npmx Hardens Dependency Security and Refines UI Balance
Dependency Pinning and Security Hardening
Implemented a major security and stability update by pinning all core development and production dependencies to exact versions. This transition, managed via Renovate, ensures deterministic builds and mitigates risks associated with breaking upstream changes in packages like UnoCSS, TypeScript, and Vite-PWA. Furthermore, the project officially enabled security advisories with the addition of SECURITY.md.
UI Ergonomics and Row Balancing
Refined the package detail view to improve visual alignment between the license/stats row and the underlying action links. The update ensures the 'dependencies' column remains visible even when the count is zero to prevent layout shifts and improve user orientation. Logic was also added to right-align terminal columns for a more balanced grid structure.
Community and Documentation
Established formal community guidelines with the addition of CONTRIBUTING.md, using established frameworks like Nuxt and Vite as templates. The project description was also streamlined, removing the 'for power users' qualifier to signal a broader accessibility goal for the registry browser.
Infrastructure and Redirects
Configured a new dedicated redirect for the community chat at chat.npmx.dev and added npkg as a recognized alternative frontend in the project documentation. These changes continue to build out the npmx ecosystem and its integration with external developer tools.