feat: add a warning when the package license changes

[aisiklar]

🔗 Linked issue

fixes #1826

🧭 Context

added info/warning beneath the license info, "changed!" if there is a change in the license with additional tooltip which shows info about the change, similar to "from x to y at version a.b".
Also modified the Turkish language support too.

📚 Description

as mentioned in the issue, sometimes license changes and it is important to notify the potential user of the package. This pull request is done to make sure that if there is a change in the license the user will be able to see it and also will get info about the details of the change (like from x license to y license and at version a.b.c)

The following changes are done to the codebase:
modified the [name].vue file: added a new props to LicenseDisplay component.
new composable, useLicenseChanges is written.
In the LicenseDisplay component, changes were made to use this composable and add new element for displaying info about the changed license.
Additionally, en.json and tr-TR.json and schema.json files are modified, to add i18n infrastructure and add Turkish language support (for other languages, additional changes are required)

before:

after:

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ready	Preview, Comment	Apr 4, 2026 8:44pm
npmx.dev	Ready	Preview, Comment	Apr 4, 2026 8:44pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
npmx-lunaria	Ignored		Apr 4, 2026 8:44pm

[github-actions]

Lunaria Status Overview

🌕 This pull request will trigger status changes.

Learn more

By default, every PR changing files present in the Lunaria configuration's files property will be considered and trigger status changes accordingly.

You can change this by adding one of the keywords present in the ignoreKeywords property in your Lunaria configuration file in the PR's title (ignoring all files) or by including a tracker directive in the merged commit's description.

Tracked Files

File	Note
i18n/locales/en.json	Source changed, localizations will be marked as outdated.
i18n/locales/tr-TR.json	Localization changed, will be marked as complete. 🔄️

Warnings reference

Icon	Description
🔄️	The source for this localization has been updated since the creation of this pull request, make sure all changes in the source have been applied.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This change introduces a license-change detection and notification system for package versions. A new composable fetches npm registry metadata for a given package, extracts and chronologically sorts all versions, then compares licenses between consecutive versions to identify transitions. When changes are detected, they are displayed via a warning component that renders an amber alert panel with formatted change details. Supporting internationalization strings have been added to the schema and locale files in English and Turkish.

Suggested reviewers

• danielroe
• trueberryless

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description clearly relates to the changeset, explaining the implementation of license change detection and warning UI.
Linked Issues check	✅ Passed	All primary objectives from issue #1826 are met: detecting license changes, surfacing visible indicators, and providing contextual details.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the linked issue; no out-of-scope modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ghostdevv]

Could you do the style similar to the package size increase warning that we have? #1673 Let me know if you have any questions or need any help!

[coderabbitai]

Actionable comments posted: 3

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f7c1c88e-8b86-4447-9fdb-bfbc10c1ff70

📥 Commits

Reviewing files that changed from the base of the PR and between 4294ada and bfd9550.

📒 Files selected for processing (6)

• app/components/LicenseDisplay.vue
• app/composables/useLicenseChanges.ts
• app/pages/package/[[org]]/[name].vue
• i18n/locales/en.json
• i18n/locales/tr-TR.json
• i18n/schema.json

[aisiklar]

Could you do the style similar to the package size increase warning that we have? #1673 Let me know if you have any questions or need any help!

hi @ghostdevv
thanks for your comment. I will check the link you mentioned and also the comments made by coderabbitai and change accordingly. I will return you in case i have additional questions. Thanks.

[ghostdevv]

Awesome! I'll mark this as draft for now, and you can mark it as ready when you want me to take another look!

[codecov]

Codecov Report

❌ Patch coverage is 86.04651% with 6 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
app/components/LicenseChangeWarning.vue	75.00%	3 Missing ⚠️
app/composables/useLicenseChanges.ts	90.32%	2 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

[aisiklar]

Hi @ghostdevv
Can you please check again?
I made the style change and also fixed the other issues pointed by bot.
I did NOT rebase on the current state of main, if you want, i can do it and make a new commit. This is my first PR so please advice if I am missing some other things.
Thanks

[coderabbitai]

Actionable comments posted: 2

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 274b5e5e-8053-43ca-946d-f111b04b96f3

📥 Commits

Reviewing files that changed from the base of the PR and between bfd9550 and ecbb660.

