From 1098929a711f03b0056033da5ef7b7a1c8578b07 Mon Sep 17 00:00:00 2001
From: Jordan Jensen <jordan.jensen@rstudio.com>
Date: Fri, 27 Jun 2025 12:20:29 -0700
Subject: [PATCH 1/3] Add option to show all packages

---
 .../CHANGELOG.md                              |   3 +
 .../src/components/VulnerabilityChecker.vue   | 206 +++++++-----------
 .../components/vulnerability/PackageCard.vue  |  64 ++++++
 .../vulnerability/PackageHeader.vue           |  11 +-
 .../components/vulnerability/PackageList.vue  |  21 ++
 .../src/components/vulnerability/StatCard.vue |  49 +++++
 .../components/vulnerability/StatsPanel.vue   |  67 +++---
 .../vulnerability/VulnerabilityCard.vue       |  58 -----
 .../vulnerability/VulnerabilityList.vue       |  32 ---
 .../src/stores/vulns.ts                       |  77 +++++++
 .../src/types/index.ts                        |   8 +
 11 files changed, 337 insertions(+), 259 deletions(-)
 create mode 100644 extensions/package-vulnerability-scanner/src/components/vulnerability/PackageCard.vue
 create mode 100644 extensions/package-vulnerability-scanner/src/components/vulnerability/PackageList.vue
 create mode 100644 extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue
 delete mode 100644 extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityCard.vue
 delete mode 100644 extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityList.vue
 create mode 100644 extensions/package-vulnerability-scanner/src/types/index.ts

diff --git a/extensions/package-vulnerability-scanner/CHANGELOG.md b/extensions/package-vulnerability-scanner/CHANGELOG.md
index cc0a4b86..ef6e62ce 100644
--- a/extensions/package-vulnerability-scanner/CHANGELOG.md
+++ b/extensions/package-vulnerability-scanner/CHANGELOG.md
@@ -11,6 +11,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Render markdown in vulnerability details using markdown-it (#204)
 - Display language versions (Python, R, Quarto) for content items (#206)
+- The counts of packages are now clickable giving the option to show all
+  packages, only Python packages, only R packages, or only vulnerable packages.
+  The list defaults to showing vulnerable packages. (#207)
 
 ### Changed
 
diff --git a/extensions/package-vulnerability-scanner/src/components/VulnerabilityChecker.vue b/extensions/package-vulnerability-scanner/src/components/VulnerabilityChecker.vue
index 57bd61cb..d52e0ac0 100644
--- a/extensions/package-vulnerability-scanner/src/components/VulnerabilityChecker.vue
+++ b/extensions/package-vulnerability-scanner/src/components/VulnerabilityChecker.vue
@@ -2,38 +2,41 @@
 import { useVulnsStore } from "../stores/vulns";
 import { usePackagesStore } from "../stores/packages";
 import { useContentStore } from "../stores/content";
-import type { Vulnerability, VulnerabilityRange } from "../stores/vulns";
-import type { Package } from "../stores/packages";
-import { computed } from "vue";
+import { computed, ref } from "vue";
 
 // Import UI components
 import LoadingSpinner from "./ui/LoadingSpinner.vue";
 import StatusMessage from "./ui/StatusMessage.vue";
 
 // Import vulnerability components
-import StatsPanel from "./vulnerability/StatsPanel.vue";
+import StatsPanel, { type FilterType } from "./vulnerability/StatsPanel.vue";
 import EmptyState from "./vulnerability/EmptyState.vue";
-import VulnerabilityList from "./vulnerability/VulnerabilityList.vue";
+import PackageList from "./vulnerability/PackageList.vue";
 import ArrowTopRight from "./icons/ArrowTopRight.vue";
-
-interface VulnerablePackageItem {
-  packageInfo: Package;
-  vulnerabilities: Vulnerability[];
-  repo: "pypi" | "cran";
-  latestFixedVersion: string | null;
-}
+import type { PackageWithVulnsAndFix } from "../types";
 
 const vulnStore = useVulnsStore();
 const packagesStore = usePackagesStore();
 const contentStore = useContentStore();
 
