Skip to content

feat: configurable provenance badge and dependency provenance donut#165

Merged
antfu merged 4 commits into
mainfrom
antfu/provenance-badge-settings
May 19, 2026
Merged

feat: configurable provenance badge and dependency provenance donut#165
antfu merged 4 commits into
mainfrom
antfu/provenance-badge-settings

Conversation

@antfu
Copy link
Copy Markdown
Owner

@antfu antfu commented May 19, 2026

Summary

  • Adds a tri-state showProvenanceBadge setting (present / absent / none) so users can hide the provenance badge, keep the current green-check behavior, or flip it to surface unsigned packages with an amber warning icon.
  • Adds a new "Dependency Provenance" donut to the package details panel showing the share of a package's dependencies that are signed with provenance (honors the existing deep-deps toggle).
  • Introduces two reusable UI components — UiDonutSegments (multi-segment SVG donut) and UiPercentageProvenance (wrapper that counts deps and renders donut + legend).

Test plan

  • In Settings, toggle the new "Provenance badge" option between Present / Absent / None and confirm grid view + details header update accordingly.
  • Open package details for a package with dependencies and confirm the "Dependency Provenance" donut renders with the correct percentage and counts.
  • Toggle the deep dependencies icon in the details panel and confirm the donut re-computes against the flat tree.
  • Confirm packages with zero dependencies hide the donut section entirely.

@antfu
feat: configurable provenance badge and dependency provenance donut
f68c0b1 
Adds a tri-state setting (present / absent / none) so users can hide the
provenance badge, keep current behavior, or flip it to surface unsigned
packages with an amber warning. The package details panel now also shows
a donut of the share of dependencies that are signed with provenance.
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented May 19, 2026
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/node-modules-inspector@165

npm i https://pkg.pr.new/node-modules-tools@165

commit: 6500daf

antfu added 3 commits May 19, 2026 21:36
@antfu
test: refresh stale snapshot after v2.1.0 release bump
09496a2 
The flatDependents snapshot still referenced
node-modules-inspector@2.0.1, causing CI to fail after the v2.1.0
release bump landed in 1c69114.
@antfu
refactor: inline provenance badge via PackageSpec slot, move composit…
539b4b3 
…ion bar to Deps tab

DisplayPackageSpec now exposes a default slot so callers can inline the
provenance badge (or other badges) with the name/version parts. Grid
cards and tree items use that slot, which also surfaces the badge in
the dependency tree for the first time.

The dependency provenance visualization moves out of the package info
header and into the "Deps on" tab next to "Dependency Composition",
rendered as a stacked Percentage bar (matching the ESM/CJS style)
instead of a donut, and now includes the focused package alongside its
dependencies. The unused DonutSegments helper is removed.
@antfu
style: fine-tune provenance badge alignment in package spec
6500daf 
Switch the badge to inline-flex with an h-1.1em icon and accept a
class prop so callers can nudge its position; tree and grid items
pass a small translate to align the badge optically with the version
text.
@antfu antfu merged commit 696607a into main May 19, 2026
8 of 11 checks passed
@antfu antfu deleted the antfu/provenance-badge-settings branch May 19, 2026 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@antfu