refactor!: centralize colors, organize files, and use markdown for pages#24
Conversation
|
@calebephrem is attempting to deploy a commit to the aditya ojha's projects Team on Vercel. A member of the Team first needs to authorize it. |
Summary by BeetleThis PR represents a major architectural refactor of the DevHub website, centralizing the color system, reorganizing content structure, and migrating from hardcoded TypeScript page data to a markdown-based content management system. The changes improve maintainability, make color updates site-wide trivial, and establish a scalable foundation for content authoring. 📁 File Changes Summary (Consolidated across all commits):
Total Changes: 50 files changed, +2,800 additions, -2,000 deletions 🗺️ Walkthrough:graph TD
A["lib/colors.ts (Centralized Color System)"]
B["lib/markdown/parser.ts (Markdown Parser)"]
C["content/pages-loader.ts (Server-Side Loader)"]
D["content/pages/*.md (Markdown Content)"]
E["content/pages-sections.ts (Client Metadata)"]
F["app/pages/[slug]/page.tsx (Page Routes)"]
G["app/pages/[slug]/PageClient.tsx (Rendering Layer)"]
H["All Components (UI Layer)"]
A -->|"Imported by"| H
A -->|"Imported by"| G
B -->|"Used by"| C
D -->|"Read by"| C
C -->|"Provides data to"| F
E -->|"Provides nav to"| F
F -->|"Passes data to"| G
G -->|"Renders blocks"| H
style A fill:#6366f1,stroke:#818cf8,color:#fff
style B fill:#8b5cf6,stroke:#a78bfa,color:#fff
style C fill:#8b5cf6,stroke:#a78bfa,color:#fff
style D fill:#22d3ee,stroke:#67e8f9,color:#000
🎯 Key Changes:
📊 Impact Assessment:
⚙️ SettingsSeverity Threshold: 📖 User Guide
|
|
Tip Make sure to check the following before pushing:
Then fix the issues, commit, and push again. Note This is just a friendly reminder and will not block the PR from being merged. |
| transform: "translate3d(0, 0, 0.01px)", | ||
| boxShadow: | ||
| "rgba(0,0,0,0.1) 0 1px 2px, rgba(0,0,0,0.1) 0 2px 4px, rgba(0,0,0,0.1) 0 4px 8px, rgba(0,0,0,0.1) 0 8px 16px, rgba(0,0,0,0.1) 0 16px 32px, rgba(0,0,0,0.1) 0 32px 64px", | ||
| `${shadow.sm} 0 1px 2px, ${shadow.sm} 0 2px 4px, ${shadow.sm} 0 4px 8px, ${shadow.sm} 0 8px 16px, ${shadow.sm} 0 16px 32px, ${shadow.sm} 0 32px 64px`, |
There was a problem hiding this comment.
The migration from hardcoded rgba(0,0,0,0.1) to ${shadow.sm} appears incorrect. The original code uses a shadow color repeated across multiple layered shadows with different offsets and blur radii to create a depth effect. If shadow.sm is a complete box-shadow definition (including offsets and blur), this will produce invalid or broken CSS.
Expected behavior: The code should use a shadow color constant (e.g., shadow.color.sm or rgba(0,0,0,0.1)), not a complete shadow definition, since the offsets and blur radii are explicitly defined in the template string.
Confidence: 4/5
Suggested Fix
The fix depends on how shadow.sm is defined in @/lib/colors.ts. You need to either:
- If a shadow color constant exists: Use that instead of
shadow.sm - If no shadow color exists: Keep the original
rgba(0,0,0,0.1)or add a shadow color constant to the colors module
Check the@/lib/colors.tsfile to see whatshadow.smactually contains. If it's a complete shadow definition, you'll need to extract just the color portion or create a new constant for shadow colors.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In components/bits/BorderGlow.tsx around line 272, the box-shadow property incorrectly uses ${shadow.sm} as a replacement for the shadow color rgba(0,0,0,0.1). This is problematic because the original code creates a layered shadow effect by repeating the same color with different offsets and blur radii. If shadow.sm is a complete box-shadow definition (color + offsets + blur), the resulting CSS will be malformed. Check lib/colors.ts to see what shadow.sm contains. If it's a complete shadow definition, either: (1) use a shadow color constant instead (e.g., shadow.color.sm), (2) create a new shadow color constant in the colors module, or (3) revert to using rgba(0,0,0,0.1) directly. The goal is to use only the color portion, not a complete shadow definition, since the offsets and blur radii are already specified in the template string.
Summary by BeetleThis PR represents a major architectural refactor of the DevHub website, introducing a centralized color system, migrating from hardcoded TypeScript page content to markdown-based content management, and reorganizing the component structure for better maintainability. The changes eliminate color duplication across 50+ files, introduce a custom markdown parser for dynamic page content, and establish a cleaner separation between data, presentation, and styling layers. 📁 File Changes Summary (Consolidated across all commits):
Total Changes: 51 files changed, +3,383 additions, -2,106 deletions 🗺️ Walkthrough:graph TD
A["Markdown Files (content/pages/*.md)"]
B["Markdown Parser (lib/markdown/parser.ts)"]
C["Pages Loader (content/pages-loader.ts)"]
D["Server Components (app/pages/*/page.tsx)"]
E["Client Component (PageClient.tsx)"]
F["Color System (lib/colors.ts)"]
G["UI Components (components/*)"]
H["Rendered Page"]
A -->|"Read at build time"| C
C -->|"Parse markdown"| B
B -->|"Return structured blocks"| C
C -->|"Export pages array"| D
D -->|"Pass page data"| E
F -->|"Import colors"| E
F -->|"Import colors"| G
E -->|"Render content blocks"| H
G -->|"Styled components"| H
style A fill:#8b5cf6,stroke:#6d28d9,color:#fff
style B fill:#6366f1,stroke:#4f46e5,color:#fff
style C fill:#6366f1,stroke:#4f46e5,color:#fff
style F fill:#a78bfa,stroke:#8b5cf6,color:#fff
style H fill:#22c55e,stroke:#16a34a,color:#fff
🎯 Key Changes:
📊 Impact Assessment:
⚙️ SettingsSeverity Threshold: 📖 User Guide
|
|
Note Linting checks passed successfully 🎉 All formatting and code quality checks are clean. You're good to merge 🚀 |
| ## Tools We Use | ||
|
|
||
| - [Discord](https://discord.com), The platform the entire DevHub community runs on and communicates through. | ||
| - [Next.js](/pages/moderation-guide#how-to-report-something), Powers the DevHub website with a modern and fast React framework. |
There was a problem hiding this comment.
The Next.js link incorrectly points to an internal moderation guide page (/pages/moderation-guide#how-to-report-something) instead of the official Next.js website. This will cause a broken or misleading link when users click to learn more about Next.js.
Expected: The link should point to https://nextjs.org (the official Next.js website).
Confidence: 5/5
Suggested Fix
| - [Next.js](/pages/moderation-guide#how-to-report-something), Powers the DevHub website with a modern and fast React framework. | |
| - [Next.js](https://nextjs.org), Powers the DevHub website with a modern and fast React framework. | |
Replace the internal link with the official Next.js website URL.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/acknowledgements.md at line 23, the Next.js link incorrectly points to "/pages/moderation-guide#how-to-report-something" instead of the official Next.js website. Change the link to "https://nextjs.org" so users can learn more about Next.js when they click it.
|
|
||
| ## Can I share my project / portfolio / YouTube channel? | ||
|
|
||
| Yes, in the right place. Use #project-showcase for projects you've built, #media for [youtube](htps://youtube.com) or other media content, Promotional posts in the wrong channels, or DM spam, will get removed and the user may face further consequences. |
There was a problem hiding this comment.
The YouTube link contains a typo: htps://youtube.com is missing the 't' in 'https'. This will result in a broken link that won't work when users click it.
Confidence: 5/5
Suggested Fix
| Yes, in the right place. Use #project-showcase for projects you've built, #media for [youtube](htps://youtube.com) or other media content, Promotional posts in the wrong channels, or DM spam, will get removed and the user may face further consequences. | |
| Yes, in the right place. Use #project-showcase for projects you've built, #media for [youtube](https://youtube.com) or other media content, Promotional posts in the wrong channels, or DM spam, will get removed and the user may face further consequences. | |
Correct the URL protocol from htps:// to https://.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/faq.md at line 18, the YouTube link has a typo in the URL protocol. Change "htps://youtube.com" to "https://youtube.com" (add the missing 't' in 'https').
|
|
||
| ## Step 3: Grab Your Roles | ||
|
|
||
| Head to #reaction-roles and react to the message to self-assign roles based on your tech stack like Python, JavaScript, TypeScript, Go, Rust, C/C++, and many more. It people find you when they need someone with your skills. |
There was a problem hiding this comment.
Missing word in sentence: "It people find you when they need someone with your skills" is grammatically incorrect. The sentence appears to be missing a verb like "helps" or "lets". It should read "It helps people find you" or "It lets people find you".
