fix: pin @raydium-io/raydium-sdk to exact 1.3.1-beta.50

[mannutech]

Context

Refs #15.

The example depends on the legacy v1 SDK (@raydium-io/raydium-sdk), published only as 1.3.1-beta.* pre-releases whose TypeScript types have drifted over the API's life — e.g. the Token constructor gaining a programId argument, and makeTxVersion being added to the swap-instruction params. Those are the changes behind the compile errors reported in #15 (makeTxVersion not existing on the params type; PublicKey vs number argument mismatches): they trace to the pre-beta.50 SDK API, not to this repo's source (which has been unchanged on those lines since the initial commit).

What this PR is — and isn't

I reproduced first, and want to be straight about the result: the example currently builds clean. tsc --noEmit passes against every version the ^1.3.1-beta.50 caret can resolve to — beta.50 through beta.58 (the complete eligible set: the caret floors out the broken pre-.50 betas, and 1.3.0 / 2.0.0-beta.0 are out of range). So this is not a fix for a reproducible failure today.

It's a preventive pin. A caret over an unstable pre-release line is fragile:

• it can drift to a future beta whose types differ (re-introducing Compatibility issues - ^1.3.1-beta.57 #15), and
• it resolves ambiguously across package managers / their versions.

Fix

Pin to an exact, known-good version and align the yarn.lock key so every install is deterministic:

- "@raydium-io/raydium-sdk": "^1.3.1-beta.50"
+ "@raydium-io/raydium-sdk": "1.3.1-beta.50"

Resolved version is unchanged (beta.50) — no behavior change, no source edit. Two-line diff (package.json + yarn.lock).

Verification

$ npx tsc --noEmit
$ echo $?
0

$ npm ls @raydium-io/raydium-sdk
raydium-swap-example@1.0.0
`-- @raydium-io/raydium-sdk@1.3.1-beta.50

npm run swap (simulation mode, executeSwap: false) also runs end-to-end without a type or runtime crash.

Follow-ups (intentionally out of scope)

Kept this PR minimal. Natural next steps, happy to open separately:

• a typecheck script + CI to catch future dependency drift automatically;
• migrating to the current @raydium-io/raydium-sdk-v2.

🤖 Generated with Claude Code

[coderabbitai]

📝 Walkthrough

Walkthrough

The @raydium-io/raydium-sdk dependency in package.json is changed from a caret range (^1.3.1-beta.50) to an exact pinned version (1.3.1-beta.50), preventing automatic upgrades to newer compatible releases.

Changes

Dependency Pinning

Layer / File(s)	Summary
Pin @raydium-io/raydium-sdk to exact version package.json	Removes the caret prefix from ^1.3.1-beta.50, locking the dependency to exactly 1.3.1-beta.50.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A caret once roamed, free to upgrade with glee,
But the rabbit said "No! Pin it, just let it be!"
1.3.1-beta.50 — no more, no less,
A locked little package, tidy and blessed. 🐇
Exactness is peace, and the warren agrees!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: pinning the @raydium-io/raydium-sdk dependency to exact version 1.3.1-beta.50, which directly addresses the non-deterministic dependency resolution issue described in the PR objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 9-10: Replace the floating version tags (`@v4`) with pinned commit
SHAs for both the actions/checkout and actions/setup-node actions to ensure
immutability. Additionally, add the parameter persist-credentials: false to the
actions/checkout action to prevent credential persistence and improve security
hardening of the CI pipeline.

In `@README.md`:
- Around line 151-153: The documented command `ts-node src/trimMainnet.ts` does
not account for the fact that the trimMainnet.ts script uses relative paths like
`../mainnet.json` that are resolved from the current working directory. Running
this command from the repo root will cause the relative paths to resolve
incorrectly. Update the README documentation to either specify that the command
should be run from the `src/` directory (for example, `cd src && ts-node
trimMainnet.ts`) or add explicit clarification about the required working
directory to ensure users run the command from the correct location.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2f38c826-e150-4d4f-b76f-1076edfacb4d

📥 Commits

Reviewing files that changed from the base of the PR and between d9587ca and ad455aa.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/ci.yml
• README.md
• package.json