feat: package quality score

[Flo0806]

🔗 Linked issue

Resolves: #48

🧭 Context

With this npmx has a quality and health check inside the detail sidebar.

📚 Description

This checks can looks like:

• Has a substantial README
• Has a description
• Recently updated
• TypeScript types
• Has a license
• Has a repository link
• Has publish provenance
• Supports ES modules
• No known vulnerabilities
• Not deprecated

Maximum possible points are 14.

Tests

Unit tests for point calculations

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Mar 21, 2026 8:16pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Mar 21, 2026 8:16pm
npmx-lunaria	Ignored		Mar 21, 2026 8:16pm

[github-actions]

Lunaria Status Overview

🌕 This pull request will trigger status changes.

Learn more

By default, every PR changing files present in the Lunaria configuration's files property will be considered and trigger status changes accordingly.

You can change this by adding one of the keywords present in the ignoreKeywords property in your Lunaria configuration file in the PR's title (ignoring all files) or by including a tracker directive in the merged commit's description.

Tracked Files

File	Note
i18n/locales/de-DE.json	Localization changed, will be marked as complete.
i18n/locales/en.json	Source changed, localizations will be marked as outdated.

Warnings reference

Icon	Description
🔄️	The source for this localization has been updated since the creation of this pull request, make sure all changes in the source have been applied.

[codecov]

Codecov Report

❌ Patch coverage is 90.90909% with 8 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
app/pages/package/[[org]]/[name].vue	0.00%	3 Missing and 3 partials ⚠️
app/components/Package/QualityScore.vue	93.75%	0 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1e78a0a4-7833-4daf-8188-a8624be7a13e

📥 Commits

Reviewing files that changed from the base of the PR and between 73d283a and 6fafab7.

📒 Files selected for processing (3)

• app/components/Package/QualityScore.vue
• i18n/schema.json
• test/nuxt/a11y.spec.ts

✅ Files skipped from review due to trivial changes (2)

• test/nuxt/a11y.spec.ts
• app/components/Package/QualityScore.vue

---

📝 Walkthrough

Walkthrough

A package quality scoring feature was added: a new Vue component renders a collapsible quality score section with a circular SVG progress ring and per-check listings. A composable computes scores across five categories (documentation, maintenance, types, bestPractices, security) from package metadata, README, analysis, vulnerability counts/status and provenance. The component is integrated into the package page (main content and sidebar). English and German translations and JSON schema entries were added, and unit and a11y tests were included.

Suggested labels

front, a11y

Suggested reviewers

• danielroe
• graphieros
• alexdln

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description clearly relates to the changeset, detailing the quality score feature with specific check types and maximum points.
Linked Issues check	✅ Passed	The PR successfully implements all objectives from issue #48: surface a package quality/health score, evaluate maintenance activity, type coverage, documentation quality, and provide JSR-style scoring.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing the quality score feature. The addition of the composable, component, page integration, translations, schema validation, and tests are all within scope.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[43081j]

thanks for taking a look at this, but i think we really need to spend some time discussing what the right metrics are, how we want to score things (if we want to "score" them at all).

i see there's an open issue but we still haven't decided any of this. e.g. do we want a score? do we want just a list of health checks? what should be weighted in what way? etc etc.

i think we need to move back to the issue and have what'll probably be a lengthy discussion before we can change any code.