Confidence: 5/5
Suggested Fix
| Head to #reaction-roles and react to the message to self-assign roles based on your tech stack like Python, JavaScript, TypeScript, Go, Rust, C/C++, and many more. It people find you when they need someone with your skills. | |
| Head to #reaction-roles and react to the message to self-assign roles based on your tech stack like Python, JavaScript, TypeScript, Go, Rust, C/C++, and many more. It helps people find you when they need someone with your skills. | |
Add the missing verb "helps" to make the sentence grammatically correct.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/getting-started.md at line 22, there's a grammatical error where "It people find you" is missing a verb. Change "It people find you when they need someone with your skills" to "It helps people find you when they need someone with your skills" by adding the word "helps" after "It".
|
|
||
| function findMarkdownFiles(): { sectionDir: string; filePath: string }[] { | ||
| const results: { sectionDir: string; filePath: string }[] = []; | ||
| const sectionDirs = fs.readdirSync(PAGES_DIR, { withFileTypes: true }); |
There was a problem hiding this comment.
Missing error handling for fs.readdirSync(PAGES_DIR) could cause the entire module to fail during build if the directory doesn't exist or isn't readable. This will crash the build process with an uncaught exception.
Confidence: 5/5
Suggested Fix
| const sectionDirs = fs.readdirSync(PAGES_DIR, { withFileTypes: true }); | |
| const sectionDirs = fs.existsSync(PAGES_DIR) | |
| ? fs.readdirSync(PAGES_DIR, { withFileTypes: true }) | |
| : []; | |
Add a check to ensure PAGES_DIR exists before attempting to read it. Alternatively, wrap the entire findMarkdownFiles() function in a try-catch block to handle filesystem errors gracefully.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages-loader.ts around line 44, the fs.readdirSync(PAGES_DIR) call lacks error handling and could crash the build if the directory doesn't exist; add a check using fs.existsSync(PAGES_DIR) before reading, or wrap the function in try-catch to handle filesystem errors gracefully, and consider returning an empty array or throwing a descriptive error if the directory is missing.
| } | ||
|
|
||
| function loadPageFromFile(sectionDir: string, filePath: string): Page { | ||
| const raw = fs.readFileSync(filePath, "utf-8"); |
There was a problem hiding this comment.
Missing error handling for fs.readFileSync() could cause build failures if a markdown file is corrupted, has permission issues, or is deleted between directory scan and read. This will crash with an uncaught exception.
Confidence: 5/5
Suggested Fix
| const raw = fs.readFileSync(filePath, "utf-8"); | |
| let raw: string; | |
| try { | |
| raw = fs.readFileSync(filePath, "utf-8"); | |
| } catch (error) { | |
| console.error(`Failed to read file ${filePath}:`, error); | |
| throw new Error(`Unable to load page from ${filePath}`); | |
| } | |
Wrap the file read operation in try-catch to provide better error messages during build failures. This helps developers quickly identify which markdown file is causing issues.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages-loader.ts around line 65, the fs.readFileSync(filePath, "utf-8") call lacks error handling and could crash the build if a file is corrupted or has permission issues; wrap it in a try-catch block that logs the specific file path and throws a descriptive error to help developers identify problematic markdown files during build time.
| source: string, | ||
| ): { rawFrontmatter: string | null; body: string } { | ||
| const trimmed = source.replace(/^\uFEFF/, ""); | ||
| const match = trimmed.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?/); |
There was a problem hiding this comment.
ReDoS Vulnerability: The regex pattern /^---\r?\n([\s\S]*?)\r?\n---\r?\n?/ uses a greedy quantifier [\s\S]*? which can cause catastrophic backtracking on maliciously crafted input. If an attacker provides a very long string with many --- sequences but no proper closing delimiter, the regex engine could hang, causing a Denial of Service.
Impact: An attacker could craft a markdown file with a malformed frontmatter section that causes the parser to hang indefinitely, blocking the Node.js event loop and making the application unresponsive.
