fix: mark @orpc packages as sideEffect-free for cross-pkg tree-shaking

[voidborne-d]

Closes #1490.

Background

Importing only oz.file() from @orpc/zod was pulling ~21 kB of @orpc/server runtime into client bundles via the chain:

@orpc/zod  →  @orpc/openapi  →  @orpc/server

Because @orpc/zod re-exports JSONSchemaFormat etc. from @orpc/openapi, and @orpc/openapi/dist/index.mjs has top-level import { ORPCError, createRouterClient } from '@orpc/server'. Those top-level cross-package imports are preserved by the consumer's bundler unless the package is annotated as side-effect free, because the bundler cannot otherwise prove the import has no observable effect.

Fix

Add "sideEffects": false to the six runtime packages in the relevant chain:

• @orpc/contract
• @orpc/json-schema
• @orpc/openapi
• @orpc/server
• @orpc/shared
• @orpc/zod

I audited the source for global mutations / prototype patches / side-effecting class registrations at import time and found none — the published modules are pure, so the annotation is safe.

Reproducer

Stand-alone Vite app that mirrors the issue body:

// client.ts
import { oc } from '@orpc/contract'
import { z } from 'zod/v3'
import { oz } from '@orpc/zod'

export const myRouter = oc.router({
  downloadFile: oc
    .route({ method: 'GET', path: '/download/{id}' })
    .input(z.object({ id: z.string() }))
    .output(oz.file()),
})

Bundled with vite build --minify esbuild --target es2022 and external: ['zod', 'zod/v3']:

Variant	Bundle	Gzipped	@orpc/server symbols leaked
Before this PR	37.9 kB	9.54 kB	ORPCError, Procedure, createRouterClient, isProcedure, resolveContractProcedures
After this PR	14.8 kB	4.76 kB	none from @orpc/server (the remaining ORPCError is from @orpc/contract, which is legitimately needed because oc.router() returns objects that use it)

Net savings: 23.1 kB minified (61% reduction) / 4.78 kB gzipped (50%).

Why this rather than the subpath split suggested in #1490

The reporter (correctly) suggested splitting ZodToJsonSchemaConverter into a separate @orpc/zod/json-schema subpath and removing it from the main entry. That would also fix the bug, but it is a breaking change for everyone currently importing the converter from @orpc/zod (incl. all in-repo playgrounds that use @orpc/zod/zod4's sister export, README example, etc.) and the subpath split is bundler-independent only insofar as users don't accidentally re-export the heavy entry transitively.

sideEffects: false is non-breaking, lands in 6 lines, and — as the numbers show — actually achieves the bundle reduction the reporter expected. If the cross-package tree-shaking turns out insufficient for some consumer's bundler, the subpath split is still available as a follow-up.

The reporter's original claim that sideEffects: false alone wouldn't fix this assumed it was set on @orpc/zod only; the chain only tree-shakes when every package along the cross-package import path is marked, which is what this PR does.

Local gates

• pnpm --filter='./packages/*' run -r build ✓ all packages build, dist outputs unchanged in shape (sideEffects flag does not alter the rolled-up bundle, only the package.json of the published artifact)
• pnpm test ✓ 4720 pass / 48 skipped / 5 todo across 280 test files (untouched by this change)
• pnpm run type:check ✓ clean across all packages
• pnpm lint ✓ clean (auto-formatter sorted the new key after keywords per jsonc/sort-keys)

I was happy to find this fits in 6 lines — happy to fold in the subpath split as a follow-up if any reviewer measures their bundler still needs it.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated package metadata to optimize bundler processing across multiple packages.

[coderabbitai]

📝 Walkthrough

Walkthrough

Six packages declare "sideEffects": false in their manifest metadata, enabling bundlers to perform tree-shaking optimizations by assuming no side effects during module imports.

