fix: dependencies complex version link

[alex-key]

Resolves #1120

• Added simple parsing logic to check any dependency version for being complex expression and provide a valid url.
• By complex expression I mean: Range version, Union Version, Comparator Set version or combination of the above
• Logic for extracting url is as follows:
  ^1.0.0 -> ^1.0.0 Simple
  1.0.0 || 2.0.0 -> 2.0.0 Union
  >1.0.0 <=2.0.0 -> <=2.0.0 Comparator Set
  1.0.0 - 2.0.0 -> 2.0.0 Range
  1.0.0 - 2.0.0 || 3.0.0 - 4.0.0 -> 4.0.0 Union of Ranges
• dependencies, peerDependencies and optionalDependencies could have complex version (while 99% cases it's peer), so all of them are handled
• at first I added multiple clickable links for Union separated by a delimiter "||" (1.0.0 || 2.0.0), but I think people rarely need to click on a specific version for union, also it would add some incosistency, so I keep it as a one link, which points to the latest version from Union

Examples for reference:
Comparator Set (dependencies): https://npmx.dev/package/sass
Comparator Set (peer): https://npmx.dev/package/styled-components/v/3.5.0-0
Union (dependencies): https://npmx.dev/package/normalize-package-data/v/2.5.0, https://npmx.dev/package/loose-envify/v/1.4.0
Union (peer): https://npmx.dev/package/eslint-plugin-react

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ready	Preview, Comment	Feb 25, 2026 9:23pm
npmx.dev	Ready	Preview, Comment	Feb 25, 2026 9:23pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
npmx-lunaria	Ignored		Feb 25, 2026 9:23pm

[codecov]

Codecov Report

❌ Patch coverage is 19.86755% with 363 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
app/utils/charts.ts	0.00%	111 Missing and 36 partials ⚠️
app/components/Package/VersionDistribution.vue	10.66%	53 Missing and 14 partials ⚠️
app/composables/useScrollToTop.ts	8.88%	35 Missing and 6 partials ⚠️
app/pages/package/[[org]]/[name].vue	6.81%	33 Missing and 8 partials ⚠️
app/components/Package/TrendsChart.vue	25.00%	10 Missing and 5 partials ⚠️
app/components/ScrollToTop.client.vue	0.00%	6 Missing and 5 partials ⚠️
app/composables/npm/useResolvedVersion.ts	0.00%	8 Missing and 2 partials ⚠️
app/components/Package/Dependencies.vue	50.00%	8 Missing ⚠️
app/components/Package/Versions.vue	75.00%	3 Missing ⚠️
app/components/Package/WeeklyDownloadStats.vue	75.00%	3 Missing ⚠️
... and 9 more

📢 Thoughts on this report? Let us know!

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This change adds a VersionLink interface, a LAST_VERSION_IN_RANGE_REGEXP constant, and a buildVersionLink(version: string) function in app/utils/versions.ts that converts complex semver strings into { href, title } objects. app/components/Package/Dependencies.vue was updated to convert dependency version strings (dependencies, peerDependencies, optionalDependencies) into objects via buildVersionLink, adjust sorting and v-for usage to the new { name, version } shape, and use version.href/version.title for links, routes and tooltips across vulnerability, deprecation and optional dependency renderings.

Suggested reviewers

• danielroe

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description clearly explains the parsing logic for complex dependency versions, extraction rules, and implementation approach directly aligned with the changeset.
Linked Issues check	✅ Passed	The implementation fulfils issue #1120 by preventing 404s from version-union links; complex expressions (ranges, unions, comparator sets) are parsed to extract valid URLs that resolve to existing package/version pages.
Out of Scope Changes check	✅ Passed	All changes are scoped to resolving issue #1120: buildVersionLink utility function, Dependencies.vue updates, and version-link handling logic directly address the requirement.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/utils/versions.ts (1)

230-241: Optional: union whose last segment is a comparator set produces a non-exact href.

When the last || segment itself contains comparator operators (e.g. 1.0.0 || >=2.0.0 <3.0.0), the first branch returns href = '>=2.0.0 <3.0.0', which is still not a valid single-version URL. Applying LAST_VERSION_IN_RANGE_REGEXP to the last segment as well would cover this case.

♻️ Proposed approach

  if (version.includes('||') && !version.includes(' - ')) {
    const versions: string[] = version.split('||').map(item => item.trim())
-   href = versions.at(-1) || version
+   const lastSegment = versions.at(-1) || version
+   // If the last segment itself is a comparator, extract its trailing version
+   href = />=|<=|[<>]|&&/.test(lastSegment)
+     ? lastSegment.match(LAST_VERSION_IN_RANGE_REGEXP)?.[1]?.replace(/\s+/g, '') || lastSegment
+     : lastSegment

[github-actions]

Lunaria Status Overview

🌕 This pull request will trigger status changes.

Learn more

By default, every PR changing files present in the Lunaria configuration's files property will be considered and trigger status changes accordingly.

You can change this by adding one of the keywords present in the ignoreKeywords property in your Lunaria configuration file in the PR's title (ignoring all files) or by including a tracker directive in the merged commit's description.

Tracked Files

File	Note
lunaria/files/ar-EG.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/bg-BG.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/cs-CZ.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/de-DE.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/en-GB.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/en-US.json	Source changed, localizations will be marked as outdated.
lunaria/files/es-419.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/es-ES.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/fr-FR.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/ja-JP.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/pl-PL.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/ta-IN.json	Localization added, will be marked as complete. 🔄️
lunaria/files/uk-UA.json	Localization changed, will be marked as complete. 🔄️
lunaria/files/zh-CN.json	Localization changed, will be marked as complete. 🔄️

Warnings reference

Icon	Description
🔄️	The source for this localization has been updated since the creation of this pull request, make sure all changes in the source have been applied.

[danielroe]

@wojtekmaj looks like a failed merge

[wojtekmaj]

@wojtekmaj looks like a failed merge

@danielroe I had nothing to do with this :D It just shows my name because my commit is listed there, I guess.