Confidence: 5/5
Suggested Fix
Add input size validation before regex matching and use a more efficient pattern:
| const match = trimmed.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?/); | |
| const trimmed = source.replace(/^\uFEFF/, ""); | |
| // Prevent ReDoS by limiting input size for frontmatter parsing | |
| if (trimmed.length > 100000) { | |
| return { rawFrontmatter: null, body: trimmed }; | |
| } | |
| const match = trimmed.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?/); | |
Add a reasonable size limit (e.g., 100KB) before attempting regex matching. This prevents attackers from exploiting the regex with extremely large inputs.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In lib/markdown/parser.ts at line 69, add input validation before the regex match to prevent ReDoS attacks. Add a check like "if (trimmed.length > 100000) { return { rawFrontmatter: null, body: trimmed }; }" before the regex match operation. This prevents catastrophic backtracking on maliciously crafted input with very long strings or many --- sequences without proper closing delimiters.
|
|
||
| // Callout block: > [!type] text... | ||
| // Supports multi-line callouts (consecutive > lines) | ||
| const calloutMatch = trimmed.match(/^>\s*\[!(info|warning|danger)\]\s*(.*)$/); |
There was a problem hiding this comment.
ReDoS Vulnerability: The regex pattern /^>\s*\[!(info|warning|danger)\]\s*(.*)$/ uses \s* and .* which can cause catastrophic backtracking. The .* at the end is particularly dangerous as it will try to match as much as possible, then backtrack if the overall pattern fails.
Impact: An attacker could craft callout blocks with very long lines containing many spaces and special characters, causing the regex engine to hang and block the event loop.
Confidence: 5/5
Suggested Fix
Replace the greedy .* with a more specific pattern or add length validation:
| const calloutMatch = trimmed.match(/^>\s*\[!(info|warning|danger)\]\s*(.*)$/); | |
| const calloutMatch = trimmed.match(/^>\s*\[!(info|warning|danger)\]\s*(.{0,1000})$/); | |
Limit the capture group to a reasonable length (e.g., 1000 characters) to prevent excessive backtracking while still supporting legitimate use cases.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In lib/markdown/parser.ts at line 203, replace the regex pattern /^>\s*\[!(info|warning|danger)\]\s*(.*)$/ with /^>\s*\[!(info|warning|danger)\]\s*(.{0,1000})$/ to prevent ReDoS attacks. The unbounded .* quantifier can cause catastrophic backtracking on maliciously crafted input. Limiting the capture group to 1000 characters prevents this while still supporting legitimate callout text.
| ## Tools We Use | ||
|
|
||
| - [Discord](https://discord.com), The platform the entire DevHub community runs on and communicates through. | ||
| - [Next.js](/pages/moderation-guide#how-to-report-something), Powers the DevHub website with a modern and fast React framework. |
There was a problem hiding this comment.
The Next.js link incorrectly points to /pages/moderation-guide#how-to-report-something instead of the Next.js website. This is a logic error - the link should point to https://nextjs.org to match the pattern of other tool links in this list. This will confuse users who click expecting to learn about Next.js but are taken to the moderation guide instead.
Confidence: 5/5
Suggested Fix
| - [Next.js](/pages/moderation-guide#how-to-report-something), Powers the DevHub website with a modern and fast React framework. | |
| - [Next.js](https://nextjs.org), Powers the DevHub website with a modern and fast React framework. | |
Update the link to point to the official Next.js website (https://nextjs.org) to match the pattern of other tool links in this section.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/acknowledgements.md at line 23, the Next.js link incorrectly points to "/pages/moderation-guide#how-to-report-something" instead of the Next.js website; change the href to "https://nextjs.org" to match the pattern of other tool links and prevent user confusion.
|
|
||
| ## Can I share my project / portfolio / YouTube channel? | ||
|
|
||
| Yes, in the right place. Use #project-showcase for projects you've built, #media for [youtube](htps://youtube.com) or other media content, Promotional posts in the wrong channels, or DM spam, will get removed and the user may face further consequences. |
There was a problem hiding this comment.
The YouTube link contains a typo in the URL scheme: htps://youtube.com is missing the 't' in 'https'. This will result in a broken link that won't work when users click it, causing a poor user experience and potentially confusing users trying to access YouTube content guidelines.
Confidence: 5/5
Suggested Fix
| Yes, in the right place. Use #project-showcase for projects you've built, #media for [youtube](htps://youtube.com) or other media content, Promotional posts in the wrong channels, or DM spam, will get removed and the user may face further consequences. | |
| Yes, in the right place. Use #project-showcase for projects you've built, #media for [youtube](https://youtube.com) or other media content, Promotional posts in the wrong channels, or DM spam, will get removed and the user may face further consequences. | |
Fix the typo by changing htps:// to https:// in the YouTube link.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/faq.md at line 18, the YouTube link contains a typo "htps://youtube.com" which is missing the 't' in 'https'; change it to "https://youtube.com" to fix the broken link and ensure users can access the YouTube website correctly.
|
|
||
| ## Step 3: Grab Your Roles | ||
|
|
||
| Head to #reaction-roles and react to the message to self-assign roles based on your tech stack like Python, JavaScript, TypeScript, Go, Rust, C/C++, and many more. It people find you when they need someone with your skills. |
There was a problem hiding this comment.
