fix: add version to npm graph

[gameroman]

🔗 Linked issue

🧭 Context

📚 Description

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Mar 2, 2026 1:58am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Mar 2, 2026 1:58am
npmx-lunaria	Ignored		Mar 2, 2026 1:58am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[coderabbitai]

📝 Walkthrough

Walkthrough

The change modifies the package page to conditionally append a resolved version to the npmgraph.js.org dependency graph URL. When a resolvedVersion is available, the URL includes @ in the query string; otherwise, the URL remains unchanged. This adjustment affects how the "View Dependency Graph" button constructs its target link, enabling the dependency graph to reflect a specific package version when that information is present. The modification involves one line addition and one line removal.

🚥 Pre-merge checks | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description is a template with no substantive content filled in by the author, making it unclear what problem the change solves.	Add a meaningful description explaining the motivation, context, and benefits of adding the version parameter to the npm graph URL.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31033e7 and 02fac0b.

📒 Files selected for processing (1)

• app/pages/package/[[org]]/[name].vue

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Find and examine the file
fd -t f '[name].vue' | grep -E 'package.*\[\[org\]\]'

Repository: npmx-dev/npmx.dev

Length of output: 43

---

🏁 Script executed:

# Read the file around line 1126
wc -l app/pages/package/\[\[org\]\]/\[name\].vue 2>/dev/null || find . -path "*package/[[org]]/[name].vue" -o -path "*package*" -name "[name].vue" | head -5

Repository: npmx-dev/npmx.dev

Length of output: 102

---

🏁 Script executed:

# Search for the exact file using git
git ls-files | grep -i 'name\.vue'

Repository: npmx-dev/npmx.dev

Length of output: 43

---

🏁 Script executed:

# Read lines around 1126 to see the code and context
sed -n '1120,1135p' 'app/pages/package/[[org]]/[name].vue'

Repository: npmx-dev/npmx.dev

Length of output: 766

---

🏁 Script executed:

# Search for where resolvedVersion and pkg are defined or used
sed -n '1,1126p' 'app/pages/package/[[org]]/[name].vue' | tail -100 | head -50

Repository: npmx-dev/npmx.dev

Length of output: 1874

---

🏁 Script executed:

# Look for resolvedVersion definition in the file
rg 'resolvedVersion' 'app/pages/package/[[org]]/[name].vue' -B 3 -A 1

Repository: npmx-dev/npmx.dev

Length of output: 5892

---

🏁 Script executed:

# Run the verification script from the review to confirm URL parsing behaviour
python - <<'PY'
from urllib.parse import urlparse, parse_qs, quote

spec = "@scope/pkg@1.2.3+build.1"

raw_url = f"https://npmgraph.js.org/?q={spec}"
enc_url = f"https://npmgraph.js.org/?q={quote(spec, safe='')}"

print("Raw URL:", raw_url)
print("Raw parsed q:", parse_qs(urlparse(raw_url).query).get("q"))
print()
print("Encoded URL:", enc_url)
print("Encoded parsed q:", parse_qs(urlparse(enc_url).query).get("q"))
PY

Repository: npmx-dev/npmx.dev

Length of output: 285

---

🏁 Script executed:

# Search for URL encoding patterns in the codebase
rg 'encodeURIComponent|encodeURI|URLSearchParams' --type vue --type ts --type tsx -A 2

Repository: npmx-dev/npmx.dev

Length of output: 88

---

🏁 Script executed:

# Check the useResolvedVersion composable to understand the format
fd -t f 'useResolvedVersion' || rg -t ts -t js 'export.*useResolvedVersion|function useResolvedVersion' -A 10

Repository: npmx-dev/npmx.dev

Length of output: 102

---

🏁 Script executed:

# Look for similar URL construction patterns in the file
rg ':to="`https://' 'app/pages/package/[[org]]/[name].vue' -B 1 -A 1

Repository: npmx-dev/npmx.dev

Length of output: 649

---

🏁 Script executed:

# Read the useResolvedVersion composable to understand the version format
cat 'app/composables/npm/useResolvedVersion.ts'

Repository: npmx-dev/npmx.dev

Length of output: 734

---

🏁 Script executed:

# Search for URL encoding utilities in the codebase
rg 'encodeURIComponent|URLSearchParams' -t ts -t js | head -20

Repository: npmx-dev/npmx.dev

Length of output: 2517

---

🏁 Script executed:

# Check what format versions are in across the codebase (looking for build metadata patterns)
rg '\+[a-zA-Z0-9.-]+' 'app/composables/' | head -10

Repository: npmx-dev/npmx.dev

Length of output: 304

---

🏁 Script executed:

# Look at how other external links are constructed
rg ':to="`https://' -A 2 -B 2 | head -40

Repository: npmx-dev/npmx.dev

Length of output: 3334

---

🏁 Script executed:

# Check if there's a similar issue on line 1131 with node-modules.dev
sed -n '1129,1133p' 'app/pages/package/[[org]]/[name].vue'

Repository: npmx-dev/npmx.dev

Length of output: 228

---

🏁 Script executed:

# Look for URL encoding utilities that might already exist in the codebase
cat 'shared/utils/npm.ts' | head -50

Repository: npmx-dev/npmx.dev

Length of output: 1652

---

Encode the npmgraph and node-modules query parameters before interpolation.

Lines 1126 and 1131 construct URLs with unencoded query parameters. If a resolved version contains + (valid semver build metadata), it is decoded as a space, producing an incorrect package specification. Wrap both query values with encodeURIComponent().

Suggested fixes

-                  :to="`https://npmgraph.js.org/?q=${pkg.name}${resolvedVersion ? `@${resolvedVersion}` : ''}`"
+                  :to="`https://npmgraph.js.org/?q=${encodeURIComponent(`${pkg.name}${resolvedVersion ? `@${resolvedVersion}` : ''}`)}`"

-                  :to="`https://node-modules.dev/grid/depth#install=${pkg.name}${resolvedVersion ? `@${resolvedVersion}` : ''}`"
+                  :to="`https://node-modules.dev/grid/depth#install=${encodeURIComponent(`${pkg.name}${resolvedVersion ? `@${resolvedVersion}` : ''}`)}`"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	:to="`https://npmgraph.js.org/?q=${pkg.name}${resolvedVersion ? `@${resolvedVersion}` : ''}`"
	:to="`https://npmgraph.js.org/?q=${encodeURIComponent(`${pkg.name}${resolvedVersion ? `@${resolvedVersion}` : ''}`)}`"