repomix releases

This release is a major performance overhaul — packing the Repomix repository now takes about 1.4 seconds (down from 3.3 seconds in v1.13.1) — roughly 2.4× faster, a 58% reduction. Faster startup, lighter dependencies, and a smarter pipeline that overlaps work across stages.

What's New 🚀

Monorepo-Aware Tech Stack Detection (#1310, #1317)

The skill generator (--skill-generate) now detects dependency files in subdirectories and groups results by package directory. Monorepos with packages under packages/*/package.json, apps/*/package.json, etc. now produce a tech-stacks.md with a separate section per workspace, each listing its own languages, frameworks, dependencies, and runtime versions. Previously only the root-level dependency file was inspected.

Improvements ⚡

The 58% pack-time reduction is the cumulative result of dozens of optimizations across startup, the pipeline, worker IPC, and remote downloads — no single change accounts for the full speedup. The most impactful changes are highlighted below.

Replaced tiktoken WASM with gpt-tokenizer (#1350)

Token counting now uses gpt-tokenizer, a pure-JavaScript tokenizer, in place of the previous WASM-based tiktoken. This eliminates ~200 ms of WASM initialization overhead from startup and works in environments where WASM is restricted. Token counts are preserved — gpt-tokenizer is configured to match tiktoken's default behavior.

Eliminated Child Process in Default Action (#1372)

The default repomix action no longer spawns a child process for the main pack flow. This removes process startup overhead — most noticeable on smaller repositories where startup was a meaningful fraction of total time.

Wrapper-Extraction Fast Path for Token Counting (-13.2%) (#1457)

For non-parsable XML/Markdown/Plain output, Repomix now reuses per-file token counts and tokenizes only the output "wrapper" (header, separators, footer) instead of re-tokenizing the entire ~MB-scale output. This delivers a ~13% reduction in total pack time on typical repositories.

Pipeline Parallelization

The pack pipeline now overlaps stages that don't depend on each other:

• Security check and file processing run concurrently (#1359)
• Output generation overlaps with metrics calculation (#1359)
• Git sort data is prefetched alongside file search and collection (#1467)
• Wrapper tokenization runs in parallel with file metrics (#1469)
• CLI actions are lazy-loaded so each command imports only what it needs (#1346)

Faster Startup

• Removed Zod from the startup path (#1306)
• Lazy-loaded handlebars, fast-xml-builder, and @clack/prompts (#1436)
• Lazy-loaded jschardet and iconv-lite for encoding detection (#1401)
• Removed gpt-tokenizer from the config schema's import chain (#1500)
• Skipped the worker pool when only lightweight transforms are needed (#1338)
• Eliminated a redundant stat() syscall in file reading (#1400)

Worker & IPC Optimizations

• Batched token counting IPC (#1411)
• Batched security check tasks (#1380)
• Warmed up metrics worker threads in parallel (#1374)
• Capped security worker threads at 2 to reduce contention (#1409)
• Cached empty-directory paths across pipeline stages (#1356)
• Combined file and directory globby walks into a single traversal (#1506)

Faster Remote Repository Downloads

• Used codeload.github.com URLs directly to skip the 302 redirect (#1375)
• Skipped binary files during tar extraction (#1392)

@secretlint/profiler Overhead Removed (-6.5%)

Disabling the profiler in the security worker reduced pack time by ~6.5% (#1453). A follow-up patch to perf_hooks.performance.mark handles duplicate @secretlint/profiler singletons that survive across hoisted/nested copies (#1456).

How to Update

npm update -g repomix

As always, if you have any issues or suggestions, please let us know on GitHub issues or our Discord community.

This release fixes a false positive in base64 detection and brings a lighter clipboard dependency!

Bug Fixes 🐛

Fixed Base64 Detection False Positives (#1307, #1298)

The truncateBase64 feature was incorrectly truncating XPath and path-like strings (e.g., postTransactionAmounts/sharesOwnedFollowingTransaction/value) that contained only letters and / characters.

Two improvements were made:

• Raised the minimum standalone base64 detection threshold from 60 to 256 characters
• Added a digits requirement to the heuristic — real base64-encoded binary data virtually always contains digits, while path-like strings typically don't

Special thanks to @NaustudentX14 for the detailed bug report! 🎉

Improvements ⚡

Migrated to tinyclip for Clipboard Operations (#1296)

Replaced clipboardy with tinyclip, a zero-dependency clipboard library. This removes 41 transitive dependencies and reduces clipboard-related install size from ~4 MB to ~24 KB.

Special thanks to @florian-lefebvre for their first contribution! 🎉

How to Update

npm update -g repomix

As always, if you have any issues or suggestions, please let us know on GitHub issues or our Discord community.

This release strengthens security with remote config sandboxing and a cleaner dependency footprint, while delivering significant performance improvements across the core pipeline!

What's New 🚀

Prevent Remote Config File Execution (#1292)

Previously, when packing a remote repository, Repomix would automatically load and execute any repomix.config.ts or repomix.config.js found in the repository. Since TypeScript/JavaScript configs are executed via jiti, a malicious repository could embed arbitrary code in its config file, leading to remote code execution (RCE) on the user's machine.

