Add minimum and maximum version checks for frameworks during auto-configuration

[dario-piotrowicz]

Fixes https://jira.cfdata.org/browse/DEVX-2525

When Wrangler automatically configures a project, it now validates the installed version of the detected framework before proceeding:

• If the version is below the minimum known-good version, the command exits with an error asking the user to upgrade the framework.
• If the version is above the maximum known major version, a warning is emitted to let the user know the framework version has not been officially tested with this feature, and the command continues.

---

• Tests
  • Tests included/updated
  • Automated tests not possible - manual testing has been completed as follows:
  • Additional testing not necessary because:
• Public documentation
  • Cloudflare docs PR(s):
  • Documentation not necessary because: UX self-explanatory improvement

A picture of a cute animal (not mandatory, but encouraged)

---

[changeset-bot]

🦋 Changeset detected

Latest commit: 98d490a

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

✅ All changesets look good

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13050

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13050

miniflare

npm i https://pkg.pr.new/miniflare@13050

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13050

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13050

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13050

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13050

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13050

wrangler

npm i https://pkg.pr.new/wrangler@13050

commit: 98d490a

[ask-bonk]

Review posted on PR #13050. The main finding is a logic bug where semiver produces incorrect comparison results when minimumVersion is specified as a bare major number (e.g. "19" instead of "19.0.0"). This causes semiver("19.0.0", "19") to return -1, meaning the minimum version check would incorrectly reject Angular 19.0.0, Astro 4.0.0, Vite 6.0.0, React Router 7.0.0, and any Vike 0.x version as "too old." The fix is straightforward: use full semver strings like "19.0.0" instead of bare majors like "19".

github run

[workers-devprod]

Codeowners approval required for this PR:

• @cloudflare/wrangler

Show detailed file reviewers

• packages/wrangler/src/tests/autoconfig/details/display-auto-config-details.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/autoconfig/frameworks/get-framework-class.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/autoconfig/frameworks/get-framework.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/autoconfig/frameworks/is-framework-supported.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/autoconfig/frameworks/is-known-framework.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/autoconfig/frameworks/validate-framework-version.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/autoconfig/run.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/deploy/core.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/details.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/all-frameworks.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/analog.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/angular.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/astro.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/framework-class.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/get-framework.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/hono.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/index.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/next.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/nuxt.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/pages.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/qwik.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/react-router.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/solid-start.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/static.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/sveltekit.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/tanstack.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/utils/packages.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/vike.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/vite.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/frameworks/waku.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/run.ts: [@cloudflare/wrangler]
• packages/wrangler/src/autoconfig/types.ts: [@cloudflare/wrangler]
• packages/wrangler/src/cli.ts: [@cloudflare/wrangler]

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 8 additional findings in Devin Review.

[devin-ai-integration]

🔴 maximumKnownMajorVersion comparison emits spurious warnings for versions with non-zero patch

The semiver(frameworkVersion, frameworkPackageInfo.maximumKnownMajorVersion) comparison at framework-class.ts:76 incorrectly warns for versions within the known major that have a non-zero patch component. When maximumKnownMajorVersion is "4", semiver splits it into ["4"]. The minor comparison (fn(a[1], undefined)) returns 0 due to JS undefined comparison semantics. But the patch comparison uses a || 0 fallback: fn(a[2] || 0, b[2] || 0) where b[2] is "" → "" || 0 = 0. So any non-zero patch triggers a false positive: semiver("4.3.2", "4") returns 1 (warning), while semiver("4.5.0", "4") returns 0 (no warning). In practice, versions like "6.0.3" of Astro (with maximumKnownMajorVersion: "6") would display a misleading warning that the version is "not officially supported". The test at line 113 ("4.3.2" expecting no warning) would also fail for the same reason.

Suggested fix approach

Compare only the major version number instead of using semiver with a partial version string:

const installedMajor = parseInt(frameworkVersion.split(".")[0], 10);
const maxKnownMajor = parseInt(frameworkPackageInfo.maximumKnownMajorVersion, 10);
if (installedMajor > maxKnownMajor) { logger.warn(...); }

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[dario-piotrowicz]

semiver("4.5.0", "4") doesn't return 1 🤔

[dario-piotrowicz]

I've added a test to ensure that we don't warn: b073efd

[penalosa]

Why is this more reliable?

[dario-piotrowicz]

because the package.json could not have a resolve export causing require.resolve to throw ERR_PACKAGE_PATH_NOT_EXPORTED this is actually the case for nuxt

however require.resolve on package.json is also not a silver bullet since this only works if the package.json is present in the published package, so I think the best is to try both

[dario-piotrowicz]

PS: I'm happy to expand on the code comment if that'd help 🙂

[petebacondarwin]

I don't think it is possible to have a published package that does not contain package.json??

[dario-piotrowicz]

mh... no sorry I think you're right... but there was something regarding the package.json that I saw a while back... like require.resolve not being able to see package.jsons under certain circumstances 🤔 , I'll try to find what that was

[dario-piotrowicz]

Sorry, that was totally my bad, it seems like require.resolve only detects package.jsons when they are exported: nodejs/node#33460