Extend package.json links to work with GitLab package registry
Problem to solve
Currently, when viewing the package.json
file inside GitLab, links for dependencies are hardcoded to npmjs.org
. We could improve this by detecting when a dependency is hosted within the GitLab package registry and change the links accordingly.
See:
Current package.json
|
---|
Intended users
Proposal
A basic MVP of this could be just to change the link from npmjs.org
to the package details page inside GitLab. The project where the package.json
file exists might not be where the package is hosted, so there would have to be some kind of look up to build the correct link.
If we can solve this problem, then this opens up further opportunities here. For example, instead of presenting only a link to the package details, what if we could display some kind of popover with more information. Something like:
Popover concept | Annotated |
---|---|
The user could then see some details on the package at a glance. This could be further extended to cover things like:
- Displaying that there are new versions of this package available
- Displaying a note to say this either is or is not the verified version of the package
- Showing that there are alternative tagged versions
- Possibly showing any security warnings with the associated package version
- Confirming this version is cached inside the dependency proxy for the CI/CD for this project
Some of these are fairly far away from us right now, but this could all be potentially useful information to display here.
Permissions and Security
- The user viewing the
package.json
file might need access to the registry hosting the package to see this information.