fix(install): move ajv to dependencies and add .yarnrc.yml for node-modules linker

[tae1344]

Summary

• ajv was listed in devDependencies but is required at runtime by scripts/lib/install/config.js, causing Cannot find module 'ajv' when running ./install.sh
• Moved ajv to dependencies so it is always available
• Added .yarnrc.yml with nodeLinker: node-modules so plain node can resolve packages without Yarn PnP

Type

• Skill
• Agent
• Hook
• Command
• Bug fix

Testing

Reproduced the error with ./install.sh typescript, applied the fix, confirmed ajv loads successfully and the install command completes.

Checklist

• Follows format guidelines
• Tested with Claude Code
• No sensitive info (API keys, paths)
• Clear descriptions

🤖 Generated with Claude Code

---

Summary by cubic

Fixes the install script failing with "Cannot find module 'ajv'" by moving ajv to production deps and using Yarn’s node-modules linker so plain Node can resolve packages. ./install.sh now completes reliably across environments.

• Bug Fixes
  • Move ajv from devDependencies to dependencies for runtime use in scripts/lib/install/config.js.
  • Add .yarnrc.yml with nodeLinker: node-modules to avoid PnP resolution issues.

^{Written for commit fe6a6fc. Summary will update on new commits.}

Summary by CodeRabbit

• Chores
  • Configured Yarn module resolution settings
  • Moved validation library to production dependencies
  • Specified explicit Yarn package manager version (4.9.2)

[ecc-tools]

Analyzing 5000 commits...

[ecc-tools]

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting

Cause	Resolution
Large repository	Analysis may timeout on repos with extensive history
API rate limits	Wait 15 minutes before retrying
Network issues	Queue timeout is 15 minutes; retry may succeed
Permissions	Verify app has Contents: Read access

Retry: /ecc-tools analyze

---

_{Report Issue | ECC Tools}

[coderabbitai]

📝 Walkthrough

Walkthrough

A new Yarn configuration file is added with nodeLinker: node-modules setting, and package.json is updated to move ajv from development dependencies to production dependencies while explicitly specifying Yarn v4.9.2 as the package manager.

Changes

Cohort / File(s)	Summary
Configuration & Dependency Promotion .yarnrc.yml, package.json	.yarnrc.yml added to configure Yarn's node module linker. ajv package promoted from devDependencies to dependencies, and packageManager field added with Yarn v4.9.2 plus SHA hash specification. Minor JSON formatting adjustments applied.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• docs: add npm install step before running install.sh #526: Directly related—moves ajv from devDependencies to dependencies and adds Yarn nodeLinker configuration, addressing dependency availability in production workflows.
• ci: install validation deps for hook checks #384: Related through ajv dependency modifications—while this PR promotes the package to production, that PR adjusts its version specification.

Poem

🐰 A carrot of code, now sprouting anew,
Ajv hops to production—where dependencies brew,
Yarn's nodeLinker configured just right,
Package managers locked in hash-guarded flight! 🥬

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main changes: moving ajv to dependencies and adding .yarnrc.yml for node-modules linker configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 3 files

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
• Ask questions if you need clarification on any suggestion

[greptile-apps]

Greptile Summary

This PR fixes a genuine runtime breakage: ajv was required by scripts/lib/install/config.js at runtime but was only listed under devDependencies, causing Cannot find module 'ajv' when running ./install.sh. Moving it to dependencies is the correct fix. The PR also transitions the project to Yarn Berry (v4) by introducing .yarnrc.yml with nodeLinker: node-modules and pinning the package manager to yarn@4.9.2 via the packageManager field.\n\n- ✅ Root cause fix is correct: ajv now lives in dependencies so it is always available at install time\n- ✅ .yarnrc.yml correctly disables Yarn PnP to allow plain node module resolution\n- ⚠️ The pre-existing package-lock.json (npm, lockfileVersion 3) was not removed, leaving two conflicting lock files in the repo — contributors who run npm install will bypass the new yarn.lock\n- ⚠️ .yarnrc.yml is not listed in the files array of package.json, so npm-published consumers of this package won't receive it

Confidence Score: 4/5

Safe to merge after reviewing the dual lock-file concern; the core bug fix is correct and well-scoped.

The primary fix (ajv → dependencies) is clearly correct and directly addresses the reported runtime failure. The .yarnrc.yml addition is a sensible companion change for Yarn Berry environments. Two non-blocking P2 concerns exist: the coexistence of package-lock.json and yarn.lock (contributor confusion risk) and .yarnrc.yml being absent from the files array (affects npm-published users who rely on Yarn). Neither is a showstopper, but the lock-file conflict is worth a follow-up cleanup.

