refactor: use manifest data for deps page

[fengmk2]

closes #116

• Remove useFileContent hook, use manifest.versions directly
• Add version query parameter to dependency links
• Remove unnecessary loading state

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Package dependency links now include version specifications, enabling direct access to specific package versions.

• Improvements

  • Streamlined dependency display by removing loading indicators and showing static dependency counts.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cnpmweb	Ready	Preview, Comment	Dec 16, 2025 0:25am

[coderabbitai]

Walkthrough

Refactors the Deps component to retrieve dependencies directly from the manifest prop instead of remote file content, simplifying loading state handling and enabling version-aware dependency links with a unified data transformation approach.

Changes

Cohort / File(s)	Summary
Deps component refactoring src/slugs/deps/index.tsx	Introduces DepRecord type; switches data source from useFileContent to direct manifest prop extraction; removes loading state handling; updates component signature to use manifest and version props; transforms dependencies/devDependencies via Object.entries mapping to { package, spec } objects; updates table column rendering to construct links with version query parameter

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Specific areas for review:
  • Verify DepRecord type definition and proper type safety
  • Confirm manifest.versions[version] access gracefully handles undefined/missing cases with fallback to empty arrays
  • Validate link construction logic correctly appends version query parameter to package URLs
  • Ensure dependencies and devDependencies extraction properly iterates over versioned dependency maps

Suggested reviewers

• elrrrrrrr

Poem

🐰 Dependencies hiding away? Not today!
Direct from manifest, we'll light the display,
No loading delays, just clean, simple flow,
Version-aware links in a beautiful row! 📦✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main refactoring change: switching the deps page to use manifest data instead of fetching content separately.
Linked Issues check	✅ Passed	The PR directly addresses issue #116 by fixing dependency information display on the deps page through manifest-based data retrieval instead of remote file fetching.
Out of Scope Changes check	✅ Passed	All changes are focused on fixing the deps page data source and rendering; no unrelated modifications detected outside the stated objectives.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @fengmk2, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refactors the dependency display page by changing how dependency data is sourced. Instead of making an additional call to fetch package.json content, the page now leverages existing manifest data, streamlining the process and removing redundant data fetching. This change also enhances user experience by adding version information to dependency links and eliminating unnecessary loading indicators, resulting in a more responsive and efficient interface.

Highlights

• Data Source Refactor: The dependency data fetching mechanism has been refactored to directly use the manifest.versions data, eliminating the need for the useFileContent hook and improving data retrieval efficiency.
• Dependency Link Enhancement: Dependency links now include a version query parameter, allowing for more precise navigation to specific package versions.
• Loading State Optimization: Unnecessary loading states and indicators have been removed from the dependency and devDependency cards, as the data is now available synchronously from the manifest.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a great refactoring. It simplifies the dependencies page by removing an unnecessary data fetch and loading state, instead using the manifest data that's already available. This improves performance and makes the code easier to understand. The addition of the version spec to the dependency links is also a nice enhancement. I have one suggestion to improve the robustness and reduce code duplication in the useMemo hook.

[gemini-code-assist]

This useMemo block can be made more robust and concise.

1. Avoid Non-Null Assertion: Using the non-null assertion operator (!) on version can be risky if the version prop is not guaranteed to be defined. It's safer to add a guard clause to handle cases where version might be null or undefined.
2. Reduce Duplication: The logic to transform the dependencies and devDependencies objects into arrays is identical. This can be extracted into a small helper function within the hook to adhere to the DRY (Don't Repeat Yourself) principle.

Here's a suggested refactoring that addresses both points.

Suggested change

	const depsInfo = React.useMemo(() => {
	if (isLoading) return undefined;
	const targetVersion = JSON.parse(versionManifest || '{}');
	const deps = ['dependencies', 'devDependencies'] as const;
	const res: Record<string, { package: string; spec: string }[]> = {
	dependencies: [],
	devDependencies: [],
	};
	deps.forEach((k) => {
	if (targetVersion?.[k]) {
	res[k] = Object.keys(targetVersion[k] || {}).map((pkg) => ({
	package: pkg,
	spec: targetVersion[k][pkg],
	}));
	}
	});
	return res;
	}, [versionManifest, isLoading]);
	const versionData = manifest.versions?.[version!];
	if (!versionData) return { dependencies: [], devDependencies: [] };
	const deps = versionData.dependencies || {};
	const devDeps = versionData.devDependencies || {};
	const loading = depsInfo === undefined;
	return {
	dependencies: Object.entries(deps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	})),
	devDependencies: Object.entries(devDeps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	})),
	};
	}, [manifest, version]);
	const depsInfo = React.useMemo(() => {
	if (!version) {
	return { dependencies: [], devDependencies: [] };
	}
	const versionData = manifest.versions?.[version];
	if (!versionData) {
	return { dependencies: [], devDependencies: [] };
	}
	const transformDeps = (deps: Record<string, string> = {}) =>
	Object.entries(deps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	}));
	return {
	dependencies: transformDeps(versionData.dependencies),
	devDependencies: transformDeps(versionData.devDependencies),
	};
	}, [manifest, version]);

[Copilot]

Pull request overview

This PR refactors the dependencies page to use manifest data directly instead of fetching package.json separately, improving performance by eliminating an unnecessary HTTP request.

