Skip to content

fix: dependencies complex version link#1524

Open
alex-key wants to merge 61 commits intonpmx-dev:mainfrom
alex-key:fix-deps-version-union-links
Open

fix: dependencies complex version link#1524
alex-key wants to merge 61 commits intonpmx-dev:mainfrom
alex-key:fix-deps-version-union-links

Conversation

@alex-key
Copy link
Contributor

Resolves #1120

  • Added simple parsing logic to check any dependency version for being complex expression and provide a valid url.
  • By complex expression I mean: Range version, Union Version, Comparator Set version or combination of the above
  • Logic for extracting url is as follows:
    ^1.0.0 -> ^1.0.0 Simple
    1.0.0 || 2.0.0 -> 2.0.0 Union
    >1.0.0 <=2.0.0 -> <=2.0.0 Comparator Set
    1.0.0 - 2.0.0 -> 2.0.0 Range
    1.0.0 - 2.0.0 || 3.0.0 - 4.0.0 -> 4.0.0 Union of Ranges
  • dependencies, peerDependencies and optionalDependencies could have complex version (while 99% cases it's peer), so all of them are handled
  • at first I added multiple clickable links for Union separated by a delimiter "||" (1.0.0 || 2.0.0), but I think people rarely need to click on a specific version for union, also it would add some incosistency, so I keep it as a one link, which points to the latest version from Union

Examples for reference:
Comparator Set (dependencies): https://npmx.dev/package/sass
Comparator Set (peer): https://npmx.dev/package/styled-components/v/3.5.0-0
Union (dependencies): https://npmx.dev/package/normalize-package-data/v/2.5.0, https://npmx.dev/package/loose-envify/v/1.4.0
Union (peer): https://npmx.dev/package/eslint-plugin-react

@vercel
Copy link

vercel bot commented Feb 16, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs.npmx.dev Ready Ready Preview, Comment Feb 25, 2026 9:23pm
npmx.dev Ready Ready Preview, Comment Feb 25, 2026 9:23pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
npmx-lunaria Ignored Ignored Feb 25, 2026 9:23pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 16, 2026

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This change adds a VersionLink interface, a LAST_VERSION_IN_RANGE_REGEXP constant, and a buildVersionLink(version: string) function in app/utils/versions.ts that converts complex semver strings into { href, title } objects. app/components/Package/Dependencies.vue was updated to convert dependency version strings (dependencies, peerDependencies, optionalDependencies) into objects via buildVersionLink, adjust sorting and v-for usage to the new { name, version } shape, and use version.href/version.title for links, routes and tooltips across vulnerability, deprecation and optional dependency renderings.

Suggested reviewers

  • danielroe
🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description check ✅ Passed The PR description clearly explains the parsing logic for complex dependency versions, extraction rules, and implementation approach directly aligned with the changeset.
Linked Issues check ✅ Passed The implementation fulfils issue #1120 by preventing 404s from version-union links; complex expressions (ranges, unions, comparator sets) are parsed to extract valid URLs that resolve to existing package/version pages.
Out of Scope Changes check ✅ Passed All changes are scoped to resolving issue #1120: buildVersionLink utility function, Dependencies.vue updates, and version-link handling logic directly address the requirement.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
app/utils/versions.ts (1)

230-241: Optional: union whose last segment is a comparator set produces a non-exact href.

When the last || segment itself contains comparator operators (e.g. 1.0.0 || >=2.0.0 <3.0.0), the first branch returns href = '>=2.0.0 <3.0.0', which is still not a valid single-version URL. Applying LAST_VERSION_IN_RANGE_REGEXP to the last segment as well would cover this case.

♻️ Proposed approach
  if (version.includes('||') && !version.includes(' - ')) {
    const versions: string[] = version.split('||').map(item => item.trim())
-   href = versions.at(-1) || version
+   const lastSegment = versions.at(-1) || version
+   // If the last segment itself is a comparator, extract its trailing version
+   href = />=|<=|[<>]|&&/.test(lastSegment)
+     ? lastSegment.match(LAST_VERSION_IN_RANGE_REGEXP)?.[1]?.replace(/\s+/g, '') || lastSegment
+     : lastSegment

olivermrose and others added 25 commits February 25, 2026 21:20
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Roe <daniel@roe.dev>
)

Co-authored-by: James Garbutt <43081j@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Daniel Roe <daniel@roe.dev>
Co-authored-by: Scott Wu <sw@scottwu.ca>
Co-authored-by: Daniel Roe <daniel@roe.dev>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Vordgi <sasha2822222@gmail.com>
@github-actions
Copy link

Lunaria Status Overview

🌕 This pull request will trigger status changes.

Learn more

By default, every PR changing files present in the Lunaria configuration's files property will be considered and trigger status changes accordingly.

You can change this by adding one of the keywords present in the ignoreKeywords property in your Lunaria configuration file in the PR's title (ignoring all files) or by including a tracker directive in the merged commit's description.

Tracked Files

File Note
lunaria/files/ar-EG.json Localization changed, will be marked as complete. 🔄️
lunaria/files/bg-BG.json Localization changed, will be marked as complete. 🔄️
lunaria/files/cs-CZ.json Localization changed, will be marked as complete. 🔄️
lunaria/files/de-DE.json Localization changed, will be marked as complete. 🔄️
lunaria/files/en-GB.json Localization changed, will be marked as complete. 🔄️
lunaria/files/en-US.json Source changed, localizations will be marked as outdated.
lunaria/files/es-419.json Localization changed, will be marked as complete. 🔄️
lunaria/files/es-ES.json Localization changed, will be marked as complete. 🔄️
lunaria/files/fr-FR.json Localization changed, will be marked as complete. 🔄️
lunaria/files/ja-JP.json Localization changed, will be marked as complete. 🔄️
lunaria/files/pl-PL.json Localization changed, will be marked as complete. 🔄️
lunaria/files/ta-IN.json Localization added, will be marked as complete. 🔄️
lunaria/files/uk-UA.json Localization changed, will be marked as complete. 🔄️
lunaria/files/zh-CN.json Localization changed, will be marked as complete. 🔄️
Warnings reference
Icon Description
🔄️ The source for this localization has been updated since the creation of this pull request, make sure all changes in the source have been applied.

@danielroe
Copy link
Member

@wojtekmaj looks like a failed merge

@wojtekmaj
Copy link
Contributor

@wojtekmaj looks like a failed merge

@danielroe I had nothing to do with this :D It just shows my name because my commit is listed there, I guess.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Dependency links with version union ("1.0 || 2.0") resolves to 404 page