.yarnrc.yml (missing from files array) and the pre-existing package-lock.json (should be removed to avoid conflict with the new yarn.lock)

Important Files Changed

Filename	Overview
package.json	Moves ajv from devDependencies to dependencies (correct fix for runtime usage) and adds packageManager: yarn@4.9.2. However, the existing package-lock.json is left in place, creating a dual-lock-file situation.
.yarnrc.yml	New file enabling nodeLinker: node-modules to bypass Yarn PnP for plain node resolution. Not included in the files array so it won't be shipped with npm published packages.
yarn.lock	Newly generated Yarn Berry lock file; includes entries for both ajv@^6.14.0 (transitive) and ajv@^8.18.0 (direct). Looks well-formed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["./install.sh"] --> B["node scripts/install-apply.js"]
    B --> C["scripts/lib/install/config.js"]
    C --> D{"require('ajv')"}
    D -- "Before PR\n(devDependencies only)" --> E["❌ Cannot find module 'ajv'\n(prod/global install)"]
    D -- "After PR\n(dependencies)" --> F["✅ Ajv loads successfully"]
    F --> G["Validate install config JSON Schema"]
    G --> H["Install proceeds normally"]

    subgraph "Yarn Berry Setup"
        I[".yarnrc.yml\nnodeLinker: node-modules"] --> J["node_modules/ directory\n(not PnP .pnp.cjs)"]
        J --> F
    end

Loading

_{Reviews (1): Last reviewed commit: "fix: move ajv to dependencies and add .y..." | Re-trigger Greptile}

[greptile-apps]

Conflicting lock files coexist

Adding yarn.lock and a "packageManager": "yarn@4.9.2" field while the pre-existing package-lock.json (npm lockfileVersion 3) remains in the repo creates a dual-lock-file situation. Developers who run npm install out of habit will get a dependency graph resolved by npm (using package-lock.json) rather than yarn, which may produce a different node_modules tree and hide future regressions.

Consider either:

• Removing package-lock.json in this PR to make the yarn-only intent explicit, or
• Adding a note in the PR / CONTRIBUTING docs that this repo has migrated to Yarn Berry and that contributors should use yarn instead of npm install.

[greptile-apps]

.yarnrc.yml excluded from files in package.json

The files array in package.json controls what gets bundled into the npm tarball. .yarnrc.yml is not included in that list. This means users who install the package via npm install -g ecc-universal or npx ecc-universal will not receive the file, so the nodeLinker: node-modules setting won't apply to them and they could still hit Yarn PnP resolution failures when running the scripts.

The primary ajv → dependencies fix covers the common case. However, if Yarn PnP compatibility is a supported scenario for npm-installed users, .yarnrc.yml needs to be added to the files array:

"files": [
  ".yarnrc.yml",
  ...
]

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 126: The package.json packageManager entry currently references a
non-existent Yarn version; update the "packageManager" field to a valid Yarn
release (e.g., "yarn@2.4.3") and replace the accompanying integrity/hash with
the correct integrity string for that release; locate the packageManager key in
package.json and regenerate the correct integrity (for example by using Corepack
to prepare/activate the desired yarn version or consulting the official Yarn
release integrity) and paste the updated "yarn@<version>+sha512.<integrity>"
value.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 09728c85-c267-42b6-a455-796e971d6b96

📥 Commits

Reviewing files that changed from the base of the PR and between 678fb6f and fe6a6fc.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• .yarnrc.yml
• package.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify yarn@4.9.2 exists on npm registry and check the integrity hash

# Check if yarn@4.9.2 exists
echo "=== Checking yarn@4.9.2 on npm ==="
curl -s "https://registry.npmjs.org/yarn/4.9.2" | jq -r '.version // "NOT FOUND"'

# List recent yarn versions to confirm 4.9.2 is plausible
echo ""
echo "=== Recent yarn versions ==="
curl -s "https://registry.npmjs.org/yarn" | jq -r '.versions | keys | .[-10:]'

Repository: affaan-m/everything-claude-code

Length of output: 349

---

Update packageManager to use a valid Yarn version.

Yarn 4.9.2 does not exist on the npm registry. The latest available version is 2.4.3. Update the packageManager field to reference an existing Yarn version and its correct integrity hash to prevent installation failures.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 126, The package.json packageManager entry currently
references a non-existent Yarn version; update the "packageManager" field to a
valid Yarn release (e.g., "yarn@2.4.3") and replace the accompanying
integrity/hash with the correct integrity string for that release; locate the
packageManager key in package.json and regenerate the correct integrity (for
example by using Corepack to prepare/activate the desired yarn version or
consulting the official Yarn release integrity) and paste the updated
"yarn@<version>+sha512.<integrity>" value.