fix: hotfix for complex versions urls

[alex-key]

🔗 Linked issue

Partially resolves #1120

🧭 Context

Complex versions expcted to be properly handled and resolved in normal package version by the current router implementation.

📚 Description

The quickfix to prevent some issues is - remove spaces from url: 1 || 2 -> 1||2. But there are still cases when valid semver versions linked to Error 404

The app is relying on a third-party service (by @antfu) which is resolving complex semver expressions into a single max version.
https://github.com/npmx-dev/npmx.dev/blob/main/app/composables/npm/useResolvedVersion.ts#L13-L14

But it is not handling many valid cases, which results in 404 on npmx. See examples in comments in #1120

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Mar 3, 2026 10:55am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Mar 3, 2026 10:55am
npmx-lunaria	Ignored		Mar 3, 2026 10:55am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[coderabbitai]

📝 Walkthrough

Walkthrough

The packageRoute function in app/utils/router.ts has been updated to normalise version parameters by removing all whitespace characters. When a version is provided, the string is processed using version.replace(/\s+/g, '') to eliminate spaces before the router processes it. The function structure and control flow remain unchanged, with only this normalisation behaviour added to handle version strings containing spaces.

Suggested reviewers

• danielroe

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description clearly describes the changeset, explaining the space-removal quickfix for complex version URLs and referencing the linked issue.
Linked Issues check	✅ Passed	The PR partially addresses issue #1120 by implementing the space-removal fix for version strings as described in the issue.
Out of Scope Changes check	✅ Passed	The change is focused solely on normalising version strings by removing whitespace in the packageRoute function, which directly addresses the linked issue's requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b6c7c1f and 11b0654.

📒 Files selected for processing (1)

• app/utils/router.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

node-semver whitespace handling hyphen ranges OR unions npm semver

💡 Result:

node-semver (npm’s semver) whitespace rules: hyphen ranges + OR unions

1) Whitespace is AND (intersection), not OR

• Comparators separated by spaces form a single comparator set that must all be true (AND). Example: >=1.2.7 <1.3.0. [1]

2) || is OR (union), and spaces around it don’t matter

• A range is one or more comparator sets joined by || (OR). Example: 1.2.7 || >=1.2.9 <2.0.0. [1]
• The grammar explicitly allows optional spaces around ||: ( ' ' ) * '||' ( ' ' ) *. [2]

3) Hyphen ranges require spaces around the hyphen

• A hyphen range is defined as partial ' - ' partial (note the spaces). [2]
• Example: 1.2.3 - 2.3.4 expands to >=1.2.3 <=2.3.4. [3]
• If you remove the spaces (e.g. 1.2-1.4.5), many semver parsers interpret it as a prerelease (a single version) rather than a hyphen range. [4]

Practical takeaway

• Use spaces for hyphen ranges: a.b.c - x.y.z
• Use || (not spaces) for unions: range1 || range2
• Use spaces between comparators for intersection: >=a <b

Sources: npm/node-semver README (ranges + grammar) [1][2][3], Masterminds semver whitespace note (illustrates the hyphen-spacing pitfall) [4].

---

🏁 Script executed:

# Find and examine the full context of the changes in app/utils/router.ts
fd -e ts -e tsx "router" | head -20

Repository: npmx-dev/npmx.dev

Length of output: 102

---

🏁 Script executed:

# Look for the specific file mentioned in the review
find . -name "router.ts" -o -name "router.tsx" 2>/dev/null | head -10

Repository: npmx-dev/npmx.dev

Length of output: 82

---

🏁 Script executed:

cat -n app/utils/router.ts

Repository: npmx-dev/npmx.dev

Length of output: 1295

---

Avoid stripping all whitespace from semver ranges.

At line 13, removing every whitespace character breaks valid semver semantics. Hyphen ranges like 1.2.3 - 2.3.4 require spaces around the hyphen; without them, parsers interpret the range as a prerelease version instead. Similarly, comparator sets like >=1.0.0 <2.0.0 depend on whitespace for correct intersection semantics.

🔧 Proposed fix

   if (version) {
+    const normalisedVersion = version
+      .trim()
+      // normalise OR unions without mutating other valid range syntaxes
+      .replace(/\s*\|\|\s*/g, '||')
+
     return {
       name: 'package-version',
       params: {
         org,
         name,
-        // remove spaces to be correctly resolved by router
-        version: version.replace(/\s+/g, ''),
+        version: normalisedVersion,
       },
     }
   }