-const packages = computed(() => {
+const packages = computed((): PackageWithVulnsAndFix[] => {
   // Get the current content's packages
   const currentId = contentStore.currentContentId;
   if (!currentId) return [];
 
   const contentItem = packagesStore.contentItems[currentId];
-  return contentItem ? contentItem.packages : [];
+  const result = contentItem ? contentItem.packages : [];
+
+  return result.map((pkg): PackageWithVulnsAndFix => {
+    return {
+      package: pkg,
+      ...vulnStore.getDetailsForPackageVersion(
+        pkg.name,
+        pkg.version,
+        pkg.language.toLowerCase() === "python" ? "pypi" : "cran",
+      ),
+    };
+  });
 });
 
 // Track loading states
@@ -62,29 +65,6 @@ const hasPackages = computed(() => {
   return packages.value.length > 0;
 });
 
-// Extract the fixed version from the vulnerability ranges data
-function getFixedVersion(vuln: Vulnerability): string | null {
-  if (!vuln.ranges || !Array.isArray(vuln.ranges) || vuln.ranges.length === 0) {
-    return null;
-  }
-
-  let result: string | null = null;
-
-  const getFixedEventValue = (range: VulnerabilityRange): string | null => {
-    return range.events.find((e) => Boolean(e.fixed))?.fixed || null;
-  };
-
-  for (const range of vuln.ranges) {
-    if (range.type === "ECOSYSTEM" && range.events) {
-      return getFixedEventValue(range);
-    } else {
-      result = getFixedEventValue(range);
-    }
-  }
-
-  return result;
-}
-
 // Go back to content list
 function goBack() {
   contentStore.currentContentId = undefined;
@@ -92,82 +72,9 @@ function goBack() {
 }
 
 // Find vulnerable packages by comparing package data with vulnerability data
-const vulnerablePackages = computed<VulnerablePackageItem[]>(() => {
-  if (isLoading.value || !packages.value.length || !vulnStore.isFetched)
-    return [];
-
-  // Use a Map to group vulnerabilities by package
-  const packageMap = new Map<
-    string,
-    {
-      packageInfo: Package;
-      vulnerabilities: Vulnerability[];
-      repo: "pypi" | "cran";
-      fixedVersions: string[];
-    }
-  >();
-
-  // Process each installed package
-  for (const pkg of packages.value) {
-    const packageId = `${pkg.name}@${pkg.version}`;
-    const repo = pkg.language.toLowerCase() === "python" ? "pypi" : "cran";
-    const vulnerabilityMap = repo === "pypi" ? vulnStore.pypi : vulnStore.cran;
-    const packageName = pkg.name.toLowerCase();
-
-    // If this package has known vulnerabilities
-    if (vulnerabilityMap[packageName]) {
-      // For each vulnerability associated with this package
-      for (const vuln of vulnerabilityMap[packageName]) {
-        // Check if the current package version is in the vulnerable versions
-        if (vuln.versions && vuln.versions[pkg.version]) {
-          const fixedVersion = getFixedVersion(vuln);
-
-          if (!packageMap.has(packageId)) {
-            packageMap.set(packageId, {
-              packageInfo: pkg,
-              vulnerabilities: [],
-              repo,
-              fixedVersions: [],
-            });
-          }
-
-          const packageData = packageMap.get(packageId)!;
-          packageData.vulnerabilities.push(vuln);
-
-          if (fixedVersion) {
-            packageData.fixedVersions.push(fixedVersion);
-          }
-        }
-      }
-    }
-  }
-
-  // Convert the Map to an array and determine the latest fixed version
-  return Array.from(packageMap.values()).map((item) => {
-    // Sort fixed versions semantically (assuming they are valid semver)
-    // This simple comparison works for most simple version formats
-    const sortedFixedVersions = [...item.fixedVersions].sort((a, b) => {
-      const aParts = a.split(".");
-      const bParts = b.split(".");
-
-      for (let i = 0; i < Math.max(aParts.length, bParts.length); i++) {
-        const aNum = parseInt(aParts[i] || "0", 10);
-        const bNum = parseInt(bParts[i] || "0", 10);
-        if (aNum !== bNum) {
-          return bNum - aNum; // Descending order (latest first)
-        }
-      }
-
-      return 0;
-    });
-
-    return {
-      packageInfo: item.packageInfo,
-      vulnerabilities: item.vulnerabilities,
-      repo: item.repo,
-      latestFixedVersion:
-        sortedFixedVersions.length > 0 ? sortedFixedVersions[0] : null,
-    };
+const vulnerablePackages = computed((): PackageWithVulnsAndFix[] => {
+  return packages.value.filter((pkg) => {
+    return pkg.vulnerabilities && pkg.vulnerabilities.length > 0;
   });
 });
 
