Skip to content

chore: exclude prereleases from outdated packages#1457

Open
idleberg wants to merge 2 commits intonpmx-dev:mainfrom
idleberg:feature/exclude-unstable-versions-from-outdated
Open

chore: exclude prereleases from outdated packages#1457
idleberg wants to merge 2 commits intonpmx-dev:mainfrom
idleberg:feature/exclude-unstable-versions-from-outdated

Conversation

@idleberg
Copy link
Contributor

@idleberg idleberg commented Feb 13, 2026
edited
Loading

Fixes #1456. However, this might need some discussion because the problematic behaviour can be interpreted in two ways:

  1. A developer intentionally chose to tag a version as latest, and we should honour this decision
  2. A developer mistakenly tagged the version as latest, and we decided that *-alpha or *-beta should overrule the distTag

What are your thoughts on this?

@vercel
Copy link

vercel bot commented Feb 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
npmx.dev Ready Ready Preview, Comment Feb 13, 2026 8:00am
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
docs.npmx.dev Ignored Ignored Preview Feb 13, 2026 8:00am
npmx-lunaria Ignored Ignored Feb 13, 2026 8:00am

Request Review

@codecov
Copy link

codecov bot commented Feb 13, 2026

Codecov Report

❌ Patch coverage is 57.14286% with 3 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
app/composables/npm/useOutdatedDependencies.ts 57.14% 1 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 13, 2026

📝 Walkthrough

Walkthrough

The composable module for tracking npm dependencies has been modified to improve version comparison logic. The code now computes a latestStable version that prioritises non-prerelease versions over prerelease versions. When the latest dist tag is identified as a prerelease, the implementation filters available versions to find the highest non-prerelease alternative. This latestStable value is then used in the outdated dependency resolution process. The change maintains backward compatibility for scenarios where insufficient version data exists. No public method signatures have been altered.

🚥 Pre-merge checks | ✅ 1 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The pull request has no description provided by the author, making it impossible to assess whether the stated intent aligns with the changes. Add a pull request description explaining the changes and rationale for excluding prereleases from outdated package detection.
✅ Passed checks (1 passed)
Check name Status Explanation
Merge Conflict Detection ✅ Passed ✅ No merge conflicts detected when merging into main

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

No actionable comments were generated in the recent review. 🎉

Comment @coderabbitai help to get the list of available commands and usage tips.

@danielroe
Copy link
Member

danielroe commented Feb 13, 2026

I think we should honour the developer's decision to tag something as latest (but personally I would not tag an alpha or beta reease as latest)

@idleberg
Copy link
Contributor Author

idleberg commented Feb 13, 2026

personally I would not tag an alpha or beta release as latest

Agreed, but I've seen experienced developers struggling (or being aware of) distTags. One final thought: as a middleground, packages with such discrepancies could be highlighted in yellow rather than red, to raise awareness.

Otherwise feel free to close this!

@danielroe
Copy link
Member

danielroe commented Feb 13, 2026
edited
Loading

I understand developers might not understand, but I think that could be raised with them directly. after all, tagging a beta release as latest will have other consequences than on npmx - people will install it accidentally as well.

@danielroe
Copy link
Member

danielroe commented Feb 13, 2026
edited
Loading

I think a good approach would be to change the messaging on the bit of the UI that displayed the updated dependency to make it clear that this isn't a bug, e.g. something like the new latest version is 1.0.0-beta.0

btw I checked with pooya (author of c12) and it's intentional - so don't bug him about it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ignore unstable version in outdated dependency logic

2 participants

@idleberg @danielroe