feat: migrate OG generation to takumi-js v2

[kane50613]

Drop the @takumi-rs/* v1 packages for takumi-js 2.0.0-beta.10. and remove the hacky wasm import plugin

Follow up on #893 (comment)

Summary by CodeRabbit

• Bug Fixes
  • Improved social preview (Open Graph) image generation by switching to a newer response library and updating how embedded images are handled.
• Chores
  • Simplified the build and server-side rendering setup by removing the custom WASM import configuration and adjusting dependency pre-bundling rules to better match the updated image workflow.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2f548885-4990-4a42-9a6e-cfeb57604084

📥 Commits

Reviewing files that changed from the base of the PR and between cd1aa16 and 672fe1b.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• package.json
• src/server/og/generate.server.ts
• vite.config.ts

💤 Files with no reviewable changes (1)

• vite.config.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• src/server/og/generate.server.ts
• package.json

---

📝 Walkthrough

Walkthrough

The PR replaces Takumi dependencies with takumi-js, updates OG image generation to the new response API, and removes Takumi-specific Vite alias, plugin, and dependency exclusion setup.

Changes

Takumi migration

Layer / File(s)	Summary
Dependency swap package.json	Removes the four @takumi-rs/* dependencies and adds takumi-js at 2.0.0-beta.10.
OG response update src/server/og/generate.server.ts	Switches the OG image response import to takumi-js/response and uses images for the island PNG.
Vite Takumi cleanup vite.config.ts	Removes Takumi WASM resolution, the custom import plugin, the @takumi-rs/wasm/auto alias, the Takumi dependency exclusions, and the plugin entry.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A bunny hops where old paths fade,
New takumi-js winds are gently made. 🐰
OG images spring bright and new,
Vite sheds WASM dust in view,
Thump-thump—this hop feels fresh and true.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: migrating OG generation to takumi-js v2.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	takumi-js@​2.0.0-beta.10

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @takumi-rs/wasm is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/takumi-js@2.0.0-beta.10 → npm/@takumi-rs/wasm@2.0.0-beta.10 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@takumi-rs/wasm@2.0.0-beta.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[kane50613]

@AlemTuzlak please take a look at this follow up PR if you could thanks!

Btw you can go a step further if you want to try the new on-demand google fonts feature to get rid of those static font assets

[coderabbitai]

🧹 Nitpick comments (1)

package.json (1)

107-107: 📐 Maintainability & Code Quality | 🔵 Trivial

Pin the beta version exactly to ensure reproducible builds.

The caret range ^2.0.0-beta.10 allows NPM to install any version from 2.0.0-beta.10 up to <3.0.0. Since npm defaults to the latest dist-tag (version 1.8.7) and may skip over specific pre-release versions unless explicitly targeted or updated to newer betas (e.g., 2.0.0-beta.11) if available, using a range with unstable pre-1.0 releases risks introducing breaking changes during standard installs. Pin the version to maintain consistency.

📌 Proposed change

-    "takumi-js": "^2.0.0-beta.10",
+    "takumi-js": "2.0.0-beta.10",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 107, The takumi-js dependency is using a caret beta
range, which can vary across installs and reduce build reproducibility. Update
the dependency declaration in package.json to pin takumi-js exactly to the
current beta version instead of using the ^2.0.0-beta.10 range, keeping the
package specification stable for deterministic installs.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@package.json`:
- Line 107: The takumi-js dependency is using a caret beta range, which can vary
across installs and reduce build reproducibility. Update the dependency
declaration in package.json to pin takumi-js exactly to the current beta version
instead of using the ^2.0.0-beta.10 range, keeping the package specification
stable for deterministic installs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 781fc453-203f-4492-bfe1-8e8f24c806cd

📥 Commits

Reviewing files that changed from the base of the PR and between 3bf7280 and cd1aa16.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• package.json
• src/server/og/generate.server.ts
• vite.config.ts

💤 Files with no reviewable changes (1)

• vite.config.ts

[AlemTuzlak]

@kane50613 looks good, before i merge I just wanted to clarify for myself, why is the wasm hack not required anymore?

[kane50613]

@kane50613 looks good, before i merge I just wanted to clarify for myself, why is the wasm hack not required anymore?

Cuz there was an accidental @vite-ignore comment I thought that would do the job of tricking (cuz theres others like turbopack/wrangler etc competiting), but ends up tripping Vite, my new approach in kane50613/takumi#847 is to keep the exports map plus imports map in takumi-js (@takumi-rs/image-response now being an re-export of takumi-js/response).

So now Vite SSR with workers plugin should resolves correctly, I tested locally but not sure if it can actually deploy to CF successfully, if you can help trying that would help