• Removes the useFileContent hook and accesses dependency data directly from manifest.versions
• Adds TypeScript interface DepRecord for better type safety
• Adds version query parameters to dependency links for better navigation
• Removes loading state that is no longer needed

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b2b4da6 and 6ab93ce.

📒 Files selected for processing (1)

• src/slugs/deps/index.tsx (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/slugs/deps/index.tsx (2)

src/pages/package/[...slug]/index.tsx (1)

• PageProps (22-26)

src/components/SizeContainer.tsx (1)

• SizeContainer (11-32)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Node.js / Test (ubuntu-latest, 24)
• GitHub Check: Node.js / Test (ubuntu-latest, 22)
• GitHub Check: Agent

🔇 Additional comments (3)

src/slugs/deps/index.tsx (3)

9-12: LGTM! Clean type definition.

The DepRecord interface provides clear typing for the transformed dependency data structure.

---

58-58: LGTM! Clean static count display.

The static dependency counts improve UX by eliminating loading states, which aligns well with the refactor to use manifest data directly instead of remote fetching.

Also applies to: 68-68

---

18-24: Version ranges are intentionally supported as query parameters.

The code is designed to pass version ranges (like "^1.0.0") from package.json directly to the registry API, which resolves them to specific versions. The package page automatically redirects to the resolved specific version, normalizing the URL. This is a supported pattern used consistently throughout the codebase, not a bug.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Remove unsafe non-null assertion on optional parameter.

Line 34 uses a non-null assertion (version!) on an optional parameter. While the fallback on line 35 handles missing versionData, the non-null assertion is unsafe and could mask issues.

Apply this diff to handle the optional version safely:

   const depsInfo = React.useMemo(() => {
-    const versionData = manifest.versions?.[version!];
+    if (!version) return { dependencies: [], devDependencies: [] };
+    const versionData = manifest.versions?.[version];
     if (!versionData) return { dependencies: [], devDependencies: [] };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export default function Deps({ manifest, version }: PageProps) {
	const depsInfo = React.useMemo(() => {
	if (isLoading) return undefined;
	const targetVersion = JSON.parse(versionManifest || '{}');
	const deps = ['dependencies', 'devDependencies'] as const;
	const res: Record<string, { package: string; spec: string }[]> = {
	dependencies: [],
	devDependencies: [],
	};
	deps.forEach((k) => {
	if (targetVersion?.[k]) {
	res[k] = Object.keys(targetVersion[k] || {}).map((pkg) => ({
	package: pkg,
	spec: targetVersion[k][pkg],
	}));
	}
	});
	return res;
	}, [versionManifest, isLoading]);
	const versionData = manifest.versions?.[version!];
	if (!versionData) return { dependencies: [], devDependencies: [] };
	const deps = versionData.dependencies || {};
	const devDeps = versionData.devDependencies || {};
	const loading = depsInfo === undefined;
	return {
	dependencies: Object.entries(deps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	})),
	devDependencies: Object.entries(devDeps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	})),
	};
	}, [manifest, version]);
	export default function Deps({ manifest, version }: PageProps) {
	const depsInfo = React.useMemo(() => {
	if (!version) return { dependencies: [], devDependencies: [] };
	const versionData = manifest.versions?.[version];
	if (!versionData) return { dependencies: [], devDependencies: [] };
	const deps = versionData.dependencies || {};
	const devDeps = versionData.devDependencies || {};
	return {
	dependencies: Object.entries(deps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	})),
	devDependencies: Object.entries(devDeps).map(([pkg, spec]) => ({
	package: pkg,
	spec,
	})),
	};
	}, [manifest, version]);

🤖 Prompt for AI Agents

In src/slugs/deps/index.tsx around lines 32 to 50, remove the unsafe non-null
assertion on the optional parameter by replacing manifest.versions?.[version!]
with a safe access manifest.versions?.[version] (no '!') and handle the
undefined case already covered by the existing early return; ensure TypeScript
types permit indexing with string | undefined (or narrow version into a const
versionKey = version ?? undefined before indexing) so no non-null assertions are
used.