fix: filter out security holding packages from algoria result

[shuuji3]

🔗 Linked issue

resolves #2002

🧭 Context

Algoria search returns packages already takendown by npm registory and marked as "Security holding package".

📚 Description

• Filter out packages where the package's version is 0.0.1-security AND its description is security holding package.

  • It seems that this is npm's hardcoded values though I couldn't find official docs that describe this.
  • It could be false positive but it's unlike someone uses these value combination.

• You can compare:

  • https://npmx.dev/search?q=download_ebook
  • https://npmxdev-git-shuuji3-fixfilter-out-security-holding-51982d-npmx.vercel.app/search?q=download_ebook

• Example returned value from algoria search API (from network tab):

{
	"results": [
		{
			"hits": [
				{
					"name": "dowload_ebok_grundkurs_kunstliche_intelligenz_by_wolfgang_ertel_r9sfy",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1758520468387,
					"owners": [],
					"objectID": "dowload_ebok_grundkurs_kunstliche_intelligenz_by_wolfgang_ertel_r9sfy"
				},
				{
					"name": "dowload_ebok_farouche_atalante_by_emilie_druilhe_nx2bj",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1725351874194,
					"owners": [],
					"objectID": "dowload_ebok_farouche_atalante_by_emilie_druilhe_nx2bj"
				},
				{
					"name": "dowload_ebok_everything_in_between_a_rocker_romance_by_melissa_toppen_fp7ge",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1725351869604,
					"owners": [],
					"objectID": "dowload_ebok_everything_in_between_a_rocker_romance_by_melissa_toppen_fp7ge"
				},
				{
					"name": "dowload_ebok_englens_spil_by_carlos_ruiz_zafon_iben_hasselbalch_lqvq8",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1745588033919,
					"owners": [],
					"objectID": "dowload_ebok_englens_spil_by_carlos_ruiz_zafon_iben_hasselbalch_lqvq8"
				},
				{
					"name": "dowload_ebok_before_dawn_vampire_fallen_book_1_by_morgan_rice_fjwc4",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1762128250838,
					"owners": [],
					"objectID": "dowload_ebok_before_dawn_vampire_fallen_book_1_by_morgan_rice_fjwc4"
				},
				{
					"name": "dowload_ebok_a_guerra_de_hitler_e_o_horror_do_holocausto_by_scott_s_f_meaker_k644u",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1762128244458,
					"owners": [],
					"objectID": "dowload_ebok_a_guerra_de_hitler_e_o_horror_do_holocausto_by_scott_s_f_meaker_k644u"
				},
				{
					"name": "dowload_ebok_a_bela_e_a_fera_by_elizabeth_rudnick_evan_spiliotopoulos_stephen_ch_9ooey",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1745588028183,
					"owners": [],
					"objectID": "dowload_ebok_a_bela_e_a_fera_by_elizabeth_rudnick_evan_spiliotopoulos_stephen_ch_9ooey"
				},
				{
					"name": "dowload_ebok_1917_une_passion_russe_by_max_gallo_d2xeh",
					"downloadsLast30Days": 0,
					"downloadsRatio": 0,
					"popular": false,
					"version": "0.0.1-security",
					"description": "security holding package",
					"repository": {
						"type": "git",
						"url": "npm/security-holder",
						"project": "security-holder",
						"user": "npm",
						"host": "github.com",
						"path": "",
						"branch": "master"
					},
					"deprecated": false,
					"isDeprecated": false,
					"homepage": null,
					"license": null,
					"keywords": [],
					"modified": 1758520462981,
					"owners": [],
					"objectID": "dowload_ebok_1917_une_passion_russe_by_max_gallo_d2xeh"
				}
			],
			"nbHits": 28,
			"offset": 20,
			"length": 8,
			"exhaustiveNbHits": false,
			"exhaustiveTypo": false,
			"exhaustive": {
				"nbHits": false,
				"typo": false
			},
			"query": "download_ebook",
			"params": "query=download_ebook&offset=20&length=8&analyticsTags=%5B%22npmx.dev%22%5D&attributesToRetrieve=%5B%22name%22%2C%22version%22%2C%22description%22%2C%22modified%22%2C%22homepage%22%2C%22repository%22%2C%22owners%22%2C%22downloadsLast30Days%22%2C%22downloadsRatio%22%2C%22popular%22%2C%22keywords%22%2C%22deprecated%22%2C%22isDeprecated%22%2C%22license%22%5D&attributesToHighlight=%5B%5D",
			"index": "npm-search",
			"processingTimeMS": 27,
			"processingTimingsMS": {
				"_request": {
					"roundTrip": 5
				},
				"fetch": {
					"query": 17,
					"scanning": 6,
					"total": 24
				},
				"getIdx": {
					"load": {
						"total": 1
					},
					"total": 1
				},
				"total": 27
			},
			"serverTimeMS": 28
		}
	]
}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Mar 11, 2026 1:24am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Mar 11, 2026 1:24am
npmx-lunaria	Ignored		Mar 11, 2026 1:24am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dbef8e97-4e44-41c4-996f-28213b57a460

📥 Commits

Reviewing files that changed from the base of the PR and between e0d8779 and 78c7afb.

📒 Files selected for processing (1)

• app/pages/search.vue

🚧 Files skipped from review as they are similar to previous changes (1)

• app/pages/search.vue

---

📝 Walkthrough

Walkthrough

A filter was added to the search page's visible results computation to exclude the exact package entry matching version "0.0.1-security" and description "security holding package". This exclusion is applied before platform-specific result filtering. The change consists of seven lines added (one removed) and does not alter other logic or control flow.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description clearly relates to the changeset, explaining the filter implementation for security holding packages identified by Algolia search results.
Linked Issues check	✅ Passed	The PR implements the primary objective from issue #2002 by filtering Algolia results to exclude packages marked as security holding (version '0.0.1-security' AND description 'security holding package').
Out of Scope Changes check	✅ Passed	All changes in the PR are scoped to the security holding package filtering objective. No unrelated modifications are present outside the intended scope.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch shuuji3/fix/filter-out-security-holding-packages

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 65f69d54-52bc-488d-b015-3fdff1716d6b

📥 Commits

Reviewing files that changed from the base of the PR and between 3712560 and e0d8779.

📒 Files selected for processing (1)

• app/pages/search.vue

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Keep the result metadata in sync with this filter.

This only removes entries from objects; raw.total and the pagination state still describe the unfiltered provider response. That leaves the search count/live-region text overstated and can surface empty pages or redundant “load more” behaviour once these rows are stripped. This filter needs to happen where the search response metadata is produced, or the returned total/pagination metadata needs adjusting alongside objects.