Branch: SWC v2

[kdy1]

No description provided.

[changeset-bot]

🦋 Changeset detected

Latest commit: e39a909

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codspeed-hq]

CodSpeed Performance Report

Merging #10739 will not alter performance

_{Comparing dev/v2 (e39a909) with main (1ddd8e4)¹}

Summary

✅ 140 untouched benchmarks

Footnotes

1. No successful run was found on main (0aaed1a) during the generation of this report, so 1ddd8e4 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[magic-akari]

This branch needs rebase.

[kdy1]

Can you do it?

[magic-akari]

Can you do it?

No. dev/v2 is a protected branch.

[kdy1]

After several tries to rebase, I created v2-rebase branch which is not a protected branch.

https://github.com/swc-project/swc/tree/v2-rebase

Can you rebase this branch instead?

[magic-akari]

Changes from #10678 have been merged into main branch, so I'll drop this commit during rebase.
CC @bvanjoi - correct me if I'm wrong.

[bvanjoi]

I think this is ok because this change is not important.

[magic-akari]

Can you rebase this branch instead?

done

[kdy1]

Thank you! I updated dev/v2 branch!

[claude]

Claude finished @kdy1's task —— View job

---

SWC v2 PR Review

Review Checklist

• Read repository setup and guidelines
• Analyze core configuration changes
• Review WASM binding modifications
• Check JSX processing updates
• Assess test coverage and fixture changes
• Evaluate performance implications
• Check for security concerns
• Provide comprehensive feedback

---

Code Review Summary

This is a major version update (v2) for SWC that introduces significant architectural changes, particularly around JSX handling and configuration management. Here's my detailed analysis:

✅ Strengths

1. JSX Runtime Modernization

• Automatic JSX Runtime: The PR properly implements React's modern JSX runtime (react/jsx-runtime) as the default, moving away from the classic React.createElement approach (crates/swc/src/config/mod.rs:318-334)
• Backward Compatibility: Classic JSX transform is still supported via explicit configuration ("runtime": "classic")
• Preserve Mode: Added preserve option for JSX runtime in TypeScript definitions

2. Configuration System Improvements

• Robust Module Configurations: Enhanced support for different module types (CommonJS, AMD, UMD, SystemJS, ES6, NodeNext) with proper interop handling (crates/swc/src/config/mod.rs:1385-1398)
• Better Error Handling: Comprehensive error handling throughout the configuration parsing logic
• Type Safety: Well-structured TypeScript definitions in WASM bindings with detailed documentation

3. Test Coverage

• Comprehensive Test Updates: 80+ test fixture files updated to reflect new JSX behavior
• Regression Coverage: Tests cover both automatic and classic JSX runtime scenarios

⚠️ Areas of Concern

1. Breaking Changes Documentation

• Migration Guide Missing: No clear documentation on how users should migrate from v1 to v2
• Default Behavior Change: JSX runtime changing from classic to automatic is a significant breaking change that needs clear communication

2. Configuration Complexity

• Large Configuration Surface: The configuration options in crates/swc/src/config/mod.rs:129-191 are extensive and could be overwhelming for users
• Multiple Runtime Options: Different JSX runtime behaviors might confuse developers

3. Type Definition Inconsistencies

• WASM Binding Differences: Lines 550/709 in binding_core_wasm show isModule?: boolean | 'unknown' | 'commonjs' vs binding_minifier_wasm shows isModule?: boolean | 'unknown' - this inconsistency should be addressed

🔍 Potential Issues

1. Performance Considerations

• JSX Transform Order: JSX processing now runs before resolver pass (crates/swc/src/config/mod.rs:311-316) - this could impact performance for large codebases
• Plugin Execution: Complex plugin ordering logic may introduce overhead

2. Security Review

• No Critical Issues Found: The code follows secure practices
• Plugin System: WASM plugin system has proper sandboxing and error handling

3. Edge Cases

• Module Resolution: Complex path resolution logic in build_resolver function (crates/swc/src/config/mod.rs:1837-1899) could fail with unusual path configurations
• Interop Handling: Module interop logic is complex and may have edge cases with mixed module systems

📋 Recommendations

High Priority:

1. Add Migration Documentation: Create comprehensive migration guide for v1 → v2 users
2. Fix Type Inconsistencies: Align isModule type definitions between core and minifier WASM bindings
3. Performance Testing: Benchmark JSX transformation performance compared to v1

Medium Priority:

1. Simplify Configuration: Consider providing preset configurations for common use cases
2. Error Messages: Improve error messages for configuration validation failures
3. Default Settings: Document new default behaviors clearly

Low Priority:

1. Code Comments: Add more inline documentation for complex configuration logic
2. Test Organization: Group related test fixtures together for better maintainability

🎯 Overall Assessment

This is a well-executed major version update that modernizes SWC's JSX handling while maintaining backward compatibility. The code quality is high, with proper error handling and comprehensive test coverage.

Risk Level: Medium - due to breaking changes in default behavior
Recommendation: Approve with conditions - address type inconsistencies and add migration documentation before release

The architectural improvements position SWC well for future development, and the JSX runtime modernization aligns with React ecosystem best practices.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	copyfiles@​2.4.1
	webpack-cli@​3.3.12
	webpack-dev-server@​3.11.3
	webpack@​4.47.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		[email protected] has a Critical CVE. CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL) Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4 Patched version: 2.5.4 From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report