Skip to content

Add config changes#1

Open
harxhist wants to merge 1 commit intomainfrom
dev
Open

Add config changes#1
harxhist wants to merge 1 commit intomainfrom
dev

Conversation

@harxhist
Copy link
Owner

@harxhist harxhist commented Feb 9, 2026

Note

Medium Risk
Medium risk because it changes runtime behavior of Shopify data fetching (swallowing errors and returning empty/undefined), which can hide outages and affect storefront rendering; config changes can also point deployments at a different Shopify store/domain.

Overview
Updates configuration by setting SHOPIFY_STORE_DOMAIN in .env.example to lumeluxdecor.com and adding .npmrc with legacy-peer-deps=true.

Hardens Shopify storefront calls by wrapping getCart, getCollectionProducts, and getMenu in try/catch, logging failures and returning undefined/[] instead of throwing when shopifyFetch errors. Adds an npm package-lock.json to pin the dependency tree.

Written by Cursor Bugbot for commit 9c97f88. This will update automatically on new commits. Configure here.

@harxhist harxhist closed this Feb 9, 2026
@harxhist harxhist reopened this Feb 9, 2026
@harxhist
Copy link
Owner Author

harxhist commented Feb 9, 2026

/prRev

Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 3 potential issues.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

This PR is being reviewed by Cursor Bugbot

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

SHOPIFY_REVALIDATION_SECRET=""
SHOPIFY_STOREFRONT_ACCESS_TOKEN=""
SHOPIFY_STORE_DOMAIN="[your-shopify-store-subdomain].myshopify.com"
SHOPIFY_STORE_DOMAIN="lumeluxdecor.com"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Production domain hardcoded in example file

High Severity

The .env.example file now contains a real production domain lumeluxdecor.com instead of the template placeholder [your-shopify-store-subdomain].myshopify.com. This example file is meant to be a template for developers to copy when setting up their own stores. Hardcoding an actual production store domain could lead to developers accidentally connecting to someone else's Shopify store, and exposes sensitive configuration that should remain private.

Fix in Cursor Fix in Web

@@ -0,0 +1 @@
legacy-peer-deps=true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Legacy peer deps flag hides dependency issues

Medium Severity

Adding legacy-peer-deps=true to .npmrc bypasses npm's peer dependency resolution, which can hide legitimate dependency conflicts. This flag tells npm to ignore peer dependency warnings and install packages even when there are version mismatches. While sometimes necessary as a temporary workaround, it can mask underlying compatibility issues that should be properly resolved by updating dependencies or finding compatible versions.

Fix in Cursor Fix in Web

console.error(
`Failed to fetch collection products for \`${collection}\`:`,
error
);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error states cached for long durations

High Severity

The getCollectionProducts and getMenu functions now catch errors and return empty arrays, but these empty results get cached for days due to cacheLife("days"). If Shopify API experiences a temporary outage or network issue when these functions execute, the empty array is cached and persists for days even after the service recovers, causing collections and menus to appear permanently empty until the cache expires.

Additional Locations (1)

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant