Replace image-size with probe-image-size

[priyamkarn]

Summary

This PR replaces the archived image-size dependency with probe-image-size.

Changes

• Replaced optional dependency image-size with probe-image-size
• Updated packages/less/lib/less-node/image-size.js to use probe-image-size/sync
• Added a null check for unsupported or unrecognized image formats
• Preserved Less-style file error handling instead of exposing a raw TypeError

Motivation

image-size is archived and has known security concerns (e.g. CVE-2025-71329). probe-image-size is actively maintained and provides equivalent image dimension detection functionality.

Notes

probe-image-size/sync returns null when the image format is not recognized. This PR adds a guard to handle that case gracefully and return a proper Less file error rather than throwing:

TypeError: Cannot read properties of null (reading 'width')

Summary by CodeRabbit

• Bug Fixes
  • Improved image width/height detection, including clearer errors when an image format can’t be recognized (and a safe fallback when probing is unavailable).
• Chores
  • Updated image probing to use probe-image-size/sync for more reliable dimension extraction.
  • Adjusted optional dependencies by removing image-size and adding probe-image-size.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0d116563-8fa7-4252-a5c4-1e83bf6acb88

📥 Commits

Reviewing files that changed from the base of the PR and between 647f265 and f08725c.

📒 Files selected for processing (1)

• packages/less/lib/less-node/image-size.js

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/less/lib/less-node/image-size.js

---

📝 Walkthrough

Walkthrough

Replaces the image-size optional dependency (~0.5.0) with probe-image-size (^7.2.3) in package.json. Updates image-size.js to import readFileSync, use the probe-image-size/sync API to probe the image buffer, guard against a non-callable export, and throw an explicit error for unrecognized image formats.

Changes

Switch to probe-image-size

Layer / File(s)

Summary

Dependency swap and image probing implementation packages/less/package.json, packages/less/lib/less-node/image-size.js

Replaces image-size with probe-image-size ^7.2.3 in optionalDependencies. Adds readFileSync import; replaces the old image-size call with probe-image-size/sync, guarding against a non-callable export (returns {width:0, height:0}), reading the file buffer via readFileSync(fileSync.filename), throwing "Unrecognised image format" when probe yields no result, and returning the probed width/height otherwise.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Security issues in "image-size" dependency #4455: Directly implements the solution requested by replacing the deprecated image-size dependency with probe-image-size/sync in both the code implementation and package configuration.

Poem

A rabbit swapped the image tool one day,
image-size had to hop away 🐇
probe-image-size leaps in with sync delight,
reads the buffer, checks the format right,
width and height returned so bright! 🌟

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Replace image-size with probe-image-size' directly and clearly summarizes the main change: substituting one npm package dependency with another.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/less/lib/less-node/image-size.js (1)

31-32: ⚠️ Potential issue | 🟠 Major

Use fileSync.contents instead of re-reading from disk.

At line 42, probing readFileSync(fileSync.filename) bypasses the file manager that already resolved and loaded the asset at line 31. This fails with non-filesystem/custom file managers and introduces unnecessary I/O. The probe() function from probe-image-size/sync accepts Buffer inputs directly.

Suggested fix

-import { readFileSync } from 'fs';
@@
-        const size = probe(readFileSync(fileSync.filename));
+        const size = probe(Buffer.from(fileSync.contents));

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/less/lib/less-node/image-size.js` around lines 31 - 32, The code is
unnecessarily re-reading the file from disk at line 42 by calling
readFileSync(fileSync.filename) instead of using the already-loaded file
contents from the fileSync object created at line 31 via
fileManager.loadFileSync(). Replace the readFileSync call with fileSync.contents
when passing the data to the probe() function to avoid redundant I/O and ensure
compatibility with custom file managers that may not use the filesystem
directly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/less/lib/less-node/image-size.js`:
- Around line 37-40: The require statement for 'probe-image-size/sync' throws an
error when the optional dependency is not installed, preventing the fallback
logic from ever executing. Wrap the require('probe-image-size/sync') statement
in a try-catch block so that when the module is unavailable and an error is
thrown, the catch block can return the default value { width: 0, height: 0 }
instead of allowing the error to propagate.

---

Outside diff comments:
In `@packages/less/lib/less-node/image-size.js`:
- Around line 31-32: The code is unnecessarily re-reading the file from disk at
line 42 by calling readFileSync(fileSync.filename) instead of using the
already-loaded file contents from the fileSync object created at line 31 via
fileManager.loadFileSync(). Replace the readFileSync call with fileSync.contents
when passing the data to the probe() function to avoid redundant I/O and ensure
compatibility with custom file managers that may not use the filesystem
directly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6273adf3-7832-4d68-a0c5-a11dd8c3841a

📥 Commits

Reviewing files that changed from the base of the PR and between 7787557 and 003fb59.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• packages/less/lib/less-node/image-size.js
• packages/less/package.json

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/less/lib/less-node/image-size.js`:
- Around line 44-50: The code is bypassing the FileManager by directly calling
fs.readFileSync(fileSync.filename) instead of using the contents already loaded
by the FileManager. Replace the fs.readFileSync(fileSync.filename) call in the
image-size.js file with logic that first checks if fileSync.contents exists and
uses it directly, and only falls back to fs.readFileSync(fileSync.filename) when
contents are not available. This ensures compatibility with non-filesystem
FileManager implementations while still supporting cases where filename fallback
is necessary.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ee197d07-9b7a-4a36-b039-78112345e775

📥 Commits

Reviewing files that changed from the base of the PR and between 452e525 and 647f265.

📒 Files selected for processing (1)

• packages/less/lib/less-node/image-size.js

[priyamkarn]

Verified the suggestion locally. Replacing readFileSync(fileSync.filename) with fileSync.contents causes the existing tests-unit/urls/urls.less image-size PNG test to fail with "Unrecognised image format". Since loadFileSync does not appear to guarantee binary-safe Buffer contents for this path, I kept readFileSync to avoid a regression.

[priyamkarn]

@matthew-dean, could you please review this PR?