Fix ESLint flat config flag, tsconfig moduleResolution, scripts dependency drift, and CI lint workflow

[Copilot]

Four config correctness issues: ESLint --ext flag breaks under flat config (ESLint 9+), moduleResolution is mismatched for an ESM+bundler project, scripts/package.json has stale dependency versions, and the CI lint workflow was still invoking ESLint with the incompatible --ext flag directly.

Changes

• package.json — Remove --ext .js,.ts,.jsx,.tsx from lint and lint:fix scripts; flag is unsupported in flat config mode and redundant since eslint.config.js already scopes via files
• tsconfig.json — moduleResolution: node → bundler; correct resolver for ESM projects using esbuild
• scripts/package.json — Align openai (^6.17.0 → ^6.18.0) and @types/node (^25.1.0 → ^25.2.1) to match root package.json
• .github/workflows/lint.yml — Replace npx eslint . --ext .js,.ts,.jsx,.tsx --max-warnings 0 with npm run lint -- --max-warnings 0 so the CI job delegates to the fixed npm script and remains compatible with ESLint 9 flat config
• scripts/package-lock.json — Regenerated to reflect updated openai (^6.18.0) and @types/node (^25.2.1) ranges, keeping npm ci in scripts/ deterministic and consistent

Original prompt

Summary

This PR addresses critical and high-priority issues found during a repository audit.

Issues to Fix

1. 🔴 ESLint --ext flag incompatible with flat config (Critical)

The lint and lint:fix scripts in the root package.json use the --ext flag, which is not supported in ESLint's flat config mode (ESLint 9+). The repo already uses flat config format in eslint.config.js, so these scripts will fail.

In package.json, change:

"lint": "eslint . --ext .js,.ts,.jsx,.tsx",
"lint:fix": "eslint . --ext .js,.ts,.jsx,.tsx --fix"

To:

"lint": "eslint .",
"lint:fix": "eslint . --fix"

The flat config in eslint.config.js already specifies files: ['**/*.ts', '**/*.tsx', '**/*.js', '**/*.jsx'], so the --ext flag is redundant and breaking.

2. 🟡 tsconfig.json – Modernize moduleResolution

The project uses "type": "module" (ESM) but tsconfig.json has "moduleResolution": "node" which is the legacy resolver.

In tsconfig.json, change:

"moduleResolution": "node"

To:

"moduleResolution": "bundler"

This is the recommended setting for modern ESM projects that use bundlers (esbuild, etc.).

3. 🟡 scripts/package.json – Version drift from root

The scripts/package.json has older dependency versions compared to root package.json:

• openai: ^6.17.0 → should be ^6.18.0 (matching root)
• @types/node: ^25.1.0 → should be ^25.2.1 (matching root)

In scripts/package.json, update:

"dependencies": {
    "openai": "^6.18.0"
},
"devDependencies": {
    "@types/node": "^25.2.1",
    "ts-node": "^10.9.2",
    "typescript": "^5.7.0",
    "tsx": "^4.21.0"
}

Files to Modify

1. package.json – Fix lint and lint:fix scripts (remove --ext flag)
2. tsconfig.json – Change moduleResolution from "node" to "bundler"
3. scripts/package.json – Align openai to ^6.18.0 and @types/node to ^25.2.1

Important Notes

• Do NOT change any other fields in these files
• Preserve all existing formatting (2-space indentation, trailing newlines)
• These are minimal, targeted fixes — no new dependencies or structural changes

This pull request was created from Copilot chat.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@types/node	25.3.3	🟢 6.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed
npm/openai	6.25.0	Unknown	Unknown
npm/undici-types	7.18.2	🟢 8.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected License 🟢 10 license file detected SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 80 contributing companies or organizations

Scanned Files

• scripts/package-lock.json

[github-actions]

🤖 Auto-Test Results

Check	Status
Linting	✅ Passed
Build	✅ Passed
Tests	✅ Passed
Config Sync	✅ Validated
Environment	✅ Healthy

Automated checks completed at 2026-02-23T09:56:40.763Z

[Copilot]

Pull request overview

This PR fixes three configuration correctness issues related to ESLint flat config compatibility, TypeScript module resolution, and dependency version drift. The changes ensure the project's tooling configuration is consistent and uses modern best practices for an ESM-based project with bundler tooling.

