Skip to content

feat(frontend): Group affected packages by ecosystem in vertical view #3788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Sep 17, 2025
Merged

feat(frontend): Group affected packages by ecosystem in vertical view #3788

merged 14 commits into from
Sep 17, 2025

Conversation

ashmod
Copy link
Contributor

@ashmod ashmod commented Aug 12, 2025
edited
Loading

This PR refactors the "Affected packages" component on the vulnerability details page to improve the user experience for vulnerabilities with many affected packages.

The vertical layout has been redesigned as a two-level accordion, grouped by ecosystem:

  • Ecosystems are now the top-level collapsible headers.
  • Packages belonging to an ecosystem are nested inside as their own individual collapsible cards.
  • Ecosystems and packages are collapsed by default if their count is above a set threshold.

Fixes #3087

@ashmod
Copy link
Contributor Author

ashmod commented Aug 12, 2025
edited
Loading

osv_grouped-pkgs.mp4

The vid shows 2 examples;

  • A vulnerability affecting a large number of ecosystems.
  • An ecosystem containing a large number of packages.

It shows how large lists of ecosystems or packages are collapsed by default, each triggered by its own numerical threshold.

@another-rex another-rex requested a review from jess-lowe August 18, 2025 05:00
@jess-lowe
Copy link
Contributor

/gcbrun

@another-rex
Copy link
Contributor

/gcbrun

another-rex
another-rex reviewed Sep 16, 2025
View reviewed changes
Copy link
Contributor

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! Couple cosmetics comments though:

Image

The main thing is it feels like each package section does not quite look like it belongs to the ecosystem above it enough.

@ashmod
Copy link
Contributor Author

ashmod commented Sep 16, 2025

This is great! Couple cosmetics comments though:
Image

The main thing is it feels like each package section does not quite look like it belongs to the ecosystem above it enough.

Thanks, those changes should now be addressed. LMK if I missed anything!

To solve the main issue, I've added a tree-like nesting structure to better show that the packages belong to the ecosystem above them. I'm exploring other options, but the spicy-sections container is somewhat restrictive.

@another-rex
Copy link
Contributor

/gcbrun

another-rex
another-rex reviewed Sep 17, 2025
View reviewed changes
@jess-lowe
Copy link
Contributor

/gcbrun

jess-lowe
jess-lowe approved these changes Sep 17, 2025
View reviewed changes
Copy link
Contributor

@jess-lowe jess-lowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks :)

@jess-lowe jess-lowe merged commit a386f75 into google:master Sep 17, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@another-rex another-rex another-rex left review comments

@jess-lowe jess-lowe jess-lowe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVEs with many affected packages frontend is overwhelming
3 participants
@ashmod @jess-lowe @another-rex