From e0d8779803e54390368cb3ed4810a8cebda5c7c9 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Wed, 11 Mar 2026 01:49:13 +0900 Subject: [PATCH 1/4] fix: filter out security holding packages from algoria result --- app/pages/search.vue | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/pages/search.vue b/app/pages/search.vue index ce503b995b..47042bebf2 100644 --- a/app/pages/search.vue +++ b/app/pages/search.vue @@ -81,6 +81,13 @@ const visibleResults = computed(() => { let objects = raw.objects + // Filter out "Security holding package" package takendown by npm registory + objects = objects.filter( + r => + r.package.version !== '0.0.1-security' || + r.package.description !== 'security holding package', + ) + // Filter out platform-specific packages if setting is enabled if (settings.value.hidePlatformPackages) { objects = objects.filter(r => !isPlatformSpecificPackage(r.package.name)) From 78c7afbbabfbfe5dec8ef0a2389f8752596a78e7 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Wed, 11 Mar 2026 10:22:22 +0900 Subject: [PATCH 2/4] chore: update code comment --- app/pages/search.vue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/pages/search.vue b/app/pages/search.vue index 47042bebf2..1add1d83af 100644 --- a/app/pages/search.vue +++ b/app/pages/search.vue @@ -73,7 +73,7 @@ const { settings } = useSettings() /** * Reorder results to put exact package name match at the top, - * and optionally filter out platform-specific packages. + * and optionally filter out platform-specific packages or security holding packages. */ const visibleResults = computed(() => { const raw = rawVisibleResults.value From 1d87786436c539c185ad639926e511d7e4872317 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Sat, 14 Mar 2026 03:17:02 +0900 Subject: [PATCH 3/4] chore: add `NpmSearchRepository` type --- shared/types/npm-registry.ts | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/shared/types/npm-registry.ts b/shared/types/npm-registry.ts index 250a9218e6..e44b4ac762 100644 --- a/shared/types/npm-registry.ts +++ b/shared/types/npm-registry.ts @@ -187,6 +187,7 @@ export interface NpmSearchPackage { publisher?: NpmSearchPublisher maintainers?: NpmPerson[] license?: string + repository?: NpmSearchRepository } export interface NpmSearchScore { @@ -312,6 +313,20 @@ export interface NpmTrustedPublisher { ciConfigPath?: string } +/** + * Repository types + * Note: Not covered by @npm/types + */ +export interface NpmSearchRepository { + type: 'git' + url: string + project: string + user: string + host: string + path: string + branch: string +} + /** * jsDelivr API Types * Used for package file browsing From 42555f9c49508f0f275d8c34a5fa0890160eff0e Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Sat, 14 Mar 2026 03:19:12 +0900 Subject: [PATCH 4/4] fix: compare repository to `npm/security-holder` instead --- app/pages/search.vue | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/app/pages/search.vue b/app/pages/search.vue index 1add1d83af..0928f8d34a 100644 --- a/app/pages/search.vue +++ b/app/pages/search.vue @@ -82,11 +82,7 @@ const visibleResults = computed(() => { let objects = raw.objects // Filter out "Security holding package" package takendown by npm registory - objects = objects.filter( - r => - r.package.version !== '0.0.1-security' || - r.package.description !== 'security holding package', - ) + objects = objects.filter(r => r.package.repository?.url !== 'npm/security-holder') // Filter out platform-specific packages if setting is enabled if (settings.value.hidePlatformPackages) {