Grammar error: "It people find you" is missing a verb. This sentence is incomplete and will confuse readers. Should be "It helps people find you" or "It lets people find you" to properly explain the purpose of self-assigning roles.
Confidence: 5/5
Suggested Fix
| Head to #reaction-roles and react to the message to self-assign roles based on your tech stack like Python, JavaScript, TypeScript, Go, Rust, C/C++, and many more. It people find you when they need someone with your skills. | |
| Head to #reaction-roles and react to the message to self-assign roles based on your tech stack like Python, JavaScript, TypeScript, Go, Rust, C/C++, and many more. It helps people find you when they need someone with your skills. | |
Add the missing verb "helps" to complete the sentence and make the purpose clear.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/getting-started.md at line 22, the phrase "It people find you" is grammatically incorrect and missing a verb; change it to "It helps people find you" or "It lets people find you" to complete the sentence and clarify the purpose of self-assigning roles.
|
|
||
| ## Trial Staff | ||
|
|
||
| New moderators start here. They have don't the same permissions as regular moderators, but are in a trial period where they receive more guidance and oversight to become full moderators. |
There was a problem hiding this comment.
Grammar error: "They have don't the same permissions" is grammatically incorrect. The phrase "have don't" is not valid English. This should be either "don't have the same permissions" or "have the same permissions" depending on the intended meaning. Based on the context that Trial Staff are in a trial period with more guidance, it appears the intended meaning is that they "don't have" the same permissions.
Confidence: 5/5
Suggested Fix
| New moderators start here. They have don't the same permissions as regular moderators, but are in a trial period where they receive more guidance and oversight to become full moderators. | |
| New moderators start here. They don't have the same permissions as regular moderators, but are in a trial period where they receive more guidance and oversight to become full moderators. | |
Change "They have don't" to "They don't have" to correct the grammatical error and clarify that Trial Staff have limited permissions during their trial period.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/staff-roles.md at line 30, the phrase "They have don't the same permissions" is grammatically incorrect; change it to "They don't have the same permissions" to fix the grammar error and clarify that Trial Staff have limited permissions during their trial period.
| body: string; | ||
| } { | ||
| const trimmed = source.replace(/^\uFEFF/, ""); | ||
| const match = trimmed.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?/); |
There was a problem hiding this comment.
The regex pattern /^---\r?\n([\s\S]*?)\r?\n---\r?\n?/ is vulnerable to ReDoS (Regular Expression Denial of Service) attacks. The [\s\S]*? pattern with lazy quantifier can cause catastrophic backtracking when processing maliciously crafted input with many --- sequences without proper closing delimiters. This could cause the parser to hang or consume excessive CPU, leading to service degradation.
Confidence: 4/5
Suggested Fix
Add input size validation before regex matching and consider using a more efficient parsing approach:
| const match = trimmed.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?/); | |
| const trimmed = source.replace(/^\uFEFF/, ""); | |
| // Prevent ReDoS by limiting input size for frontmatter parsing | |
| if (trimmed.length > 100000) { | |
| return { rawFrontmatter: null, body: trimmed }; | |
| } | |
| const match = trimmed.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?/); | |
Additionally, consider implementing a character-by-character parser for frontmatter extraction instead of regex to avoid ReDoS vulnerabilities entirely.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In lib/markdown/parser.ts at line 70, the regex pattern /^---\r?\n([\s\S]*?)\r?\n---\r?\n?/ is vulnerable to ReDoS attacks due to the [\s\S]*? pattern which can cause catastrophic backtracking with malicious input; add input size validation before the regex match (e.g., limit to 100KB) and consider implementing a character-by-character parser for frontmatter extraction to eliminate ReDoS vulnerabilities entirely.
| while (i < lines.length && !lines[i].trim().startsWith("```")) { | ||
| codeLines.push(lines[i]); | ||
| i++; | ||
| } |
There was a problem hiding this comment.
Potential infinite loop or excessive memory consumption if a fenced code block is not properly closed. The while loop continues until it finds a closing fence (```), but if the closing fence is missing or malformed, it will consume all remaining lines in the document. This could cause memory exhaustion with large documents or hang the parser indefinitely.
Confidence: 5/5
Suggested Fix
Add a safety limit to prevent infinite loops and excessive memory consumption:
| while (i < lines.length && !lines[i].trim().startsWith("```")) { | |
| codeLines.push(lines[i]); | |
| i++; | |
| } | |
| const maxCodeLines = 10000; // Reasonable limit for code blocks | |
| let codeLineCount = 0; | |
| while (i < lines.length && !lines[i].trim().startsWith("```")) { | |
| if (codeLineCount >= maxCodeLines) { | |
| // Treat as unclosed code block, stop parsing | |
| break; | |
| } | |
| codeLines.push(lines[i]); | |
| i++; | |
| codeLineCount++; | |
| } | |
This prevents runaway parsing while still supporting legitimately large code blocks.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In lib/markdown/parser.ts at lines 171-174, the while loop parsing fenced code blocks has no safety limit and could cause infinite loops or memory exhaustion if the closing fence is missing; add a counter (e.g., maxCodeLines = 10000) to limit the number of lines processed and break the loop if the limit is exceeded, preventing runaway parsing while still supporting large code blocks.
📍 This suggestion applies to lines 171-174
| while (i < lines.length && lines[i].trim().startsWith(">")) { | ||
| const cont = lines[i].trim().replace(/^>\s?/, ""); | ||
| if (cont) calloutLines.push(cont); | ||
| i++; | ||
| } |
There was a problem hiding this comment.
Potential infinite loop when parsing callout continuation lines. If the document contains an extremely long sequence of lines starting with >, this loop will consume all of them without any limit, potentially causing memory exhaustion or parser hangs with maliciously crafted input.
Confidence: 5/5
Suggested Fix
Add a safety limit to prevent excessive memory consumption:
| while (i < lines.length && lines[i].trim().startsWith(">")) { | |
| const cont = lines[i].trim().replace(/^>\s?/, ""); | |
| if (cont) calloutLines.push(cont); | |
| i++; | |
| } | |
| // Collect continuation lines starting with > | |
| const maxCalloutLines = 1000; // Reasonable limit for callout blocks | |
| let calloutLineCount = 0; | |
| while (i < lines.length && lines[i].trim().startsWith(">")) { | |
| if (calloutLineCount >= maxCalloutLines) { | |
| break; | |
| } | |
| const cont = lines[i].trim().replace(/^>\s?/, ""); | |
| if (cont) calloutLines.push(cont); | |
| i++; | |
| calloutLineCount++; | |
| } | |
This prevents runaway parsing while still supporting reasonably large callout blocks.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In lib/markdown/parser.ts at lines 218-222, the while loop collecting callout continuation lines has no safety limit and could cause memory exhaustion with maliciously crafted input containing many consecutive lines starting with '>'; add a counter (e.g., maxCalloutLines = 1000) to limit the number of continuation lines processed and break the loop if exceeded, preventing resource exhaustion while supporting legitimate use cases.
📍 This suggestion applies to lines 218-222
| while (i < lines.length) { | ||
| const itemMatch = lines[i].trim().match(/^[-*]\s+(.+)$/); | ||
| if (!itemMatch) break; | ||
| items.push(itemMatch[1].trim()); | ||
| i++; | ||
| } |
There was a problem hiding this comment.
Potential infinite loop when parsing unordered lists. If the regex pattern matching fails unexpectedly or if there's an extremely long list, this loop could consume excessive memory or hang. Similar issue exists for ordered lists at lines 253-258.
Confidence: 5/5
Suggested Fix
Add safety limits to both list parsing loops:
| while (i < lines.length) { | |
| const itemMatch = lines[i].trim().match(/^[-*]\s+(.+)$/); | |
| if (!itemMatch) break; | |
| items.push(itemMatch[1].trim()); | |
| i++; | |
| } | |
| while (i < lines.length) { | |
| const itemMatch = lines[i].trim().match(/^[-*]\s+(.+)$/); | |
| if (!itemMatch) break; | |
| // Prevent excessive list items | |
| if (items.length >= 10000) { | |
| break; | |
| } | |
| items.push(itemMatch[1].trim()); | |
| i++; | |
| } | |
Apply the same fix to the ordered list parsing at lines 253-258. This prevents resource exhaustion while supporting legitimately large lists.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In lib/markdown/parser.ts at lines 237-242 (unordered lists) and lines 253-258 (ordered lists), the while loops parsing list items have no safety limits and could cause memory exhaustion with extremely long lists; add a check (e.g., if items.length >= 10000) to break the loop if too many items are accumulated, preventing resource exhaustion while supporting legitimate use cases. Apply this fix to both the unordered and ordered list parsing sections.
📍 This suggestion applies to lines 237-242
Summary by BeetleThis PR represents a major architectural refactor of the DevHub website, introducing three key improvements:
📁 File Changes Summary
Total Changes: 51 files changed, +2,458 additions, -1,807 deletions🗺️ Walkthroughgraph TD
A["🎨 Centralized Color System (lib/colors.ts)"] --> B["📄 All Pages & Components"]
C["📝 Markdown Files (content/pages//*.md)"] --> D["🔧 Markdown Parser (lib/markdown/parser.ts)"]
D --> E["⚙️ Pages Loader (content/pages-loader.ts)"]
E --> F["🌐 Next.js Pages (app/pages/[slug]/page.tsx)"]
F --> G["🖥️ PageClient Component (renders content blocks)"]
H["📂 Component Organization"] --> I["components/bits/ (decorative)"]
H --> J["components/site/ (layout)"]
H --> K["components/home/ (sections)"]
A -.->|"replaces inline colors"| B
E -.->|"replaces"| L["❌ Old content/pages.ts (1,307 lines deleted)"]
style A fill:#6366f1,stroke:#818cf8,color:#fff
style C fill:#8b5cf6,stroke:#a78bfa,color:#fff
style L fill:#ef4444,stroke:#f87171,color:#fff
style H fill:#22d3ee,stroke:#67e8f9,color:#000
🎯 Key Changes1. Centralized Color System (
|
|
Note Linting checks passed successfully 🎉 All formatting and code quality checks are clean. You're good to merge 🚀 |
| title: Adding a Bot | ||
| section: Bots | ||
| description: How to propose and add a new bot to the DevHub server. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
The lastUpdated field contains a future date (May 17, 2026) which is logically incorrect for a document being created now. This could confuse users about when the content was actually last updated and undermines the credibility of the documentation's freshness indicators.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update the date to the current year (2024) or the actual date when this documentation is being added. If this is being added in 2025, use the appropriate current date.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/bots/adding-a-bot.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date to accurately reflect when this documentation was created.
| title: Bots Overview | ||
| section: Bots | ||
| description: Overview of all bots running in the DevHub Discord server. | ||
| lastUpdated: May 22, 2026 |
There was a problem hiding this comment.
Same issue as comment #1 - the lastUpdated field contains a future date (May 22, 2026) which is logically incorrect. This should be updated to the current date when the file is being added.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 22, 2026 | |
| lastUpdated: May 22, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/bots/bots.md at line 6, the lastUpdated field shows "May 22, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 22, 2024" or the appropriate current date.
| title: Acknowledgements | ||
| section: Community | ||
| description: The people and tools that make DevHub possible. | ||
| lastUpdated: May 22, 2026 |
There was a problem hiding this comment.
Same issue as comments #1 and #2 - the lastUpdated field contains a future date (May 22, 2026) which is logically incorrect. This metadata field should reflect the actual date when the documentation is created or last modified, not a future date.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 22, 2026 | |
| lastUpdated: May 22, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added. This ensures accurate metadata for documentation freshness tracking.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/acknowledgements.md at line 6, the lastUpdated field shows "May 22, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 22, 2024" or the appropriate current date to accurately reflect when this documentation was created.
| title: Code of Conduct | ||
| section: Community | ||
| description: How we treat each other, and what happens when we don't. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #2, and #3 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. This metadata field should reflect the actual date when the documentation is created or last modified, not a future date. This pattern appears across multiple markdown files in this PR and should be corrected consistently.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added. This ensures accurate metadata for documentation freshness tracking and maintains consistency with proper documentation practices.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/code-of-conduct.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date to accurately reflect when this documentation was created. This same issue appears in multiple markdown files in this PR and should be fixed consistently across all affected files.
| title: FAQ | ||
| section: Community | ||
| description: Frequently asked questions about DevHub. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1-4 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/faq.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Getting Started | ||
| section: Community | ||
| description: Your first steps in the DevHub Discord community. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #4, and #5 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/getting-started.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: How to Ask for Help | ||
| section: Community | ||
| description: How to write a good help request so you actually get useful answers. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #4, #5, and #7 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. This metadata field should reflect the actual date when the documentation is created or last modified, not a future date.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added. This ensures accurate metadata for documentation freshness tracking and maintains consistency across all documentation files in this PR.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/how-to-ask.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date to accurately reflect when this documentation was created.
