fix: dependencies complex version link

[alex-key]

Resolves #1120

• Added simple parsing logic to check any dependency version for being complex expression and provide a valid url.
• By complex expression I mean: Range version, Union Version, Comparator Set version or combination of the above
• Logic for extracting url is as follows:
  ^1.0.0 -> ^1.0.0 Simple
  1.0.0 || 2.0.0 -> 2.0.0 Union
  >1.0.0 <=2.0.0 -> <=2.0.0 Comparator Set
  1.0.0 - 2.0.0 -> 2.0.0 Range
  1.0.0 - 2.0.0 || 3.0.0 - 4.0.0 -> 4.0.0 Union of Ranges
• dependencies, peerDependencies and optionalDependencies could have complex version (while 99% cases it's peer), so all of them are handled
• at first I added multiple clickable links for Union separated by a delimiter "||" (1.0.0 || 2.0.0), but I think people rarely need to click on a specific version for union, also it would add some incosistency, so I keep it as a one link, which points to the latest version from Union

Examples for reference:
Comparator Set (dependencies): https://npmx.dev/package/sass
Comparator Set (peer): https://npmx.dev/package/styled-components/v/3.5.0-0
Union (dependencies): https://npmx.dev/package/normalize-package-data/v/2.5.0, https://npmx.dev/package/loose-envify/v/1.4.0
Union (peer): https://npmx.dev/package/eslint-plugin-react

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Feb 22, 2026 1:15pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Feb 22, 2026 1:15pm
npmx-lunaria	Ignored		Feb 22, 2026 1:15pm

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 8 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
app/components/Package/Dependencies.vue	50.00%	8 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

This change adds a VersionLink interface, a LAST_VERSION_IN_RANGE_REGEXP constant, and a buildVersionLink(version: string) function in app/utils/versions.ts that converts complex semver strings into { href, title } objects. app/components/Package/Dependencies.vue was updated to convert dependency version strings (dependencies, peerDependencies, optionalDependencies) into objects via buildVersionLink, adjust sorting and v-for usage to the new { name, version } shape, and use version.href/version.title for links, routes and tooltips across vulnerability, deprecation and optional dependency renderings.

Suggested reviewers

• danielroe

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description clearly explains the parsing logic for complex dependency versions, extraction rules, and implementation approach directly aligned with the changeset.
Linked Issues check	✅ Passed	The implementation fulfils issue #1120 by preventing 404s from version-union links; complex expressions (ranges, unions, comparator sets) are parsed to extract valid URLs that resolve to existing package/version pages.
Out of Scope Changes check	✅ Passed	All changes are scoped to resolving issue #1120: buildVersionLink utility function, Dependencies.vue updates, and version-link handling logic directly address the requirement.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/utils/versions.ts (1)

230-241: Optional: union whose last segment is a comparator set produces a non-exact href.

When the last || segment itself contains comparator operators (e.g. 1.0.0 || >=2.0.0 <3.0.0), the first branch returns href = '>=2.0.0 <3.0.0', which is still not a valid single-version URL. Applying LAST_VERSION_IN_RANGE_REGEXP to the last segment as well would cover this case.

♻️ Proposed approach

  if (version.includes('||') && !version.includes(' - ')) {
    const versions: string[] = version.split('||').map(item => item.trim())
-   href = versions.at(-1) || version
+   const lastSegment = versions.at(-1) || version
+   // If the last segment itself is a comparator, extract its trailing version
+   href = />=|<=|[<>]|&&/.test(lastSegment)
+     ? lastSegment.match(LAST_VERSION_IN_RANGE_REGEXP)?.[1]?.replace(/\s+/g, '') || lastSegment
+     : lastSegment