@@ -190,22 +97,57 @@ const contentTitle = computed(
 );
 const dashboardUrl = computed(() => contentInfo.value?.dashboard_url || null);
 
-// Stats
-const totalPackages = computed(() => packages.value.length);
-const pythonPackages = computed(
-  () =>
-    packages.value.filter((p) => p.language.toLowerCase() === "python").length,
-);
-const rPackages = computed(
-  () => packages.value.filter((p) => p.language.toLowerCase() === "r").length,
-);
+const pythonPackages = computed((): PackageWithVulnsAndFix[] => {
+  if (isLoading.value || !packages.value.length) return [];
+  return packages.value.filter(
+    (p) => p.package.language.toLowerCase() === "python",
+  );
+});
+
+const rPackages = computed((): PackageWithVulnsAndFix[] => {
+  if (isLoading.value || !packages.value.length) return [];
+  return packages.value.filter((p) => p.package.language.toLowerCase() === "r");
+});
 
 // Total number of vulnerabilities (CVEs) across all packages
 const totalVulnerabilities = computed(() => {
   return vulnerablePackages.value.reduce((total, pkg) => {
-    return total + pkg.vulnerabilities.length;
+    return total + (pkg.vulnerabilities ? pkg.vulnerabilities.length : 0);
   }, 0);
 });
+
+const activeFilter = ref<FilterType>("vulnerable");
+
+const filterTitle = computed(() => {
+  switch (activeFilter.value) {
+    case "all":
+      return "All Packages";
+    case "python":
+      return "Python Packages";
+    case "r":
+      return "R Packages";
+    case "vulnerable":
+      return "Vulnerable Packages";
+    default:
+      return "Packages";
+  }
+});
+
+// Use the filtered arrays for the displayed packages
+const filteredPackages = computed((): PackageWithVulnsAndFix[] => {
+  if (isLoading.value || !packages.value.length) return [];
+
+  switch (activeFilter.value) {
+    case "python":
+      return pythonPackages.value;
+    case "r":
+      return rPackages.value;
+    case "vulnerable":
+      return vulnerablePackages.value;
+    default:
+      return packages.value;
+  }
+});
 </script>
 
 <template>
@@ -266,21 +208,27 @@ const totalVulnerabilities = computed(() => {
     <!-- Content loaded successfully -->
     <template v-else>
       <StatsPanel
-        :totalPackages="totalPackages"
-        :pythonPackages="pythonPackages"
-        :rPackages="rPackages"
+        v-model="activeFilter"
+        :totalPackages="packages.length"
+        :pythonPackages="pythonPackages.length"
+        :rPackages="rPackages.length"
         :vulnerabilities="totalVulnerabilities"
       />
 
+      <h3 class="text-lg text-gray-700 mb-4">{{ filterTitle }}</h3>
+
       <EmptyState v-if="!hasPackages">
         <p>This content has no packages. No vulnerabilities found.</p>
       </EmptyState>
 
-      <EmptyState v-else-if="vulnerablePackages.length === 0">
-        <p>No vulnerabilities found.</p>
+      <EmptyState v-else-if="filteredPackages.length === 0">
+        <p v-if="activeFilter === 'vulnerable'">No vulnerabilities found.</p>
+        <p v-else-if="activeFilter === 'python'">No Python packages found.</p>
+        <p v-else-if="activeFilter === 'r'">No R packages found.</p>
+        <p v-else>No packages found.</p>
       </EmptyState>
 