Remote config files are now skipped by default. If you trust a remote repository and want to use its config, you can opt in with the new --remote-trust-config flag:

# Remote config is now safely ignored by default
repomix --remote https://github.com/user/repo

# Explicitly trust the remote config
repomix --remote https://github.com/user/repo --remote-trust-config

Improvements ⚡

Replace fast-xml-parser with fast-xml-builder (#1253, #1219)

Repomix only uses XMLBuilder for output generation, not the XML parser. Switched to fast-xml-builder directly to eliminate recurring CVEs from the parser side, bringing npm audit to 0 vulnerabilities and reducing dependency size from 831KB to 176KB.

Performance Optimizations (#1234, #1235, #1255)

Several performance improvements across the core pipeline:

• File tree generation: Map-based O(1) child lookups and single-pass sorting — generateFileTree ~82% faster, treeToString ~70% faster on 10,000 files
• Path sorting: Decorate-sort-undecorate pattern with pre-computed path.split() — 6-7x faster. Set.has() for filterOutUntrustedFiles — up to 30x faster at 10K files
• Compile cache propagation: V8 compile cache (introduced in v1.12.0) now extends to Tinypool worker processes via environment variables, not just the main process

Fix Closure Memory Leaks (#1233)

Replaced arrow functions with .bind() in setTimeout/setInterval callbacks to prevent closures from capturing scope and retaining references to large objects. Added proper dispose() methods and .unref() calls for cleanup.

Website Enhancements 🌐

Turkish Language Support (#1194)

Added Turkish (Türkçe) translation to repomix.com, based on Google Analytics data showing strong engagement from Turkish-speaking users.

LLMO Optimization with JSON-LD and llms.txt (#1236)

Added JSON-LD structured data (schema.org WebSite and SoftwareApplication markup) and generated llms.txt/llms-full.txt for LLM-friendly documentation discovery.

How to Update

npm update -g repomix

As always, if you have any issues or suggestions, please let us know on GitHub issues or our Discord community.

This release brings significant performance improvements across the board—faster startup, optimized file collection, and reduced package size—along with a smoother CLI experience for remote repositories!

What's New 🚀

Auto-detect Remote URLs Without --remote Flag (#1145)

You can now pass GitHub URLs directly as positional arguments without the --remote flag:

# Before
repomix --remote https://github.com/user/repo

# Now also works!
repomix https://github.com/user/repo

The CLI automatically detects explicit remote URLs (GitHub, GitLab, Bitbucket, etc.) in positional arguments and treats them as remote repository targets.

Improvements ⚡

Node.js Module Compile Cache for Faster Startup (#1181)

Enabled Node.js V8 compile cache (available in Node.js 22.8.0+) for approximately 10% faster startup time. The compiled module cache is stored automatically and speeds up subsequent launches.

Optimized File Collection with UTF-8 Fast Path (#1155)

Improved file collection performance with two key optimizations:

• UTF-8 fast path: Skips expensive encoding detection for files that are valid UTF-8, which covers the vast majority of source code files
• Promise pool: Replaced worker threads with a lightweight promise pool for better concurrency control

Streaming tar.gz Extraction for Remote Repositories (#1153)

Replaced ZIP archive download with streaming tar.gz extraction for remote repository operations:

• Better handling of large repositories

Smaller npm Package (#1092)

Removed unused source maps from the npm package, reducing lib/ size from 2.4MB to 1.2MB (~50% reduction).

Bug Fixes 🐛

Skip Retry on Archive Extraction Error (#1149)

Fixed an issue where archive extraction errors would trigger unnecessary retries. Extraction errors are now treated as non-retryable, providing faster error feedback.

How to Update

npm update -g repomix

As always, if you have any issues or suggestions, please let us know on GitHub issues or our Discord community.

This release adds multi-root directory labels, non-interactive skill generation options, and improved reliability for remote repository operations!

Improvements ⚡

Multi-Root Directory Labels (#1024, #1023)

When packing multiple directories, the directory tree output now shows labeled sections to clarify which files belong to which root directory:

repomix src/cli src/config

Output now displays:

[cli]/
├── cliRun.ts
├── actions/
│   └── ...
[config]/
├── configLoad.ts
└── ...

Special thanks to @spandan-kumar for this contribution! 🎉

Non-Interactive Skill Generation (#1022, #1012)

Added --skill-output and --force options to enable automated skill generation for CI/CD pipelines and scripts:

# Non-interactive execution for CI/automation
repomix --skill-generate --skill-output .codebuddy --force

# With remote repository
repomix --remote https://github.com/user/repo --skill-generate --skill-output ./skills/repo-ref -f

• --skill-output <path>: Specify skill output directory path directly, skipping the interactive location prompt
• -f, --force: Skip all confirmation prompts (currently: skill directory overwrite)

Bug Fixes 🐛

Fixed Remote Git Command Hangs (#1078, #1077)

Remote git operations now include a 30-second timeout and disable terminal prompts (GIT_TERMINAL_PROMPT=0). This prevents indefinite hangs when accessing inaccessible repositories (non-existent, private, or requiring auth).

Special thanks to @Pipboyguy for this contribution! 🎉

Fixed CLI Output Visibility on Light Themes (#1088, #1057)

Removed hardcoded white color from CLI output to use the terminal's default foreground color. This fixes visibility issues on light-themed terminals like Solarized Light where white text was unreadable.

Documentation 📚

Library Bundling Guide (#1075)

Added documentation for bundling Repomix as a library, including guidance on handling WASM file dependencies for tree-sitter.

How to Update

npm update -g repomix

As always, if you have any issues or suggestions, please let us know on GitHub issues or our Discord community.