feat: display optionalDependencies in deps page

[fengmk2]

Add optionalDependencies support to the dependencies info page, displaying it alongside dependencies and devDependencies in a three-column layout.

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Displays optional dependencies alongside regular and dev dependencies in the dependency view.

• Tests

  • Adds tests covering optional dependencies display, counts, links, and behavior when version data is missing.

• Chores

  • Adds test tooling and configs, test scripts, and test environment setup; updates project config to exclude test configs from compilation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cnpmweb	Ready	Preview, Comment	Dec 22, 2025 2:18pm

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds optionalDependencies to the manifest type, surfaces optional dependencies in the Deps UI as a third column, and introduces tests and Vitest configuration to validate the new UI behavior.

Changes

Cohort / File(s)	Summary
Type definition src/hooks/useManifest.ts	Added optionalDependencies?: Record<string, string> to the NpmPackageVersion interface.
Dependency UI & logic src/slugs/deps/index.tsx	Wired versionData.optionalDependencies into the deps mapping (mapped to { package, spec }), adjusted layout column spans to accommodate three columns, and added an OptionalDependencies card/table mirroring existing tables.
Tests src/slugs/deps/index.test.tsx	New test suite covering rendering and linking for OptionalDependencies, combinations of dependency types, and missing version-data handling; includes component mocks and a manifest factory helper.
Test setup & config vitest.config.ts, vitest.setup.ts, tsconfig.json	Added Vitest configuration and setup file (jsdom, global APIs, matchMedia mock), and excluded vitest files in tsconfig.
Tooling scripts & deps package.json	Added test scripts (test, test:watch) and devDependencies for Vitest, React plugin, testing-library, and jsdom; updated CI script to run tests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Pay attention to:
  • Correct mapping and defaults for optionalDependencies alongside existing dependency maps.
  • UI layout changes (column spans) across responsive breakpoints.
  • Test coverage completeness and mocks in src/slugs/deps/index.test.tsx.
  • Vitest setup (matchMedia mock) and tsconfig exclusions to ensure no type leakage.

Possibly related PRs

• refactor: use manifest data for deps page #117 — Related changes to src/slugs/deps/index.tsx dependency-data extraction and table rendering (this PR extends that mapping/UI to include optional dependencies).

Poem

🐇 I nibble on manifests bright,
Optional carrots come to light,
Three columns hop into view,
Specs and links — a joyful chew,
Hooray for deps, both old and new! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: display optionalDependencies in deps page' directly and accurately summarizes the main change: adding support to display optionalDependencies alongside existing dependencies in the deps page UI.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch show-optionalDependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @fengmk2, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement to the package dependency information page by integrating and visually presenting optionalDependencies. The change ensures that users can now view all types of package dependencies, including optional ones, in a structured and comprehensive three-column layout, thereby improving the overall clarity and completeness of the dependency overview.

Highlights

• Data Model Update: The NpmPackageVersion interface has been extended to include an optionalDependencies property, ensuring that this type of dependency is recognized in the data structure.
• Data Processing: Logic has been added to extract and format optionalDependencies from the package manifest, making them available for display on the dependencies page.
• UI Enhancement: The dependencies information page now features a new third column dedicated to displaying optionalDependencies, presented alongside the existing dependencies and devDependencies in a balanced layout.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces support for displaying optional dependencies. The changes include updating the NpmPackageVersion interface in src/hooks/useManifest.ts to include an optionalDependencies field. In src/slugs/deps/index.tsx, the code was modified to extract and process optionalDependencies from the package manifest, update the depsInfo object to include this new data, and adjust the UI layout by changing column spans from 12 to 8 for existing dependency cards to make space for a new card that displays the optional dependencies in a table.

[Copilot]

Pull request overview

This PR adds support for displaying optional dependencies in the package dependencies page by introducing a third column to show optionalDependencies alongside the existing dependencies and devDependencies columns.

Key Changes:

• Added optionalDependencies field to the NpmPackageVersion interface as an optional property
• Updated the dependencies page layout from 2 columns to 3 columns (8-span each) to accommodate the new section
• Added data extraction and mapping logic for optional dependencies to match the existing pattern for dependencies and devDependencies

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
src/hooks/useManifest.ts	Added optionalDependencies field to the NpmPackageVersion type interface
src/slugs/deps/index.tsx	Added optional dependencies extraction, mapping, and rendering in a new card column

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​4.0.16
	@​testing-library/​jest-dom@​6.9.1
	@​testing-library/​react@​16.3.1
	jsdom@​27.3.0
	@​vitejs/​plugin-react@​5.1.2

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/jsdom@27.3.0 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: ? → npm/jsdom@27.3.0 → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/@vitejs/plugin-react@5.1.2 → npm/vitest@4.0.16 → npm/vite@7.3.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@7.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/slugs/deps/index.test.tsx (1)

19-44: Consider adding a fallback for consistency.

The optionalDependencies property (Line 41) lacks the || {} fallback that dependencies and devDependencies have (Lines 39-40). While the Deps component handles undefined correctly, the helper would be more consistent and maintainable with uniform handling.

🔎 Proposed fix for consistency

       dependencies: versionData.dependencies || {},
       devDependencies: versionData.devDependencies || {},
-      optionalDependencies: versionData.optionalDependencies,
+      optionalDependencies: versionData.optionalDependencies || {},
     },
   },
 });

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between edd7b68 and 13a380a.

📒 Files selected for processing (5)

• package.json
• src/slugs/deps/index.test.tsx
• tsconfig.json
• vitest.config.ts
• vitest.setup.ts

🧰 Additional context used

🧬 Code graph analysis (1)

src/slugs/deps/index.test.tsx (2)

src/hooks/useManifest.ts (1)

• PackageManifest (32-47)

src/slugs/deps/index.tsx (1)

• Deps (32-95)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Agent
• GitHub Check: Node.js / Test (ubuntu-latest, 24)
• GitHub Check: Node.js / Test (ubuntu-latest, 22)

🔇 Additional comments (9)

tsconfig.json (1)

28-28: LGTM!

Appropriately excludes Vitest configuration files from TypeScript compilation, aligning with the new test infrastructure added in this PR.

vitest.setup.ts (1)

1-17: LGTM!

The matchMedia mock is properly configured for testing Ant Design responsive components in the jsdom environment. The implementation includes all necessary methods and follows standard patterns.

package.json (2)

10-12: LGTM!

The test scripts are properly configured, and the CI script correctly sequences linting, building, and testing.

---

43-44: Verify vitest version 4.0.16 exists in package.json

The specified vitest version 4.0.16 could not be confirmed in the npm registry; the latest available 4.0.x version is 4.0.15. Confirm whether this is a typo or if a custom/pre-release version is intentionally used. All other testing dependencies (@testing-library/jest-dom 6.9.1, @testing-library/react 16.3.1, jsdom 27.3.0) are current and have no known security vulnerabilities.

vitest.config.ts (1)

1-17: LGTM!

The Vitest configuration is properly set up with the React plugin, jsdom environment, and path aliases that match the TypeScript configuration. The setup file reference is correct.

src/slugs/deps/index.test.tsx (4)

7-17: LGTM!

The mocks appropriately isolate the Deps component from Next.js routing and layout complexity while preserving essential behavior for testing.

---

46-88: LGTM!

The test suite comprehensively covers optionalDependencies rendering with single, empty, and multiple dependency scenarios.

---

90-125: LGTM!

Excellent coverage of the three-column layout and edge case handling when version data is missing.

---

127-140: LGTM!

Correctly verifies link generation with proper URL encoding of the version spec.