-      <VulnerabilityList v-else :vulnerablePackages="vulnerablePackages" />
+      <PackageList v-else :packages="filteredPackages" />
     </template>
   </div>
 </template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageCard.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageCard.vue
new file mode 100644
index 00000000..a94daef9
--- /dev/null
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageCard.vue
@@ -0,0 +1,64 @@
+<script setup lang="ts">
+import { computed } from "vue";
+
+import PackageHeader from "./PackageHeader.vue";
+import VulnerabilityDetails from "./VulnerabilityDetails.vue";
+import type { Package } from "../../stores/packages";
+import { type Vulnerability } from "../../stores/vulns";
+
+const props = defineProps<{
+  package: Package;
+  vulnerabilities?: Vulnerability[];
+  latestFixedVersion?: string | null;
+}>();
+
+const repo = computed(() =>
+  props.package.language.toLowerCase() === "python" ? "pypi" : "cran",
+);
+</script>
+
+<template>
+  <div>
+    <PackageHeader :package="package" :repo="repo" />
+
+    <template v-if="vulnerabilities && vulnerabilities.length > 0">
+      <p
+        v-if="vulnerabilities.length > 1"
+        class="text-sm font-medium text-gray-700 mb-3"
+      >
+        {{ vulnerabilities.length }} vulnerabilities found for this package
+      </p>
+
+      <div
+        v-if="latestFixedVersion"
+        class="bg-green-50 border-l-3 border-green-500 py-2 px-3 my-3 rounded-r-md"
+      >
+        <p class="m-0 text-[15px] text-green-700 flex items-center">
+          <span class="mr-2">🛠️</span>
+          <span
+            >To fix
+            {{
+              vulnerabilities.length > 1
+                ? "these vulnerabilities"
+                : "this vulnerability"
+            }}, upgrade to version {{ latestFixedVersion }} or later.</span
+          >
+        </p>
+      </div>
+
+      <template
+        v-for="vulnerability in vulnerabilities"
+        :key="vulnerability.id"
+      >
+        <VulnerabilityDetails
+          :id="vulnerability.id"
+          class="not-last:mb-6"
+          :summary="vulnerability.summary"
+          :details="vulnerability.details"
+          :publishDate="vulnerability.published"
+          :modifiedDate="vulnerability.modified"
+        />
+      </template>
+    </template>
+  </div>
+</template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageHeader.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageHeader.vue
index 9d73e56e..af9ed331 100644
--- a/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageHeader.vue
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageHeader.vue
@@ -1,18 +1,19 @@
 <script setup lang="ts">
+import type { Package } from "../../stores/packages";
+
 defineProps<{
-  packageName: string;
-  packageVersion: string;
+  package: Package;
   repo: "pypi" | "cran";
 }>();
 </script>
 
 <template>
-  <div class="flex items-center mb-3 gap-2 font-mono">
+  <div class="flex items-center not-last:mb-3 gap-2 font-mono">
     <h4 class="text-gray-800 text-lg m-0 font-semibold">
-      {{ packageName }}
+      {{ package.name }}
     </h4>
 
-    <span class="text-gray-500">v{{ packageVersion }}</span>
+    <span class="text-gray-500">v{{ package.version }}</span>
 
     <span
       class="text-xs font-bold text-white py-1 px-2 rounded self-end ml-auto"
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageList.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageList.vue
new file mode 100644
index 00000000..6f1d7432
--- /dev/null
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/PackageList.vue
@@ -0,0 +1,21 @@
+<script setup lang="ts">
+import PackageCard from "./PackageCard.vue";
+import type { PackageWithVulnsAndFix } from "../../types";
+
+defineProps<{
+  packages: PackageWithVulnsAndFix[];
+}>();
+</script>
+
+<template>
+  <div>
+    <PackageCard
+      v-for="(pkg, index) in packages"
+      :key="index"
+      class="not-last:border-b border-gray-300 not-last:pb-6 not-last:mb-6"
+      :package="pkg.package"
+      :vulnerabilities="pkg.vulnerabilities"
+      :latest-fixed-version="pkg.latestFixedVersion"
+    />
+  </div>
+</template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue
new file mode 100644
index 00000000..cb964ef5
--- /dev/null
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue
@@ -0,0 +1,49 @@
+<script setup lang="ts">
+export type StatCardType = "primary" | "error";
+
+interface Props {
+  count: number;
+  active: boolean;
+  label: string;
+  type?: StatCardType;
+}
+
+withDefaults(defineProps<Props>(), {
+  type: "primary",
+});
+</script>
+
+<template>
+  <div
+    class="p-4 rounded-md flex flex-col items-center cursor-pointer transition-colors"
+    :class="{
+      'ring-2': active,
+      'bg-gray-50': !active,
+      'hover:bg-blue-100': type === 'primary',
+      'bg-blue-50 ring-blue-400': type === 'primary' && active,
+      'hover:bg-red-100': type === 'error',
+      'bg-red-50 ring-red-400': type === 'error' && active,
+    }"
+  >
+    <span
+      class="text-3xl font-bold"
+      :class="{
+        'text-gray-800': !active,
+        'text-blue-600': type === 'primary' && active,
+        'text-red-500': type === 'error' && active,
+      }"
+    >
+      {{ count }}
+    </span>
+    <span
+      class="text-sm mt-1"
+      :class="{
+        'text-gray-500': !active,
+        'text-blue-600': type === 'primary' && active,
+        'text-red-500': type === 'error' && active,
+      }"
+    >
+      {{ label }}
+    </span>
+  </div>
+</template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue
index f695febc..ca244460 100644
--- a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue
@@ -1,52 +1,49 @@
 <script setup lang="ts">
+import StatCard from "./StatCard.vue";
+
+export type FilterType = "all" | "python" | "r" | "vulnerable";
+
 defineProps<{
   totalPackages: number;
   pythonPackages: number;
   rPackages: number;
   vulnerabilities: number;
 }>();
+
+const filter = defineModel<FilterType>({ required: true });
 </script>
 
