Bug: Malformed `private` field in react-devtools-fusebox package.json

Why this is a good first issue

The issue requires changing a string to a boolean in a package.json file.

AI Summary

The issue reports a malformed `private` field in the `react-devtools-fusebox` package.json file, which should be a boolean instead of a string. The fix involves updating the field to comply with npm specifications. There are no apparent blockers.

Issue Description

Bug: Malformed private field in react-devtools-fusebox package.json

Current Behavior

The package.json file for react-devtools-fusebox uses a string for the private field instead of a boolean:

Location [packages/react-devtools-fusebox/package.json](https://github.com/facebook/react/blob/main/packages/react-devtools-fusebox/package.json)

{
  "private": "true",  //  Should be: "private": true
}

Expected Behavior

According to the [npm package.json specification](https://docs.npmjs.com/cli/v11/configuring-npm/package.json#private), the private field must be a boolean, not a string:

{
  "private": true,  // Correct
}

Impact

This causes failures in package scanning tools that validate package metadata:

ScanCode.io pipeline fails when scanning pkg:github/facebook/[email protected]
Type validation error: '"true" value must be either True or False.'
Non-compliant with npm specification

Related upstream issues:

[aboutcode-org/scancode.io#1986](https://github.com/aboutcode-org/scancode.io/issues/1986) - Pipeline failure report
[aboutcode-org/scancode-toolkit#4631](https://github.com/aboutcode-org/scancode-toolkit/issues/4631) - Root cause analysis
[aboutcode-org/scancode-toolkit#4635](https://github.com/aboutcode-org/scancode-toolkit/pull/4635) - Defensive fix to handle malformed data

While downstream tools are adding workarounds, the source data should comply with the npm specification.

Reproduction

# Scan the package with ScanCode
scancode --package packages/react-devtools-fusebox/package.json --json-pp -

# Output shows:

GitHub Labels

Status: Unconfirmed