HARMONY-2173: Fix issues with ts-node and Node 22.18

[chris-durbin]

Jira Issue ID

HARMONY-2173

Description

Fixes the problems we were seeing with npm commands after the Bamboo docker images for Node have been updated to 22.18.

Local Test Steps

You will need to test with npm 22.18.0. I decided not to update our .nvmrc to that version since we should update all of our Dockerfiles and Github workflows to use that version and I'd like to just get our builds working again first.

To manually do that you can update the .nvmrc to 22.18.0 and then run nvm install to install the new version. Once you are on the new version run npm run coverage from the packages/util directory. From the main branch you will see it fail. From this branch it should work successfully.

You can also check Bamboo to make sure the build for this branch is green.

PR Acceptance Checklist

• Acceptance criteria met
• Tests added/updated (if needed) and passing
• Documentation updated (if needed)
• Harmony in a Box tested (if changes made to microservices or new dependencies added)

Summary by CodeRabbit

• Chores
  • Configured Node to run with --no-experimental-strip-types across the workspace.
  • Updated tmp dependency to 0.2.4 across multiple packages/services.
  • Removed outdated entries from nsprc configurations, leaving them empty or streamlined.
  • Minor formatting normalization (e.g., added missing trailing newline to Node version file).
• Tests
  • No changes.
• Bug Fixes
  • No changes.
• New Features
  • No changes.

[coderabbitai]

Walkthrough

Adds Node.js runtime flag --no-experimental-strip-types via .npmrc across root, packages/util, and multiple services. Cleans up .nsprc files by removing entry 1106845 (some emptied). Updates tmp dependency to 0.2.4 across several services and adds overrides for tmp at root and packages/util. Minor newline added to .nvmrc.

Changes

Cohort / File(s)	Summary
Node runtime flags (.npmrc) ./.npmrc, packages/util/.npmrc, services/*/.npmrc (cron-service, harmony, query-cmr, service-runner, work-failer, work-reaper, work-updater)	Add node-options=--no-experimental-strip-types to configure Node invocations via npm.
NSP overrides cleanup (.nsprc) ./.nsprc, packages/util/.nsprc, services/.../.nsprc (cron-service, harmony, query-cmr, service-runner, work-failer, work-scheduler, work-updater)	Remove entry 1106845; several files now {}, others retain remaining entries. No code changes.
Dependency adjustments (package.json) ./package.json, packages/util/package.json, services/.../package.json (cron-service, harmony, query-cmr, service-runner, work-failer, work-scheduler, work-updater)	Add/adjust overrides for tmp at root and util; bump tmp dependency from ^0.2.1 to ^0.2.4 across listed services.
Tooling version files ./.nvmrc	Add trailing newline; content unchanged (22.14.0).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I nibble configs, hop through trees,
Flipping flags with gentle ease.
TMP now fresh, the fields are clean,
NSP notes fade—an empty scene.
With Node set right, I thump in cheer—
Our burrow builds without a fear. 🥕🐇

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch harmony-2173

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[indiejames]

Tested locally

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

packages/util/.npmrc (1)

1-1: Add a brief comment explaining the workaround

Add context for future maintainers about why this flag is present and reference HARMONY-2173.

Apply:

+; Workaround for Node 22.x + ts-node conflict; see HARMONY-2173
 node-options=--no-experimental-strip-types

services/work-reaper/.npmrc (1)

1-1: Add a short rationale comment

Mirror the rationale comment so the intent remains clear in-package.

Apply:

+; Workaround for Node 22.x + ts-node conflict; see HARMONY-2173
 node-options=--no-experimental-strip-types

services/cron-service/.nsprc (1)

1-1: .nsprc clean-up verified; empty policy remains

• No non-empty .nsprc files found (all contain only {})
• No references to advisory 1106845 in any .nsprc

You can safely remove the empty services/cron-service/.nsprc if your tooling doesn’t require it to reduce repo noise. Otherwise, leaving an empty {} is fine.

Please confirm that better-npm-audit passes in this package (and any others where suppressions were removed) now that tmp is pinned to 0.2.4.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e6ef063 and 00d42f1.

⛔ Files ignored due to path filters (9)

• package-lock.json is excluded by !**/package-lock.json
• packages/util/package-lock.json is excluded by !**/package-lock.json
• services/cron-service/package-lock.json is excluded by !**/package-lock.json
• services/harmony/package-lock.json is excluded by !**/package-lock.json
• services/query-cmr/package-lock.json is excluded by !**/package-lock.json
• services/service-runner/package-lock.json is excluded by !**/package-lock.json
• services/work-failer/package-lock.json is excluded by !**/package-lock.json
• services/work-scheduler/package-lock.json is excluded by !**/package-lock.json
• services/work-updater/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (28)

• .npmrc (1 hunks)
• .nsprc (1 hunks)
• .nvmrc (1 hunks)
• package.json (1 hunks)
• packages/util/.npmrc (1 hunks)
• packages/util/.nsprc (1 hunks)
• packages/util/package.json (2 hunks)
• services/cron-service/.npmrc (1 hunks)
• services/cron-service/.nsprc (1 hunks)
• services/cron-service/package.json (1 hunks)
• services/harmony/.npmrc (1 hunks)
• services/harmony/.nsprc (0 hunks)
• services/harmony/package.json (1 hunks)
• services/query-cmr/.npmrc (1 hunks)
• services/query-cmr/.nsprc (1 hunks)
• services/query-cmr/package.json (1 hunks)
• services/service-runner/.npmrc (1 hunks)
• services/service-runner/.nsprc (1 hunks)
• services/service-runner/package.json (1 hunks)
• services/work-failer/.npmrc (1 hunks)
• services/work-failer/.nsprc (1 hunks)
• services/work-failer/package.json (1 hunks)
• services/work-reaper/.npmrc (1 hunks)
• services/work-scheduler/.nsprc (1 hunks)
• services/work-scheduler/package.json (1 hunks)
• services/work-updater/.npmrc (1 hunks)
• services/work-updater/.nsprc (1 hunks)
• services/work-updater/package.json (1 hunks)

💤 Files with no reviewable changes (1)

• services/harmony/.nsprc

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build (22.14.x)
• GitHub Check: compare-services
• GitHub Check: build (22.14.x)

🔇 Additional comments (33)

services/work-updater/.npmrc (2)

1-1: Good fix to unblock ts-node on Node 22.x

Adding --no-experimental-strip-types via npm config is a pragmatic way to avoid Node 22 interfering with ts-node’s transpilation.

---

1-1: No conflicts with existing NODE_OPTIONS

We only found NODE_OPTIONS set via script prefixes in the root and services/harmony package.json (memory flags), and those assignments in the command string override any NODE_OPTIONS injected from .npmrc. The services/work-updater/.npmrc applies only to that package, which has no scripts defining NODE_OPTIONS, so there’s nothing to be clobbered.

services/query-cmr/package.json (3)

71-71: Bump tmp to ^0.2.4 looks safe

The version bump aligns with repo-wide overrides and should be compatible with tmp-promise. No API changes expected for common usage.

---

81-83: Engines range compatible with the fix

"node": "^22.14.0" covers 22.18 used in Bamboo. No change needed here.

---

71-72: No direct tmp usage detected in services/query-cmr
Ran searches for require('tmp'), import … from 'tmp', and tmp. method calls—none were found. The dependency bump is safe as all temporary-file logic goes through tmp-promise.

services/cron-service/.npmrc (2)

1-1: Consistent runtime flag application

Matches the pattern applied elsewhere; helps ensure npm-run invocations behave consistently with Node 22.x.

---

1-1: Confirm NODE_OPTIONS in all .npmrc files won’t override your CI/agent settings

All of these .npmrc files set

node-options=--no-experimental-strip-types

which NPM will apply when spawning Node for scripts. Ensure this project-level config does not unintentionally overwrite any NODE_OPTIONS you’ve defined in your build or CI environment.

Files to review:

• ./.npmrc
• packages/util/.npmrc
• services/cron-service/.npmrc
• services/harmony/.npmrc
• services/query-cmr/.npmrc
• services/service-runner/.npmrc
• services/work-failer/.npmrc
• services/work-updater/.npmrc
• services/work-reaper/.npmrc

If you rely on additional flags via NODE_OPTIONS, run a CI job with these settings or consider merging flags using npm_config_node_options so both sets of options are preserved.

services/work-failer/.npmrc (2)

1-1: LGTM: ensures ts-node scripts won’t be impacted by Node’s experimental strip-types

Consistent with the repo-wide approach.

---

1-1: No side effects on existing NODE_OPTIONS detected

I ran a repository-wide search for NODE_OPTIONS and npm_config_node_options and only found explicit environment-variable usages in two script entries—they won’t be affected by the new .npmrc in services/work-failer:

• package.json:12
"start": "cd services/harmony && NODE_OPTIONS=--max-old-space-size=3096 ts-node -r tsconfig-paths/register app/server.ts"
• services/harmony/package.json:12
"start": "NODE_OPTIONS=--max-old-space-size=3096 ts-node -r tsconfig-paths/register app/server.ts"

There are no other references to npm_config_node_options or CI pipelines relying on NODE_OPTIONS. Since the .npmrc is scoped only to services/work-failer, it won’t override existing NODE_OPTIONS elsewhere.

services/service-runner/package.json (3)

59-59: Bump tmp to ^0.2.4: OK

Aligns with project-wide dependency updates and the root override. No breaking changes expected for typical usage.

---

24-26: Engines are compatible with Node 22.18

"node": "^22.14.0" is sufficient for Bamboo’s 22.18. No action needed.

---

59-61: No direct tmp references in service-runner
A ripgrep scan for require('tmp'), import … from 'tmp', and tmp. in the services/service-runner folder returned no matches. All temporary-file operations must be going through tmp-promise, so there are no deprecated tmp APIs in use at runtime.

services/harmony/package.json (2)

156-156: Bump to tmp ^0.2.4 looks good

This aligns with the repo-wide update and should address known advisories tied to earlier 0.2.x releases.

---

156-156: No stale tmp versions detected across workspace
All package.json files declare tmp at version 0.2.4 (or ^0.2.4), and no explicit tmp@* entries were found in any package-lock.json files. No further action needed.

services/query-cmr/.npmrc (1)

1-1: Disable Node’s TS stripping for compatibility with ts-node — good addition

All .npmrc files across the repo now consistently include

node-options=--no-experimental-strip-types

– confirmed in the root and every package/service.

Be aware, however, that these package.json scripts explicitly set NODE_OPTIONS, which will override your .npmrc setting:

• package.json (root), line 12:
  "start": "cd services/harmony && NODE_OPTIONS=--max-old-space-size=3096 ts-node -r tsconfig-paths/register app/server.ts"
• services/harmony/package.json, line 12:
  "start": "NODE_OPTIONS=--max-old-space-size=3096 ts-node -r tsconfig-paths/register app/server.ts"

If you need --no-experimental-strip-types in those invocations, consider appending it to the script’s NODE_OPTIONS or removing the explicit override.

services/work-failer/.nsprc (1)

1-1: Confirm CVE-2025-54798 (npm advisory 1106845) is resolved before removing the exception

• File: services/work-failer/.nsprc (line 1)
• Advisory 1106845 = GHSA-52f5-9888-hmc6 / CVE-2025-54798, a symlink/dir-traversal in tmp ≤ 0.2.3, fixed in [email protected]
• Verify your project resolves tmp@>=0.2.4 (run npm ls tmp, update your lockfile or use npm “overrides”/Yarn “resolutions”)
• Rerun better-npm-audit (or npm audit) without this ignore to confirm the vulnerability is gone

Once you’ve confirmed tmp@>=0.2.4 is in your tree and audit passes, you can safely drop the stale exception.

services/cron-service/package.json (2)

77-77: Bump to tmp ^0.2.4 looks good

Matches the repo-wide update and should align with the root override strategy.

---

77-77: Ensure single-version resolution of tmp dependency

After installing dependencies in services/cron-service, verify that only [email protected] is resolved for both direct and transitive usages. This prevents multiple 0.2.x instances (e.g., via tmp-promise) from creeping in.

• In services/cron-service, run:

1. npm ci (or npm install)
2. npm ls tmp

• You should see only one entry:

└── [email protected]  

If you observe additional versions, consider adding an npm “overrides” entry or running npm dedupe to enforce a single [email protected].

services/work-scheduler/.nsprc (1)

11-11: LGTM - Proper JSON formatting maintained.

The removal of the trailing comma after the last entry (1096727) maintains valid JSON syntax while cleaning up the configuration.

services/harmony/.npmrc (1)

1-1: LGTM - Addresses Node 22.18 ts-node compatibility.

Adding --no-experimental-strip-types flag resolves TypeScript execution issues with Node.js 22.18, which aligns with the PR objective to fix ts-node compatibility problems.

.npmrc (1)

1-1: LGTM - Root-level Node.js configuration for ts-node compatibility.

The global configuration ensures consistent Node.js runtime behavior across all packages, addressing the ts-node issues with Node 22.18 mentioned in the PR objectives.

services/work-scheduler/package.json (1)

68-68: LGTM - tmp dependency version update.

Bumping tmp from ^0.2.1 to ^0.2.4 aligns with the repository-wide standardization and likely includes bug fixes or improvements.

services/work-updater/package.json (1)

83-83: LGTM - Consistent tmp dependency update.

The tmp dependency update to ^0.2.4 maintains consistency with other services in this repository-wide alignment.

packages/util/.nsprc (1)

1-1: LGTM! NSP configuration cleared appropriately.

The removal of the 1106845 entry and clearing of the NSP configuration is consistent with the PR's objective to fix Node 22.18 compatibility issues. This aligns with similar changes across other services in the repository.

package.json (1)

87-88: LGTM! Package override for tmp dependency added correctly.

The addition of the tmp package override to version 0.2.4 is properly formatted and aligns with the dependency updates across multiple services in the repository. The comma addition on line 87 maintains valid JSON syntax.

services/work-updater/.nsprc (1)

1-1: LGTM! NSP configuration cleared consistently.

The removal of the 1106845 entry and replacement with an empty object is consistent with similar changes across other services. This supports the overall Node 22.18 compatibility fixes.

services/service-runner/.npmrc (1)

1-1: LGTM! Node runtime flag added to fix Node 22.18 compatibility.

The addition of --no-experimental-strip-types flag is the core fix for Node 22.18 compatibility issues with ts-node. This configuration ensures npm commands pass the correct runtime flags to Node.js, preventing the experimental TypeScript stripping feature from interfering with ts-node execution.

services/service-runner/.nsprc (1)

11-11: LGTM! JSON syntax corrected after entry removal.

The removal of the trailing comma on line 11 properly maintains valid JSON syntax after the 1106845 entry was removed. The remaining NSP configuration entries are preserved correctly.

.nsprc (1)

1-1: 1106845 Advisory Removal Verified
No occurrences of advisory 1106845 were found in any .nsprc file—removal is safe and CI will now properly fail on any true regressions.

Current non-empty .nsprc files (other suppressed advisories remain):

• services/harmony/.nsprc → 1105444
• services/service-runner/.nsprc → 1097682, 1096727
• services/work-scheduler/.nsprc → 1097682, 1096727

services/work-failer/package.json (1)

79-79: Verify tmp API compatibility after bump to ^0.2.4

We’ve identified direct imports of the tmp module in your codebase. Please confirm that none of these usages are affected by the patch bump, and that tmp-promise still resolves to 0.2.4 via your overrides:

• services/harmony/app/util/object-store/s3-object-store.ts
• services/harmony/test/helpers/shapefile-upload.ts
• services/harmony/test/helpers/object-store.ts

Run the existing test suite and spot-check any calls to tmp.* (e.g. tmp.dir, tmp.file, setGracefulCleanup, etc.) to ensure behavior is unchanged.

packages/util/.npmrc (1)

1-1: .npmrc flag and Node engines are in sync—no changes needed

All checks pass and there’s no legacy Node config to bump:

• Every .npmrc in the repo already contains node-options=--no-experimental-strip-types.
• Each package.json pins "engines.node": "^22.14.0".
• There are no .nvmrc files in the workspace.

Since your CI/dev environments must run Node 22.14+ (enforced by the engines field), the new flag will not break older versions.

services/query-cmr/.nsprc (1)

1-1: Empty .nsprc confirmed—please re-audit dependencies
We’ve verified that services/query-cmr/.nsprc is now empty and contains no reference to advisory 1106845. Before merging, ensure that the underlying vulnerability has truly been fixed in your dependency graph:

• services/query-cmr/.nsprc: {} (no suppression rules remaining)
• No local occurrences of “1106845” in this service

Next steps:
• Run better-npm-audit (or npm audit) against this service to confirm no advisories (including 1106845) are reported.
• If you still see failures, update or patch the affected package(s) rather than re-introducing the suppression.

packages/util/package.json (1)

14-14: Whitespace-only change; no action needed.
No functional impact from the trailing space in the "coverage" script.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Potential mismatch with new Node option

.nvmrc remains at 22.14.0 while this PR relies on --no-experimental-strip-types in .npmrc. Please verify that Node 22.14 recognizes this flag; if not, npm scripts could fail with “bad option” when developers follow .nvmrc locally.

---

🌐 Web query:

In which Node.js version was the --experimental-strip-types flag introduced, and is --no-experimental-strip-types recognized in Node v22.14.0?

💡 Result:

• The flag was introduced in Node.js v22.6.0 as an experimental feature for “type stripping.”[4][7]
• In Node.js v22.14.0, the negated form --no-experimental-strip-types is not recognized; that disable flag appears in later docs where type stripping became the default in v23.6.0, at which point the “no-” flag is meaningful to turn it off.[2][4]

Details:

• Node’s “Running TypeScript Natively” guide states that since v22.6.0 Node has experimental support for TypeScript via type stripping, enabled with --experimental-strip-types; v22.7.0 added --experimental-transform-types for enums/namespaces; and from v23.6.0, type stripping is enabled by default and can be disabled via --no-experimental-strip-types.[4]
• The current TypeScript API docs mention “To disable this feature, use --no-experimental-strip-types,” which aligns with the default-on behavior introduced in v23.6.0, not with v22.x where the feature is opt-in and there’s nothing to disable by default.[2][4]

Citations:

• 1: https://dev.to/dharamgfx/stop-compiling-typescript-run-it-natively-in-nodejs-with-this-one-flag-2bc6
• 2: https://nodejs.org/api/typescript.html
• 3: https://bsky.app/profile/marcoippolito.dev
• 4: https://nodejs.org/uk/learn/typescript/run-natively
• 5: http://nodesource.com/blog/Node.js-Supports-TypeScript-Natively/
• 6: Accidental breaking change in node 23.6.0 caused by type stripping nodejs/node#57638
• 7: https://mojoauth.com/blog/news-2025-03-node-23-runs-typescript-natively
• 8: node 22.18 breaks npm package because of experimental-strip-types enabled nodejs/node#59364
• 9: https://blog.risingstack.com/nodejs-23/
• 10: https://satanacchio.hashnode.dev/everything-you-need-to-know-about-nodejs-type-stripping

---

Update .nvmrc to a Node version that supports --no-experimental-strip-types

Node v22.14.0 does not recognize the --no-experimental-strip-types flag (it was only added in v23.6.0 when type stripping became default). Keeping .nvmrc at 22.14.0 will cause npm scripts using that flag to error out.

• File: .nvmrc
• Change 22.14.0 → >=23.6.0 (for example, 23.6.0)

Diff:

-.nvmrc
-22.14.0
+.nvmrc
+23.6.0

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In .nvmrc around line 1, the pinned Node version 22.14.0 does not support the
--no-experimental-strip-types flag; update the file to a Node version that
includes this flag (minimum 23.6.0) by replacing "22.14.0" with a supported
version such as "23.6.0" (or a range like ">=23.6.0") so npm scripts using that
flag will run without error.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Pinning tmp to 0.2.4 via npm overrides looks appropriate; consider centralizing to avoid drift.
The override will force a consistent tmp version and should help with Node 22.18 compatibility. If your installs are typically executed at the repo root with npm workspaces, a single root-level override is usually sufficient. Keeping per-package overrides can introduce future drift if one is updated and the other is not.

If root overrides are authoritative in your setup, consider removing this per-package tmp override to reduce duplication.

Run this script to verify consistency of tmp usage and overrides across the repo and check for lingering .nsprc suppressions tied to the previous tmp issue:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "==> Check for lingering suppressions of advisory 1106845 in .nsprc files"
rg -n --glob '**/.nsprc' '1106845' || echo "No occurrences of 1106845 found"

echo
echo "==> List all overrides for tmp across package.json files"
fd -t f package.json -E node_modules | while read -r f; do
  val=$(jq -r '.overrides.tmp // empty' "$f")
  if [ -n "$val" ]; then
    echo "$f: overrides.tmp = $val"
  fi
done

echo
echo "==> List all direct dependencies on tmp and tmp-promise"
fd -t f package.json -E node_modules | while read -r f; do
  tmpDep=$(jq -r '.dependencies.tmp // .devDependencies.tmp // empty' "$f")
  if [ -n "$tmpDep" ]; then
    echo "$f: deps.tmp = $tmpDep"
  fi
  tmpPromise=$(jq -r '.dependencies["tmp-promise"] // .devDependencies["tmp-promise"] // empty' "$f")
  if [ -n "$tmpPromise" ]; then
    echo "$f: deps.tmp-promise = $tmpPromise"
  fi
done

echo
echo "==> Reminder: npm overrides require npm >= 8.3.0; ensure CI and Bamboo use a compatible npm"

