forked from styfle/packagephobia
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pull] main from styfle:main #2
Open
pull
wants to merge
53
commits into
Blue-Bookl:main
Choose a base branch
from
styfle:main
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This should also reduce concurrency https://vercel.com/guides/what-should-i-do-if-i-receive-a-429-error-on-vercel
This reverts commit caeb33a.
This has fewer versions publish to the registry
### Description Improvement that allows to get a red badge with the message "package not found" instead of a 500 error Fix this: ![image](https://user-images.githubusercontent.com/8747883/228005181-4009b992-18de-4434-9dd2-7503ce2aa89b.png)
Adding this similar tool the readme. See tweet from @privatenumber with more details: https://twitter.com/privatenumbr/status/1681206731127554048
Issue - #1006 - [x] Added CSS Variables for managing the colors - [x] Changes mode based on the user's color preference I have changed the color scheme according to my taste. Feel free to change it or let me know if any more changes are required. --------- Co-authored-by: Steven <[email protected]>
This will avoid serverless function invocations for 404s. For example, the function logs show attackers looking for non-existing files such as: <img width="1125" alt="image" src="https://github.com/styfle/packagephobia/assets/229881/66a50a3d-b351-47ff-b169-b4ec87f72afa"> Instead of rewriting all paths, we can rewrite only paths we know are handled by the function.
Resolved Issue #1016 - [x] added some margin above each sponsor component to make them evenly spaced
- fix types by using explicit export and import (instead of implicit global declarations) - upgrade `[email protected]` - remove `test` in favor of native `node --test`
The npm registry can take 2 or more seconds to fetch a package manifest, such as https://registry.npmjs.org/next So this PR adds `lru-cache` to avoid fetching packages that we already fetched in the past 5 min. This is particularly useful, when clicking versions in the bar chart since the manifest should be in the lru cache already.
This old action has the following error in the logs: > Error: This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/ I'm going to remove and see if there is an easier way to add v2. Or maybe its no longer necessary since socket.dev is basically the same thing.
Back when Package Phobia first came out in 2018, it used `npm@5` to install dependencies and measure the size. That was later upgrade to [npm@6](#164) with little behavior changed. Then upgrading node caused problems with the old version of npm so Package Phobia switched to [yarn@2](#959) and later [yarn@3](#976) which both omit peer dependencies by default. Recently, Package Phobia switched to [npm@10](#1021) which will automatically install peer dependencies. This PR will change the behavior back to omit peer dependencies. - Fixes #1025
This PR refactors the primary database from redis to postgres when using the `TRY_POSTGRES=1` flag. It also ensures that inserts happen in both databases concurrently so we can keep data in both until cutting over. https://vercel.com/changelog/vercel-postgres-is-now-available-for-pro-users
Bumps to [`[email protected]`](https://github.com/npm/cli/releases/tag/v10.4.0) which adds a fix for [arborist](npm/cli#7126) which will avoid installing multiple libc binaries and [correctly select glibc vs musl](npm/rfcs#438) from the optionalDependencies.
This project is actively maintained so more likely to get a size feature to land. ### Related - anvaka/npmgraph.an#27 - npmgraph/npmgraph#132
The order of attributes is what svgo is producing.
Hi 👋 This PR adds https://socket.dev to the list
Before: 34,6 KB (35.493 bytes) After: 19,8 KB (20.351 bytes) Used oxipng along with squoosh.app. BTW I'd also move `https://styfle.dev/_next/image?url=%2Fimages%2Fblog%2Fstyfle-ceriously.png&w=128&q=75` to the repo but it's a small difference anyway, just less DNS lookup time and all :) Co-authored-by: Steven <[email protected]>
It seems that right now without `start_url` the PWA is not installable. This should hopefully fix the issue.
I kept npm to v10.4.0 because newer versions have some bugs like a memory leak when there's no lock file present. Need to check if preview is fine, though. --------- Co-authored-by: Steven <[email protected]>
Lets see if this works
This should be configured in the dashboard instead https://vercel.com/changelog/faster-defaults-for-vercel-function-cpu-and-memory
block bad bots using up bandwidth for no reason
There are a lot of API requests now that Package Phobia is so popular. We need to ensure that clients are setting a proper `user-agent` so we know where these requests are coming from and can block bad traffic. Users who wish to call the API should add the expected user agent to [API.md](https://github.com/styfle/packagephobia/blob/main/API.md) document.
Way too many requests coming from unknown clients. This will make sure clients identify themselves with a user-agent.
blocking bots
Hi 👋 This PR adds [picocolors](https://github.com/alexeyraspopov/picocolors) to the list As you can see, picocolors using API from packagephobia but get `Forbidden` error because of API block policy. And don't worry. I set appropriate user-agent header too [here](alexeyraspopov/picocolors#76). <img width="755" alt="image" src="https://github.com/user-attachments/assets/4043866a-9d9f-47bb-8b85-0194e139ded8">
as-is : picocolors to-be : picocolors-size-benchmark Changed name since picocolors use API call only when size benchmark. Thanks! related : alexeyraspopov/picocolors#76 --------- Co-authored-by: Steven <[email protected]>
- Will close #1055 It uses [ghub.io](https://ghub.io) to link directly to the repo. To do: - [x] Add GitHub logo to https://github.com/styfle/packagephobia/blob/8c83787454b4073178897e751af81a272ad36ae5/src/components/LinkedLogo.tsx#L30-L35 --------- Co-authored-by: Steven <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )