fix: don't flag a license change when there is no previous version

[jp-knj]

Fixes #2720.

Summary

Fix false-positive license change warnings for packages that have no previous version.

Added unit tests for the new-package case and normal license-change comparisons.

Test plan

• New unit tests at test/unit/server/api/registry/license-change/pkg.get.spec.ts
• pnpm lint clean
• pnpm test:types passes
• Manual: /package/vsxtools/v/0.0.1 no longer shows a license-change warning; a multi-version package with an actual license change still does

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	May 29, 2026 3:08pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	May 29, 2026 3:08pm
npmx-lunaria	Ignored		May 29, 2026 3:08pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3702b430-b688-45bf-949d-0c4f47eb2f46

📥 Commits

Reviewing files that changed from the base of the PR and between ec57517 and 1fb5902.

📒 Files selected for processing (1)

• app/composables/npm/usePackage.ts

---

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes

  • Fixed inaccurate licence-change detection that could report spurious transitions when no real previous version existed.

• Refactor

  • Centralised licence normalisation into a shared helper to handle varied licence formats consistently across the app.

• Tests

  • Added unit tests covering licence-change scenarios, version selection and related edge cases.

Walkthrough

Adds a shared license normaliser, applies it in the license-change handler and usePackage composable, guards comparisons to only run when a real prior version exists, and adds Vitest coverage for the license-change endpoint across multiple scenarios.

Changes

License-change handler fix and validation

Layer / File(s)	Summary
Shared normalize helper shared/utils/npm.ts	Adds `normalizeLicense(license?: PackumentLicense): string
Handler guard for valid prior-version comparison server/api/registry/license-change/[...pkg].get.ts	Imports normalizeLicense; only computes/compares licences when currentVersionIndex > 0, uses normalizeLicense(...) ?? 'UNKNOWN', and sets change only if normalised values differ.
Composable uses shared normaliser app/composables/npm/usePackage.ts	Replaces the local normaliser with the shared normalizeLicense import; existing normalisation call sites remain.
Test suite for license-change endpoint test/unit/server/api/registry/license-change/pkg.get.spec.ts	Adds Vitest tests that stub H3/router helpers, mock fetchNpmPackage, and cover missing package param, single-version (null change), license transitions, unchanged license, object-license extraction, default latest-version comparison, explicit version predecessor comparison, oldest-version handling, and missing-version handling.

Possibly related PRs

• npmx-dev/npmx.dev#2662: Overlapping changes that introduced normalizeLicense in shared/utils/npm.ts and updated consumers.

Suggested reviewers

• ghostdevv
• 43081j

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarises the main fix: preventing false-positive license-change warnings when no previous version exists, which is the core objective of the PR.
Description check	✅ Passed	The description clearly relates to the changeset, explaining the bug fix, summarising changes, and detailing the test plan for validating the fix.
Linked Issues check	✅ Passed	The PR successfully addresses issue #2720 by guarding licence comparisons with currentVersionIndex > 0 to prevent false positives for single-version packages, matching the desired behaviour of not reporting changes without a previous version.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the licence-change comparison issue: the handler fix, unit tests, shared utility extraction, and composable refactoring are all aligned with the stated objective.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Hello! Thank you for opening your first PR to npmx, @jp-knj! 🚀

Here’s what will happen next:

1. Our GitHub bots will run to check your changes.
   If they spot any issues you will see some error messages on this PR.
   Don’t hesitate to ask any questions if you’re not sure what these mean!

2. In a few minutes, you’ll be able to see a preview of your changes on Vercel

3. One or more of our maintainers will take a look and may ask you to make changes.
   We try to be responsive, but don’t worry if this takes a few days.

[codecov]

Codecov Report

❌ Patch coverage is 55.55556% with 4 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
server/api/registry/license-change/[...pkg].get.ts	60.00%	0 Missing and 2 partials ⚠️
shared/utils/npm.ts	50.00%	1 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@server/api/registry/license-change/`[...pkg].get.ts:
- Around line 50-51: Normalize license values the same way as the timeline
handler: instead of using String(...) for currentLicense and previousLicense,
detect if versions[currentVersionIndex]?.license or
versions[previousVersionIndex]?.license is an object and, if so, use its .type
property (fallback to 'UNKNOWN' if missing); otherwise use the string value.
Update the assignments that set currentLicense and previousLicense (referencing
versions, currentVersionIndex, previousVersionIndex) to perform this object
check and extraction so change detection reports the actual license.type rather
than "[object Object]".

In `@test/unit/server/api/registry/license-change/pkg.get.spec.ts`:
- Around line 37-190: Add a new test in this spec to exercise object-shaped
licenses: create a case (similar to the suggested snippet) that sets routerParam
= 'my-pkg', mocks fetchNpmPackageMock via makePackument to return versions where
license values are objects (e.g. { type: 'MIT' } and { type: 'Apache-2.0', url:
'...' }), call handler(fakeEvent), and assert the returned change equals { from:
'MIT', to: 'Apache-2.0' }; this ensures the handler's license normalization
logic (used when reading packument versions) correctly extracts the type field
from object licenses.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c0f1dfca-89e7-461a-88fa-6539b5ef9d3d

📥 Commits

Reviewing files that changed from the base of the PR and between 113c2dd and ed87967.

📒 Files selected for processing (2)

• server/api/registry/license-change/[...pkg].get.ts
• test/unit/server/api/registry/license-change/pkg.get.spec.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/unit/server/api/registry/license-change/pkg.get.spec.ts`:
- Around line 109-110: The fixtures use `as never` to silence types for the
`license` objects; instead, change the test to use the proper `PackumentLicense`
type so the objects stay type-safe—import `PackumentLicense` and either pass it
as the generic/type parameter to `makePackument` (or annotate the
`versions`/`license` field in the `makePackument` call) so the entries like `{
license: { type: 'MIT' } }` and `{ license: { type: 'Apache-2.0', url:
'https://example.com' } }` are typed as `PackumentLicense` and remove the `as
never` casts. Ensure you update the `makePackument` invocation in this spec to
use that type.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 352fe720-f2be-4d5e-accc-af66a3c789b9

📥 Commits

Reviewing files that changed from the base of the PR and between ed87967 and 62bdd11.

📒 Files selected for processing (4)

• app/composables/npm/usePackage.ts
• server/api/registry/license-change/[...pkg].get.ts
• shared/utils/npm.ts
• test/unit/server/api/registry/license-change/pkg.get.spec.ts