Length of output: 6202

---

Centralize tmp override at the repo root

• No lingering .nsprc suppressions for advisory 1106845.
• overrides.tmp = 0.2.4 appears in both the root package.json and packages/util/package.json.
• All workspaces consume tmp@^0.2.4 (and many also use tmp-promise@^3.0.3), so the root‐level override already pins tmp across the repo.

Action items:

• Remove the per‐package override from packages/util/package.json to eliminate redundancy.
• Ensure your CI/Bamboo environments run npm >= 8.3.0 so the root override is honored.

🤖 Prompt for AI Agents

In packages/util/package.json around lines 84 to 86, there is a redundant
per-package override for tmp (0.2.4) that duplicates the root package.json
override; remove the overrides.tmp entry from this file so the repo-root
override controls the tmp version, and ensure CI/Bamboo uses npm >= 8.3.0 so the
root-level override is honored.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Same Node < 22 caveat applies here

Unrecognized NODE_OPTIONS will crash older Node. Ensure all environments running this service use Node 22.18+ or gate the flag in scripts.

To check consistency and engines across services, you can reuse the script shared in packages/util/.npmrc comment. If desired, I can propose a small bin wrapper that conditionally appends --no-experimental-strip-types based on node --version.

---

🏁 Script executed:

#!/bin/bash
set -e

echo "== services/work-reaper/.npmrc =="
if [ -f services/work-reaper/.npmrc ]; then
  cat services/work-reaper/.npmrc
else
  echo "File not found"
fi

echo -e "\n== services/work-reaper/package.json engines =="
if [ -f services/work-reaper/package.json ]; then
  jq '.engines // "none"' services/work-reaper/package.json
else
  echo "No package.json in services/work-reaper"
fi

echo -e "\n== root package.json engines =="
if [ -f package.json ]; then
  jq '.engines // "none"' package.json
else
  echo "No root package.json"
fi

echo -e "\n== All .npmrc files with node-options =="
rg -n "node-options" -g "*.npmrc"

Length of output: 1394

---

Ensure Node ≥ 22.18 for --no-experimental-strip-types
The --no-experimental-strip-types flag is only recognized in Node.js 22.18.0 and later. On earlier 22.x releases (22.14.0–22.17.x), setting it via node-options in your .npmrc will throw an “unrecognized option” error at startup.

To address this:

• Update your Node engine requirement. In the root package.json (currently "node": "^22.14.0"), change to:

   "engines": {

• "node": "^22.14.0",

• "node": ">=22.18.0",
  "npm": ">=8"
  }

Or add a per-service `package.json` in `services/work-reaper` with the same `engines.node` constraint.  
- Alternatively, gate the flag at runtime. For example, wrap your start script (or provide a small CLI shim) that only appends `--no-experimental-strip-types` when `node --version` ≥ 22.18.0.  

Let me know if you’d like a draft of the conditional wrapper.  

> Committable suggestion skipped: line range outside the PR's diff.

<details>
<summary>🤖 Prompt for AI Agents</summary>

In services/work-reaper/.npmrc around line 1, the node-options entry uses
--no-experimental-strip-types which is only supported on Node ≥ 22.18.0 and will
error on 22.14–22.17; fix it by either (A) updating the Node engine requirement
to ">=22.18.0" in the root package.json (or add a
services/work-reaper/package.json with "engines.node": ">=22.18.0"), or (B)
remove the flag from .npmrc and implement a small start-script wrapper that
checks node --version at runtime and only appends --no-experimental-strip-types
when the version is ≥22.18.0.

</details>

<!-- fingerprinting:phantom:poseidon:chinchilla -->

<!-- This is an auto-generated comment by CodeRabbit -->