Reconsider 'X major versions behind' big red warnings #2275
Description
Describe the feature
While I think outdated major deps is interesting information, imo marking it in red with an exclamation mark overstates the importance of this. Orange for outdated minor versions seems odd too, this is often done to manage specific issues in a subsequent version, and isn't necessarily problematic in itself either.
As a package maintainer, I worry that as npmx inevitably becomes mega popular 😄 this will create unnecessary work for maintainers, with users avoiding packages or filing issues requesting dep updates unnecessarily when they see the big red marker on the package page, along with a broader sense of pressure to bump everything whenever possible, creating package churn unnecessarily.
This is useful info, it's good to show in some format, but there's also plenty of packages where non-latest-major versions are still actively supported, or where there's simply no need to upgrade at all - e.g. simple packages that work and have little or no security risks (known vulnerabilities are highlighted separately anyway). One example: node-fetch has 2x the downloads for the latest v2 vs latest v3, and both are explicitly still supported, but all packages depending on node-fetch v2 have large red warnings on the dep.
If anything, I think the 'Has vulnerability' (blue shield with a check mark?), 'Suggested replacement' (yellow) and 'Deprecated' (purple) markers should all be relatively higher profile than these warnings - these are all places where the package is likely to have actual issues relating to the dependency.
Any interest in rejigging this slightly? I'd suggest:
- Red exclamation mark for 'Has vulnerability'
- Orange warning icon for deprecated
- Yellow lightbulb for suggested replacement (as now)
- Purple/blue non-warning icons for non-latest major/minor
Additional information
- Would you be willing to help implement this feature?
Final checks
- Read the contribution guide.
- Check existing issues.