📒 Files selected for processing (5)

• app/components/LicenseDisplay.vue
• app/composables/useLicenseChanges.ts
• i18n/locales/en.json
• i18n/locales/tr-TR.json
• i18n/schema.json

✅ Files skipped from review due to trivial changes (2)

• i18n/locales/en.json
• i18n/schema.json

🚧 Files skipped from review as they are similar to previous changes (2)

• i18n/locales/tr-TR.json
• app/composables/useLicenseChanges.ts

[ghostdevv]

Hey, the warning should be here like the package size increase one

[ghostdevv]

I think we should only compare to the last version, there is some logic here that could be reused (you can move it into its own utility file in shared too

npmx.dev/app/composables/useInstallSizeDiff.ts

Lines 19 to 39 in 1dd1be9

	function getComparisonVersion(pkg: SlimPackument, resolvedVersion: string): string | null {
	const isCurrentPrerelease = prerelease(resolvedVersion) !== null
	if (isCurrentPrerelease) {
	const latest = pkg['dist-tags']?.latest
	if (!latest || latest === resolvedVersion) return null
	return latest
	}
	// Find the previous version in time that was stable
	const stableVersions = Object.keys(pkg.time)
	.filter(v => v !== 'modified' && v !== 'created' && valid(v) !== null && prerelease(v) === null)
	.sort((a, b) => compare(a, b))
	const currentIdx = stableVersions.indexOf(resolvedVersion)
	// Don't compare the second version against the first as the first
	// has no baseline so a large size difference is expected
	if (currentIdx <= 1) return null
	return stableVersions[currentIdx - 1]!
	}

[aisiklar]

Hi @ghostdevv thanks for the comments. I am working on them.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

app/components/LicenseChangeWarning.vue (1)

31-35: Use a live region role for the async warning panel.

Line 31 renders after async data resolution; aria-label on a plain div is not reliably announced. Add a live-region role (status/alert) so screen-reader users are notified.

♿ Suggested tweak

   <div
     v-if="changes && changes.length > 0"
     class="border border-amber-600/40 bg-amber-500/10 rounded-lg mt-1 gap-x-1 py-2 px-3"
+    role="status"
+    aria-live="polite"
     :aria-label="$t('package.versions.license_change_help')"
   >

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1167677c-ef72-4f68-b6b4-6b6e3ed2725a

📥 Commits

Reviewing files that changed from the base of the PR and between 34b84c5 and 302952a.

📒 Files selected for processing (5)

• app/components/LicenseChangeWarning.vue
• app/composables/useLicenseChanges.ts
• app/pages/package/[[org]]/[name].vue
• i18n/locales/en.json
• i18n/locales/tr-TR.json

✅ Files skipped from review due to trivial changes (2)

• i18n/locales/en.json
• i18n/locales/tr-TR.json

🚧 Files skipped from review as they are similar to previous changes (1)

• app/composables/useLicenseChanges.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove the temporary debug watcher before merge.

Line 466 prints to console on every version update and triggers the existing no-console lint warning.

🧹 Proposed cleanup

-//delete
-watch(
-  resolvedVersion,
-  newV => {
-    console.log('#1 resolvedVersion ', newV)
-  },
-  { immediate: true },
-)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	//delete
	watch(
	resolvedVersion,
	newV => {
	console.log('#1 resolvedVersion ', newV)
	},
	{ immediate: true },
	)

🧰 Tools

🪛 GitHub Check: 🤖 Autofix code

[warning] 466-466: eslint(no-console)
Unexpected console statement.

[aisiklar]

@ghostdevv Hi
Sorry for the late response, it has been a wild week. Anyway, i made the changes you requested but the bot test seems ongoing for a quite long time (i am not sure if there is any problem). Is there anything i need to do? Are the changes ok for you?
Thanks, BR

[ghostdevv]

Currently it's nesting the keys right? I think they should be one key, so it'd be like The license was changed {from} to {to}. I also don't think we need the {version} since it's on the version page, wdyt?

[aisiklar]

agree on that. thanks, as we changed the logic from checking all versions to last version, there is really no meaning to show it anymore, even if it runs the logic on resolvedVersion, which user can change by selecting from version selector.
I will check the keys, so that it will be simpler.

[ghostdevv]

Sorry, another thing here - it may be worth doing this on the server so we don't have to fetch the packument on the client. I think I linked this before, but it's also had some improvements since then. Let me know if you want some help, or don't understand!

https://github.com/npmx-dev/npmx.dev/blob/064cf97ebc89136a267a0c44d757bfaf69212b04/app/composables/useInstallSizeDiff.ts

[aisiklar]

ok, i am not familiar with nuxt (working with next.js, react and vue, mostly) but i will check this example in detail and run my composable on server. If i have some questions i will return you. Thanks for pointing this out to me.

[ghostdevv]

@ghostdevv Hi Sorry for the late response, it has been a wild week. Anyway, i made the changes you requested but the bot test seems ongoing for a quite long time (i am not sure if there is any problem). Is there anything i need to do? Are the changes ok for you? Thanks, BR

Hmm maybe they got stuck 🤔 I merged with main and pushed which seems to have fixed CI!