chore(release): npm 0.5.3

[stormslowly]

Why

The npm 0.5.3 release (release-npm.yml) fails at the napi artifacts step with:

[ERR_PNPM_OUTDATED_LOCKFILE] ... bindings/wasm32-wasi/package.json

napi create-npm-dirs generates the per-platform binding workspace packages at release time, but bindings/ is gitignored, so the lockfile's bindings/* importers are not anchored to any committed file. A renovate lockfile regeneration on a clean checkout (where bindings/ does not exist) silently drops those importers — and even after they were re-added by hand, the bindings/wasm32-wasi importer kept a stale @napi-rs/wasm-runtime ^1.1.4 specifier that no longer matches the ^1.1.5 that create-npm-dirs now generates (root devDep was bumped in #256). Either way pnpm install --frozen-lockfile fails during release.

Only bindings/wasm32-wasi triggers this — it is the one platform package with real dependencies (@napi-rs/wasm-runtime, @emnapi/*); the others are dependency-free.

What

Track the binding package.json files in git (the same approach rspack uses for npm/*), so a clean checkout always carries the importers and renovate can no longer drop them:

• remove the blanket bindings ignore from .gitignore
• add bindings/.gitignore that tracks only package.json (all .wasm / .cjs / glue / .node artifacts stay ignored)
• add bindings to .prettierignore (the generated files are not prettier-formatted and must not be style-enforced)
• correct the bindings/wasm32-wasi lockfile importer to ^1.1.5

release-npm.yml needs no change: create-npm-dirs rewrites the version at release time (working-tree only) and version is not a dependency specifier, so --frozen-lockfile stays green.

Verification (local, on a clean checkout)

• pnpm install --frozen-lockfile → Lockfile is up to date
• renovate-style pnpm install --lockfile-only → lockfile byte-identical, importers retained
• full release order create-npm-dirs → artifacts → prepublish → no ERR_PNPM_OUTDATED_LOCKFILE
• prettier --check . → clean

[Copilot]

Pull request overview

This PR stabilizes pnpm-based npm releases by ensuring the generated per-platform bindings/* workspace packages are “anchored” in git, so pnpm-lock.yaml importers don’t get dropped on clean checkouts (and --frozen-lockfile remains reliable in CI release workflows).

Changes:

• Stop blanket-ignoring bindings/ and instead commit only each binding workspace’s package.json (keep artifacts ignored via bindings/.gitignore).
• Exclude bindings/ from Prettier checks to avoid enforcing formatting on generated files.
• Align the bindings/wasm32-wasi importer in pnpm-lock.yaml to @napi-rs/wasm-runtime ^1.1.5.

Reviewed changes

Copilot reviewed 12 out of 14 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pnpm-lock.yaml	Updates the bindings/wasm32-wasi importer specifier to match current generated deps (^1.1.5).
.gitignore	Removes the top-level ignore for bindings/ so the directory can be tracked.
.prettierignore	Adds bindings to skip formatting checks for generated binding workspace files.
bindings/.gitignore	Ignores all binding artifacts while allowing */package.json (and the ignore file) to be committed.
bindings/wasm32-wasi/package.json	Adds the WASI binding workspace manifest with its runtime dependencies.
bindings/win32-x64-msvc/package.json	Adds the Windows x64 binding workspace manifest.
bindings/win32-ia32-msvc/package.json	Adds the Windows ia32 binding workspace manifest.
bindings/win32-arm64-msvc/package.json	Adds the Windows arm64 binding workspace manifest.
bindings/linux-x64-musl/package.json	Adds the Linux x64 musl binding workspace manifest.
bindings/linux-x64-gnu/package.json	Adds the Linux x64 glibc binding workspace manifest.
bindings/linux-arm64-musl/package.json	Adds the Linux arm64 musl binding workspace manifest.
bindings/linux-arm64-gnu/package.json	Adds the Linux arm64 glibc binding workspace manifest.
bindings/darwin-x64/package.json	Adds the macOS x64 binding workspace manifest.
bindings/darwin-arm64/package.json	Adds the macOS arm64 binding workspace manifest.

Files not reviewed (1)

• pnpm-lock.yaml: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request tracks the bindings/ directory by removing it from the root .gitignore and adding it to .prettierignore. A new bindings/.gitignore is introduced that ignores all contents by default while explicitly re-including itself and all package.json files. Ten platform-specific package.json manifests are added under bindings/ for darwin-arm64, darwin-x64, linux-arm64-gnu, linux-arm64-musl, linux-x64-gnu, linux-x64-musl, wasm32-wasi, win32-arm64-msvc, win32-ia32-msvc, and win32-x64-msvc, all at version 0.5.3 with public npm publish configuration.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description clearly explains the problem, solution, and verification steps related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title accurately describes the main change: a chore release for npm version 0.5.3 that fixes the failing npm release process by tracking binding package.json files in git.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/npm_0.5.3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 12 untouched benchmarks

---

_{Comparing release/npm_0.5.3 (6228906) with main (82c1a38)}