Changes:

• Remove deprecated --ext flag from ESLint commands (incompatible with ESLint 9+ flat config)
• Update TypeScript moduleResolution from node to bundler (correct for ESM + bundler projects)
• Sync scripts/package.json dependency versions with root package.json

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File	Description
package.json	Remove --ext .js,.ts,.jsx,.tsx flag from lint scripts (unsupported in ESLint 9+ flat config)
tsconfig.json	Change moduleResolution from node to bundler (correct for ESM projects using esbuild)
scripts/package.json	Update openai to ^6.18.0 and @types/node to ^25.2.1 to match root package.json versions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The CI workflow still invokes ESLint with --ext (see .github/workflows/lint.yml), so even though npm run lint is fixed here, PR builds will continue to fail under ESLint flat config. Update the workflow to drop --ext (or switch it to npm run lint plus --max-warnings 0).

[SolanaRemix]

@copilot apply changes based on feedback

[Copilot]

Fixed in b3ff9a5. Changed the ESLint step in .github/workflows/lint.yml from npx eslint . --ext .js,.ts,.jsx,.tsx --max-warnings 0 to npm run lint -- --max-warnings 0, delegating to the npm script (which already drops --ext) while preserving the CI zero-warnings enforcement.

[Copilot]

scripts/package.json dependency versions were updated, but scripts/package-lock.json still pins the previous openai and @types/node ranges. Please regenerate/update the scripts lockfile so npm ci in scripts/ stays deterministic and consistent with this change.

[SolanaRemix]

@copilot apply changes based on feedback

[Copilot]

Fixed in b3ff9a5. Ran npm install in the scripts/ directory to regenerate scripts/package-lock.json. The lockfile now reflects openai: ^6.18.0 (resolved to 6.25.0) and @types/node: ^25.2.1 (resolved to 25.3.3), consistent with the updated scripts/package.json.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.

Files not reviewed (1)

• scripts/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This dependency bump changes scripts/package.json, but scripts/package-lock.json still pins openai and @types/node to the previous ranges/versions. Please regenerate/update the scripts lockfile so npm ci in scripts/ remains deterministic and consistent with the updated manifest.

[SolanaRemix]

@copilot apply changes based on feedback

[Copilot]

Already addressed in b3ff9a5. scripts/package-lock.json was regenerated via npm install in the scripts/ directory and now reflects openai: ^6.18.0 and @types/node: ^25.2.1.

[github-actions]

🤖 Auto-Test Results

Check	Status
Linting	✅ Passed
Build	✅ Passed
Tests	✅ Passed
Config Sync	✅ Validated
Environment	✅ Healthy

Automated checks completed at 2026-03-02T09:15:35.779Z

[github-actions]

🤖 Auto-Test Results

Check	Status
Linting	✅ Passed
Build	✅ Passed
Tests	✅ Passed
Config Sync	✅ Validated
Environment	✅ Healthy

Automated checks completed at 2026-03-02T09:16:06.881Z

[Copilot]

Pull request overview

Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.

Files not reviewed (1)

• scripts/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The PR description says lint should become eslint . (and CI would pass --max-warnings 0 when needed), but this change hard-codes --max-warnings 0 into the lint script. Decide where warnings should be enforced (script vs CI) and keep it consistent; otherwise this is a behavior change for all local runs and other workflows that call npm run lint (e.g. CI/advanced-build).

[Copilot]

This now runs npm run lint while also passing --max-warnings 0, but the lint script itself already includes --max-warnings 0. Dropping the extra CLI args (or removing it from the script instead) avoids duplicating flags and reduces the risk of ESLint rejecting/overriding repeated options.

Suggested change

	run: npm run lint -- --max-warnings 0
	run: npm run lint