| title: How to Help Others | ||
| section: Community | ||
| description: How to give useful, effective help without burning yourself out. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #4, #5, #7, and #10 - the lastUpdated field contains a future date (May 17, 2026). See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/how-to-help.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Join Guide | ||
| section: Community | ||
| description: Everything you need before you click that invite link. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #4, #5, #7, #10, and #11 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/join-guide.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Moderation Guide | ||
| section: Community | ||
| description: How moderation works at DevHub, appeals, reports, and the team's approach. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #4, #5, #7, #10, #11, and #12 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/moderation-guide.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Server Info | ||
| section: Community | ||
| description: Everything you need to know about how DevHub is structured. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1-15 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/server-info.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Staff Roles | ||
| section: Community | ||
| description: Who does what on the DevHub team. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #2, #4, #5, #7, #10, #11, #12, and #13 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See comment #1 for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/community/staff-roles.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Privacy Policy | ||
| section: Legal | ||
| description: What data DevHub collects, stores, and how it's used. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #4, #5, #7, #10, #11, #12, #13, and #15 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. This metadata field should reflect the actual date when the documentation is created or last modified, not a future date. This is a data integrity issue that could confuse users about documentation freshness.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added. This ensures accurate metadata for documentation tracking and maintains consistency across all documentation files in this PR.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/legal/privacy-policy.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date to accurately reflect when this privacy policy documentation was created.
| title: Security Notice | ||
| section: Legal | ||
| description: How to report security vulnerabilities in DevHub's open source projects. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1-15 across all other documentation files - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See previous comments for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/legal/security-notice.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
|
|
||
| Do not open a public GitHub issue for security vulnerabilities. Instead: | ||
|
|
||
| - Email [open-devhub@outlook.com](mailto:open-devhub@outlook.com) with the subject line `Security Vulnerability: [project name]`. |
There was a problem hiding this comment.
Security concern: The security policy recommends email for vulnerability reports but doesn't mention encryption or secure communication methods. Sensitive vulnerability details transmitted via unencrypted email could be intercepted, potentially exposing the vulnerability to malicious actors before it's patched. Security policies should encourage or require encrypted communication (PGP/GPG keys) for sensitive vulnerability disclosures.
Confidence: 4/5
Suggested Fix
Consider adding guidance about encrypted communication. For example:
| - Email [open-devhub@outlook.com](mailto:open-devhub@outlook.com) with the subject line `Security Vulnerability: [project name]`. | |
| - Email [open-devhub@outlook.com](mailto:open-devhub@outlook.com) with the subject line `Security Vulnerability: [project name]`. For sensitive disclosures, please use PGP encryption (key available on request). | |
Alternatively, add a note encouraging researchers to request a PGP key or use GitHub's private security advisory feature for sensitive reports.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/legal/security-notice.md at line 16, add guidance about encrypted communication for security vulnerability reports. Either mention PGP/GPG encryption availability or emphasize the GitHub private security advisory feature as the preferred method for sensitive disclosures. This ensures vulnerability details aren't transmitted in plaintext email where they could be intercepted.
| title: How to Contribute | ||
| section: Open Source | ||
| description: Ways to contribute to DevHub, code, community, and everything in between. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1-15 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See previous comments for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/open-source/contributing.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Project Guidelines | ||
| section: Open Source | ||
| description: Standards for DevHub open source projects. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1, #3, #6, #9, #10, #11, and #14 - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. See those comments for full details.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/open-source/project-guidelines.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date.
| title: Submitting a Project | ||
| section: Open Source | ||
| description: Get your project featured or hosted under the DevHub org. | ||
| lastUpdated: May 17, 2026 |
There was a problem hiding this comment.
Same issue as comments #1-15 across all other documentation files - the lastUpdated field contains a future date (May 17, 2026) which is logically incorrect. This metadata field should reflect the actual date when the documentation is created or last modified, not a future date. This is a data integrity issue that could confuse users about documentation freshness.
Confidence: 5/5
Suggested Fix
| lastUpdated: May 17, 2026 | |
| lastUpdated: May 17, 2024 | |
Update to the current year (2024) or the actual date when this documentation is being added. This ensures accurate metadata for documentation tracking and maintains consistency across all documentation files in this PR.
Prompt for AI
Copy this prompt to your AI IDE to fix this issue locally:
In content/pages/open-source/submit-project.md at line 6, the lastUpdated field shows "May 17, 2026" which is a future date and logically incorrect. Change this to the current date when the file is being added (likely 2024 or 2025), using the format "May 17, 2024" or the appropriate current date to accurately reflect when this documentation was created.
No description provided.