 <template>
-  <div class="mb-8">
+  <div class="mb-4">
     <div class="grid grid-cols-2 md:grid-cols-4 gap-4">
-      <div class="bg-gray-50 p-4 rounded-md flex flex-col items-center">
-        <span class="text-3xl font-bold text-gray-800">{{
-          totalPackages
-        }}</span>
-        <span class="text-sm text-gray-500 mt-1">Total Packages</span>
-      </div>
+      <StatCard
+        :count="vulnerabilities"
+        :active="filter === 'vulnerable'"
+        label="Vulnerabilities"
+        type="error"
+        @click="() => (filter = 'vulnerable')"
+      />
 
-      <div class="bg-gray-50 p-4 rounded-md flex flex-col items-center">
-        <span class="text-3xl font-bold text-gray-800">{{
-          pythonPackages
-        }}</span>
-        <span class="text-sm text-gray-500 mt-1">Python Packages</span>
-      </div>
+      <StatCard
+        :count="pythonPackages"
+        :active="filter === 'python'"
+        label="Python Packages"
+        @click="() => (filter = 'python')"
+      />
 
-      <div class="bg-gray-50 p-4 rounded-md flex flex-col items-center">
-        <span class="text-3xl font-bold text-gray-800">{{ rPackages }}</span>
-        <span class="text-sm text-gray-500 mt-1">R Packages</span>
-      </div>
+      <StatCard
+        :count="rPackages"
+        :active="filter === 'r'"
+        label="R Packages"
+        @click="() => (filter = 'r')"
+      />
 
-      <div
-        class="p-4 rounded-md flex flex-col items-center"
-        :class="{
-          'bg-gray-50': vulnerabilities === 0,
-          'bg-red-50': vulnerabilities > 0,
-        }"
-      >
-        <span
-          class="text-3xl font-bold"
-          :class="{
-            'text-red-500': vulnerabilities > 0,
-            'text-gray-800': vulnerabilities === 0,
-          }"
-        >
-          {{ vulnerabilities }}
-        </span>
-        <span class="text-sm text-gray-500 mt-1">Vulnerabilities</span>
-      </div>
+      <StatCard
+        :count="totalPackages"
+        :active="filter === 'all'"
+        label="Total Packages"
+        @click="() => (filter = 'all')"
+      />
     </div>
   </div>
 </template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityCard.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityCard.vue
deleted file mode 100644
index 3d1481c4..00000000
--- a/extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityCard.vue
+++ /dev/null
@@ -1,58 +0,0 @@
-<script setup lang="ts">
-import PackageHeader from "./PackageHeader.vue";
-import VulnerabilityDetails from "./VulnerabilityDetails.vue";
-import type { Vulnerability } from "../../stores/vulns";
-import type { Package } from "../../stores/packages";
-
-defineProps<{
-  packageInfo: Package;
-  vulnerabilities: Vulnerability[];
-  repo: "pypi" | "cran";
-  latestFixedVersion: string | null;
-}>();
-</script>
-
-<template>
-  <div>
-    <PackageHeader
-      :packageName="packageInfo.name"
-      :packageVersion="packageInfo.version"
-      :repo="repo"
-    />
-
-    <p
-      v-if="vulnerabilities.length > 1"
-      class="text-sm font-medium text-gray-700 mb-3"
-    >
-      {{ vulnerabilities.length }} vulnerabilities found for this package
-    </p>
-
-    <div
-      v-if="latestFixedVersion"
-      class="bg-green-50 border-l-3 border-green-500 py-2 px-3 my-3 rounded-r-md"
-    >
-      <p class="m-0 text-[15px] text-green-700 flex items-center">
-        <span class="mr-2">🛠️</span>
-        <span
-          >To fix
-          {{
-            vulnerabilities.length > 1
-              ? "these vulnerabilities"
-              : "this vulnerability"
-          }}, upgrade to version {{ latestFixedVersion }} or later.</span
-        >
-      </p>
-    </div>
-
-    <template v-for="vulnerability in vulnerabilities" :key="vulnerability.id">
-      <VulnerabilityDetails
-        :id="vulnerability.id"
-        class="not-last:mb-6"
-        :summary="vulnerability.summary"
-        :details="vulnerability.details"
-        :publishDate="vulnerability.published"
-        :modifiedDate="vulnerability.modified"
-      />
-    </template>
-  </div>
-</template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityList.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityList.vue
deleted file mode 100644
index afc88d50..00000000
--- a/extensions/package-vulnerability-scanner/src/components/vulnerability/VulnerabilityList.vue
+++ /dev/null
@@ -1,32 +0,0 @@
-<script setup lang="ts">
-import VulnerabilityCard from "./VulnerabilityCard.vue";
-import type { Vulnerability } from "../../stores/vulns";
-import type { Package } from "../../stores/packages";
-
-interface VulnerablePackageItem {
-  packageInfo: Package;
-  vulnerabilities: Vulnerability[];
-  repo: "pypi" | "cran";
-  latestFixedVersion: string | null;
-}
-
-defineProps<{
-  vulnerablePackages: VulnerablePackageItem[];
-}>();
-</script>
-
-<template>
-  <div>
-    <h3 class="mt-8 mb-4 text-lg text-gray-700">Vulnerable Packages</h3>
-
-    <VulnerabilityCard
-      v-for="(item, index) in vulnerablePackages"
-      :key="index"
-      class="not-last:border-b border-gray-300 not-last:pb-6 not-last:mb-6"
-      :packageInfo="item.packageInfo"
-      :vulnerabilities="item.vulnerabilities"
-      :repo="item.repo"
-      :latestFixedVersion="item.latestFixedVersion"
-    />
-  </div>
-</template>
diff --git a/extensions/package-vulnerability-scanner/src/stores/vulns.ts b/extensions/package-vulnerability-scanner/src/stores/vulns.ts
index 4d88de3a..443f53d2 100644
--- a/extensions/package-vulnerability-scanner/src/stores/vulns.ts
+++ b/extensions/package-vulnerability-scanner/src/stores/vulns.ts
@@ -62,6 +62,82 @@ export const useVulnsStore = defineStore("vulns", () => {
     }
   }
 
+  // Extract the fixed version from the vulnerability ranges data
+  function getFixedVersion(vuln: Vulnerability): string | null {
+    if (
+      !vuln.ranges ||
+      !Array.isArray(vuln.ranges) ||
+      vuln.ranges.length === 0
+    ) {
+      return null;
+    }
+
+    let result: string | null = null;
+
+    const getFixedEventValue = (range: VulnerabilityRange): string | null => {
+      return range.events.find((e) => Boolean(e.fixed))?.fixed || null;
+    };
+
+    for (const range of vuln.ranges) {
+      if (range.type === "ECOSYSTEM" && range.events) {
+        return getFixedEventValue(range);
+      } else {
+        result = getFixedEventValue(range);
+      }
+    }
+
+    return result;
+  }
+
+  function getDetailsForPackageVersion(
+    packageName: string,
+    version: string,
+    repo: "pypi" | "cran",
+  ): {
+    vulnerabilities: Vulnerability[];
+    latestFixedVersion: string | null;
+  } {
+    const vulns: Vulnerability[] = [];
+    const fixVersions: string[] = [];
+    const vulnsMap = repo === "pypi" ? pypi.value : cran.value;
+
+    // If this package has known vulnerabilities
+    if (vulnsMap[packageName]) {
+      // For each vulnerability associated with this package
+      for (const vuln of vulnsMap[packageName]) {
+        // Check if the current package version is in the vulnerable versions
+        if (vuln.versions && vuln.versions[version]) {
+          const fixedVersion = getFixedVersion(vuln);
+          if (fixedVersion) {
+            fixVersions.push(fixedVersion);
+          }
+          vulns.push(vuln);
+        }
+      }
+    }
+
+    const sortedFixedVersions = fixVersions.sort((a, b) => {
+      const aParts = a.split(".");
+      const bParts = b.split(".");
+
+      for (let i = 0; i < Math.max(aParts.length, bParts.length); i++) {
+        const aNum = parseInt(aParts[i] || "0", 10);
+        const bNum = parseInt(bParts[i] || "0", 10);
+        if (aNum !== bNum) {
+          return bNum - aNum; // Descending order (latest first)
+        }
+      }
+
+      return 0;
+    });
+
+    return {
+      vulnerabilities: vulns,
+      latestFixedVersion:
+        sortedFixedVersions.length > 0 ? sortedFixedVersions[0] : null,
+    };
+  }
+
   return {
     // State
     pypi,
@@ -73,5 +149,6 @@ export const useVulnsStore = defineStore("vulns", () => {
 
     // Actions
     fetchVulns,
+    getDetailsForPackageVersion,
   };
 });
diff --git a/extensions/package-vulnerability-scanner/src/types/index.ts b/extensions/package-vulnerability-scanner/src/types/index.ts
new file mode 100644
index 00000000..b18c012f
--- /dev/null
+++ b/extensions/package-vulnerability-scanner/src/types/index.ts
@@ -0,0 +1,8 @@
+import type { Package } from "../stores/packages";
+import type { Vulnerability } from "../stores/vulns";
+
+export interface PackageWithVulnsAndFix {
+  package: Package;
+  vulnerabilities?: Vulnerability[];
+  latestFixedVersion?: string | null;
+}

From 1b6be74ed33ba208fb7519d1ebd03e34e266834c Mon Sep 17 00:00:00 2001
From: Jordan Jensen <jordan.jensen@rstudio.com>
Date: Fri, 27 Jun 2025 12:24:32 -0700
Subject: [PATCH 2/3] Update manifest checksums

---
 extensions/package-vulnerability-scanner/manifest.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/extensions/package-vulnerability-scanner/manifest.json b/extensions/package-vulnerability-scanner/manifest.json
index 9a5162e6..c198cca6 100644
--- a/extensions/package-vulnerability-scanner/manifest.json
+++ b/extensions/package-vulnerability-scanner/manifest.json
@@ -20,14 +20,14 @@
 	},
 	"packages": {},
 	"files": {
-		"dist/assets/index-D8PwKrP_.css": {
-			"checksum": "044d9467fefba864d607aec25d40b752"
+		"dist/assets/index-CmdH3BdM.css": {
+			"checksum": "133200803297edaaba634130f05ce6ac"
 		},
-		"dist/assets/index-DZg-mVL2.js": {
-			"checksum": "f2669c5c9adb7f51e92ca4703695fecb"
+		"dist/assets/index-Du2G30Y1.js": {
+			"checksum": "4958bb7333708903b5fc9a1175699a0f"
 		},
 		"dist/index.html": {
-			"checksum": "2dcc09528bdcb3616a22cf8940867014"
+			"checksum": "1e0c4a4d75af403440bf2b58249ac299"
 		},
 		"main.py": {
 			"checksum": "f8385dbd8a8cd24204f1eb6209f8bb30"

From 176d92cd0bf09bb2b97020fa291ee98e116404ea Mon Sep 17 00:00:00 2001
From: Jordan Jensen <jordan.jensen@rstudio.com>
Date: Fri, 27 Jun 2025 12:36:32 -0700
Subject: [PATCH 3/3] Make the StatCard a button

