be78a5fd73
Non-breaking dependency hygiene on a static site (all flagged packages are build/dev-time tooling): - bun update for in-range bumps (astro 5.17 -> 5.18, @astrojs/check, sitemap, prettier, lint-staged, etc.). - overrides pinning patched, same-major versions of transitive deps: defu, devalue, fast-uri, h3, mdast-util-to-hast, postcss, rollup, smol-toml, svgo, tar, undici, vite, yaml. Clears every high-severity advisory that had a clean in-major fix. Verified with astro build, the unit suite, and the Playwright E2E suite (all green). Remaining 6 are non-exploitable here and need the Astro 6 / Tailwind 4 major migration (deferred): picomatch (build-time glob ReDoS, trusted patterns) and two Astro advisories that don't apply (define:vars uses static config; no server islands; static output). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
About this repo
This is the source of www.audacityteam.org. It uses Astro.
This repo works with npm or Bun.
- Install dependencies:
npm installorbun install - Run dev server:
npm run devorbun run dev - Build:
npm run buildorbun run build
Translation
Translations are not yet supported. Please join our dev discord to get notified when they are.
Security
This is a static website, with no user input. As such, regular vulnerabilities likely won't affect us. That said, it probably is good to run npx @astrojs/upgrade (or bunx @astrojs/upgrade) every now and then to update astro to fix security vulnerabilities.
Promos
Promos shown on the site come from two places:
- Campaign promos (MuseHub partners) are the single source of truth on the
watched Confluence "Promo Calendar" page. They are generated into
src/assets/data/promos/campaigns.tsby the pull command below — never edit that file by hand. - First-party promos (the Audio.com exit popup, Audacity 4 alpha/video, the
survey banner) do not live on Confluence and are maintained by hand in
src/assets/data/promos/firstParty.ts.
promotions.ts merges the two; the React/Astro
components consume only that merged map.
Pulling campaign promos from Confluence
bun run pull-campaigns # write campaigns.ts
bun run pull-campaigns --dry-run # print the module instead of writing
The pipeline:
- Fetches the watched page's storage HTML.
- Deterministically extracts the calendar table, preserving destination URLs verbatim (UTM params must never change).
- Resolves the year-less date ranges and keeps only active and upcoming
promos — past rows are dropped (listed under
ignoredEntriesin the output). - Maps each row to a typed
PromoDataentry using fixed site conventions (banner ⇄ "Top/Promo Banner", video ⇄ "Video embed"; MuseScore-only and "Taken down" rows are skipped). - Validates that every emitted URL traces back to the source page.
- Writes
campaigns.ts. It never commits or pushes — review the diff yourself.
Required environment variables (see .env):
CONFLUENCE_CAMPAIGN_PAGE_URL(or pass--page-url <url>)CONFLUENCE_PERSONAL_TOKEN
Optional LLM copy cleanup
The calendar copy is human-authored. Pass --clean-copy to run an LLM pass that
may fix typos and shorten copy — it never touches URLs, dates, types, or
tracking, and re-runs the URL integrity check afterwards. It is off by
default so output stays faithful to Confluence.
bun run pull-campaigns --clean-copy
Backend is auto-selected (the local claude CLI if on PATH, else an
OpenAI-compatible API). Override with:
CAMPAIGN_LLM_BACKEND=claude|api|noneCAMPAIGN_CLAUDE_COMMAND(defaultclaude)CAMPAIGN_LLM_MODEL(orOPENAI_MODEL)CAMPAIGN_LLM_API_KEY(orOPENAI_API_KEY)CAMPAIGN_LLM_API_URL(default: OpenAI chat completions)
Other flags: --output <file>, --help.