Changes

Package Metadata Optimization

Layer / File(s)	Summary
Side Effects Declaration packages/contract/package.json, packages/json-schema/package.json, packages/openapi/package.json, packages/server/package.json, packages/shared/package.json, packages/zod/package.json	Each package adds "sideEffects": false to enable bundler tree-shaking.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Six packages now shed unused code,
Tree-shaking makes bundles light,
No side effects, just a hop down the road,
Each manifest gleams oh so bright! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: marking multiple @orpc packages with sideEffects=false to enable tree-shaking across packages. It directly reflects the core changeset across all six package.json files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request adds the "sideEffects": false property to the package.json files of several packages, including contract, json-schema, openapi, server, shared, and zod, to enable more efficient tree-shaking by bundlers. There are no review comments to address, and I have no further feedback to provide.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[pkg-pr-new]

More templates

• @orpc/astro-playground
• @orpc/browser-extension-playground
• @orpc/bun-websocket-otel-playground
• @orpc/cloudflare-worker-playground
• @orpc/contract-first-playground
• @orpc/electron-playground
• @orpc/nest-playground
• @orpc/next-playground
• @orpc/nuxt-playground
• @orpc/solid-start-playground
• @orpc/svelte-kit-playground
• @orpc/tanstack-start-playground

@orpc/ai-sdk

npm i https://pkg.pr.new/@orpc/ai-sdk@1540

@orpc/arktype

npm i https://pkg.pr.new/@orpc/arktype@1540

@orpc/client

npm i https://pkg.pr.new/@orpc/client@1540

@orpc/contract

npm i https://pkg.pr.new/@orpc/contract@1540

@orpc/experimental-durable-iterator

npm i https://pkg.pr.new/@orpc/experimental-durable-iterator@1540

@orpc/hey-api

npm i https://pkg.pr.new/@orpc/hey-api@1540

@orpc/interop

npm i https://pkg.pr.new/@orpc/interop@1540

@orpc/json-schema

npm i https://pkg.pr.new/@orpc/json-schema@1540

@orpc/nest

npm i https://pkg.pr.new/@orpc/nest@1540

@orpc/openapi

npm i https://pkg.pr.new/@orpc/openapi@1540

@orpc/openapi-client

npm i https://pkg.pr.new/@orpc/openapi-client@1540

@orpc/otel

npm i https://pkg.pr.new/@orpc/otel@1540

@orpc/experimental-pino

npm i https://pkg.pr.new/@orpc/experimental-pino@1540

@orpc/experimental-publisher

npm i https://pkg.pr.new/@orpc/experimental-publisher@1540

@orpc/experimental-publisher-durable-object

npm i https://pkg.pr.new/@orpc/experimental-publisher-durable-object@1540

@orpc/experimental-ratelimit

npm i https://pkg.pr.new/@orpc/experimental-ratelimit@1540

@orpc/react

npm i https://pkg.pr.new/@orpc/react@1540

@orpc/react-query

npm i https://pkg.pr.new/@orpc/react-query@1540

@orpc/experimental-react-swr

npm i https://pkg.pr.new/@orpc/experimental-react-swr@1540

@orpc/server

npm i https://pkg.pr.new/@orpc/server@1540

@orpc/shared

npm i https://pkg.pr.new/@orpc/shared@1540

@orpc/solid-query

npm i https://pkg.pr.new/@orpc/solid-query@1540

@orpc/standard-server

npm i https://pkg.pr.new/@orpc/standard-server@1540

@orpc/standard-server-aws-lambda

npm i https://pkg.pr.new/@orpc/standard-server-aws-lambda@1540

@orpc/standard-server-fastify

npm i https://pkg.pr.new/@orpc/standard-server-fastify@1540

@orpc/standard-server-fetch

npm i https://pkg.pr.new/@orpc/standard-server-fetch@1540

@orpc/standard-server-node

npm i https://pkg.pr.new/@orpc/standard-server-node@1540

@orpc/standard-server-peer

npm i https://pkg.pr.new/@orpc/standard-server-peer@1540

@orpc/svelte-query

npm i https://pkg.pr.new/@orpc/svelte-query@1540

@orpc/tanstack-query

npm i https://pkg.pr.new/@orpc/tanstack-query@1540

@orpc/trpc

npm i https://pkg.pr.new/@orpc/trpc@1540

@orpc/valibot

npm i https://pkg.pr.new/@orpc/valibot@1540

@orpc/vue-colada

npm i https://pkg.pr.new/@orpc/vue-colada@1540

@orpc/vue-query

npm i https://pkg.pr.new/@orpc/vue-query@1540

@orpc/zod

npm i https://pkg.pr.new/@orpc/zod@1540

commit: 09b5d86

[dinwwwh]

Thanks for your PR, @voidborne-d, I didn't even know this existed 😅

I'm wondering why you didn't add this config to all packages. Do you think we should disable sideEffects by default across every package?