---
 extensions/package-vulnerability-scanner/manifest.json |  6 +++---
 .../vulnerability/{StatCard.vue => StatButton.vue}     |  9 +++++----
 .../src/components/vulnerability/StatsPanel.vue        | 10 +++++-----
 3 files changed, 13 insertions(+), 12 deletions(-)
 rename extensions/package-vulnerability-scanner/src/components/vulnerability/{StatCard.vue => StatButton.vue} (90%)

diff --git a/extensions/package-vulnerability-scanner/manifest.json b/extensions/package-vulnerability-scanner/manifest.json
index c198cca6..0460ceb9 100644
--- a/extensions/package-vulnerability-scanner/manifest.json
+++ b/extensions/package-vulnerability-scanner/manifest.json
@@ -23,11 +23,11 @@
 		"dist/assets/index-CmdH3BdM.css": {
 			"checksum": "133200803297edaaba634130f05ce6ac"
 		},
-		"dist/assets/index-Du2G30Y1.js": {
-			"checksum": "4958bb7333708903b5fc9a1175699a0f"
+		"dist/assets/index-Mo0hYq-0.js": {
+			"checksum": "a8cd717c6740df720243f5c5df7440a3"
 		},
 		"dist/index.html": {
-			"checksum": "1e0c4a4d75af403440bf2b58249ac299"
+			"checksum": "4a7eba688b0cb49d2d5cc87c123fbcfd"
 		},
 		"main.py": {
 			"checksum": "f8385dbd8a8cd24204f1eb6209f8bb30"
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatButton.vue
similarity index 90%
rename from extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue
rename to extensions/package-vulnerability-scanner/src/components/vulnerability/StatButton.vue
index cb964ef5..7dff3ae3 100644
--- a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatCard.vue
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatButton.vue
@@ -1,11 +1,11 @@
 <script setup lang="ts">
-export type StatCardType = "primary" | "error";
+export type StatButtonType = "primary" | "error";
 
 interface Props {
   count: number;
   active: boolean;
   label: string;
-  type?: StatCardType;
+  type?: StatButtonType;
 }
 
 withDefaults(defineProps<Props>(), {
@@ -14,7 +14,7 @@ withDefaults(defineProps<Props>(), {
 </script>
 
 <template>
-  <div
+  <button
     class="p-4 rounded-md flex flex-col items-center cursor-pointer transition-colors"
     :class="{
       'ring-2': active,
@@ -24,6 +24,7 @@ withDefaults(defineProps<Props>(), {
       'hover:bg-red-100': type === 'error',
       'bg-red-50 ring-red-400': type === 'error' && active,
     }"
+    type="button"
   >
     <span
       class="text-3xl font-bold"
@@ -45,5 +46,5 @@ withDefaults(defineProps<Props>(), {
     >
       {{ label }}
     </span>
-  </div>
+  </button>
 </template>
diff --git a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue
index ca244460..bed0dc46 100644
--- a/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue
+++ b/extensions/package-vulnerability-scanner/src/components/vulnerability/StatsPanel.vue
@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import StatCard from "./StatCard.vue";
+import StatButton from "./StatButton.vue";
 
 export type FilterType = "all" | "python" | "r" | "vulnerable";
 
@@ -16,7 +16,7 @@ const filter = defineModel<FilterType>({ required: true });
 <template>
   <div class="mb-4">
     <div class="grid grid-cols-2 md:grid-cols-4 gap-4">
-      <StatCard
+      <StatButton
         :count="vulnerabilities"
         :active="filter === 'vulnerable'"
         label="Vulnerabilities"
@@ -24,21 +24,21 @@ const filter = defineModel<FilterType>({ required: true });
         @click="() => (filter = 'vulnerable')"
       />
 
-      <StatCard
+      <StatButton
         :count="pythonPackages"
         :active="filter === 'python'"
         label="Python Packages"
         @click="() => (filter = 'python')"
       />
 
-      <StatCard
+      <StatButton
         :count="rPackages"
         :active="filter === 'r'"
         label="R Packages"
         @click="() => (filter = 'r')"
       />
 
-      <StatCard
+      <StatButton
         :count="totalPackages"
         :active="filter === 'all'"
         label="Total Packages"