Upgrade-library-improvements

[iamfrankiemoran]

Jira link

• N/A

Change description

This PR hardens @hmcts/opal-frontend-common-node for predictable Node 18+ ESM publishing and consumer installs.

• Corrected package metadata and publish surface:
  • main/types now point to ./dist/...
  • exports targets now point to real dist files
  • added files whitelist, sideEffects: false, engines.node >=18, and typesVersions
• Tightened exports and removed invalid subpath exposure (session/session-user-state) to prevent unresolved runtime imports.
• Switched TypeScript build semantics to NodeNext (module + moduleResolution) and updated source imports to explicit .js where required for ESM correctness.
• Simplified build/publish model:
  • removed copying package.json/README into dist
  • publish now uses root manifest as single source of truth
  • added prepack + pack:local tarball workflow for realistic local consumer testing
• Added packaging safety checks:
  • check:exports
  • check:pack-shape
  • check:exports:esm
  • plus CI integration (including Node 18 compatibility lane)
• Hardened release workflow:
  • checkout by release tag
  • validate release tag matches package.json version
  • run build/export/pack checks before publish
• Documentation updates:
  • README updated for tarball-based local usage and release checklist
  • changelog policy introduced
  • .tgz artifacts ignored in git

Consumer impact

• Consumers must use documented export-map paths only (unsupported deep imports may now fail).
• CommonJS require() is not supported; package remains ESM-first.

Security Vulnerability Assessment

CVE Suppression: Are there any CVEs present in the codebase (either newly introduced or pre-existing) that are being intentionally suppressed or ignored by this commit?

• Yes
• No

Checklist

• commit messages are meaningful and follow good commit message guidelines
• README and other documentation has been updated / added (if needed)
• tests have been updated / new tests has been added (if needed)
• Does this PR introduce a breaking change

[Arnabsubedi233]

LGTM

[ChrisGarratt122]

LGTM

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud