR because upstream adopted the same approach in 5.0.0-alpha.2 (gre/react-native-view-shot#587)
• @tobilu/qmd 1.0.7: typescript was in peerDependencies instead of devDependencies, and tsc was missing from the prepare script, so a global install produced a package with no compiled output. Upstream rebuilt the fix differently in 1.1.0+, I closed tobi/qmd#197
• @tobilu/qmd docs: tool name, param names, and ghost params in mcp-setup.md out of sync with inputSchema in src/mcp.ts. Corrections documented in tobi/qmd#95 (closed by me, still stale upstream)

Issues I filed upstream

• panva/jose#752 process.getBuiltinModule misuse broke Edge Runtime and Next.js middleware. Traces convinced @panva the bug was real, fixed in v6.0.4
• shadcn-ui/ui#8892 registry directory submission for CodeRabbit. @shadcn asked me to send a PR, I shipped #9331 which auto-closed this issue on merge
• get-convex/better-auth#219 potential duplicate token requests during concurrent fetchAccessToken calls. Fixed by my own PR #267
• anthropics/claude-code#18181 manual update doesn’t fix the symlink when CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC is set. @bcherny replied “Fix incoming” and closed it
• cursor/cursor#3182 unable to update spending limit or toggle usage-based pricing on the main dashboard. Fixed upstream (cursor later disabled their issue tracker)
• Textualize/textual#5980 emoji with variation selectors cause button layout misalignment in Ghostty. Closed after the discussion concluded the fix belongs in terminal emulators via DEC mode 2027, not in textual
• Shopify/hydrogen#3263 Vite 7 support in @shopify/mini-oxygen, open and tracked by my PR #3493
• anthropics/claude-code#18075 feature request for an env var to set a custom Chromium browser path, open
• anthropics/claude-code#20664 --fork-session doesn’t inherit CLAUDE_CODE_TASK_LIST_ID from the parent session, stale after github-actions auto-closed it for inactivity with no human response
• tobi/qmd#198 bun install -g requires manual bun pm trust better-sqlite3, closed by me as a known runtime limitation

- Ray