fix: resolve semantic versioning issue#2383
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
2 Skipped Deployments
|
|
Hello! Thank you for opening your first PR to npmx, @ElshadHu! 🚀 Here’s what will happen next:
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThe PR updates the Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
test/nuxt/composables/use-resolved-version.spec.ts (1)
120-137: Add a regression case for digit-prefixed non-exact specifiers.This segment validates letter-prefixed tags only. Please add a case like
requestedVersion = '1.x'withpublishedAt: nullto lock in the intended “no exact-version cross-check” behaviour for non-exact specifiers.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 0d991eb1-3252-4b5a-8ec5-655a5fd2b41d
📒 Files selected for processing (2)
app/composables/npm/useResolvedVersion.tstest/nuxt/composables/use-resolved-version.spec.ts
| // The fast-npm-meta API echoes back non-existent exact versions without | ||
| // error (no publishedAt, no validation). When publishedAt is missing for | ||
| // an exact version request, cross-check the versions list to confirm the | ||
| // version actually exists in the registry. |
There was a problem hiding this comment.
I'd almost rather fix this upstream, want to make a PR?
There was a problem hiding this comment.
I made a PR in upstream, if there is any issue, please let me know
|
I'll close this in anticipation of antfu/fast-npm-meta#37 being merged - if that isn't then we can revisit this 🙏 |
2 participants
🔗 Linked issue
Fixes #2342
🧭 Context
Requesting a non-existent package version (e.g.
/package/axios/v/150.150.150) returned HTTP 200 instead of 404. The page was silently showing content as if the version existed.Added version validation in
useResolvedVersionand unit tests to cover the fix.📚 Description
The
npm.antfu.devAPI (fast-npm-meta) echoes back any version string without validating it against the registry. For non-existent versions it returns a 200 response but omitspublishedAt. Because the fetch succeeded and returned a truthy version string, the existing 404 guards in the page never triggered.The fix adds a check in
useResolvedVersion: when an exact version is requested (starts with a digit) and the response has nopublishedAt, a second request is made to the/versions/endpoint on the same API to confirm the version actually exists. If it does not, the composable returnsundefined, which the existing 404 guards in [name].vue already handle correctly - both on the server (throwing a 404) and on the client (showing the error page).Dist-tags (
latest,next) and semver ranges start with a letter and skip this check since they resolve to a different version string by design.Files changed:
publishedAtis absentpublishedAt, dist-tags, and scoped packages