feat: show warning for dist tags

[nitodeco]

Closes #37

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new diagnostic rule that warns developers when dependencies use distribution tags (such as latest, next, and beta) instead of pinned versions. The changes include a new configuration option npmx.diagnostics.distTag, a new diagnostic rule implementation in src/providers/diagnostics/rules/dist-tag.ts, a constant set of common distribution tags, integration of the rule into the diagnostics pipeline, comprehensive test coverage, and updates to the Vitest configuration to use tsconfig-paths for path resolution.

Possibly related PRs

• refactor: migrate to fast-npm-meta #18: Introduces DiagnosticRule typing changes and PackageInfo shapes that the new dist-tag diagnostic depends upon
• feat(completion): support 'npm:'-prefixed versions #29: Modifies diagnostics behaviour around version parsing and handling, operating on the same code area as the new dist-tag diagnostic

Suggested reviewers

• 9romise

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	The vitest.config.ts changes introducing tsconfig-paths integration appear to be infrastructure support for path resolution rather than core feature implementation.	Clarify whether the vitest.config.ts and vite-tsconfig-paths dependency changes are necessary for the dist-tag feature or represent scope creep.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description references issue #37 and includes visual examples of the implemented feature showing dist-tag warnings and configuration UI.
Linked Issues check	✅ Passed	All code changes directly implement the requirement from issue #37 to show warnings for dist-tag usage in dependencies.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

tests/dist-tag.test.ts (2)

7-14: Consider stricter type safety for mock nodes.

The mock objects use empty objects {} for nameNode and versionNode. This works because the rule only passes these through without accessing properties, but using as unknown as ValidNode would make the type casting explicit and intentional.

♻️ Suggested improvement

 function createDependency(name: string, version: string): DistTagDependency {
   return {
     name,
     version,
-    nameNode: {},
-    versionNode: {},
+    nameNode: {} as DistTagDependency['nameNode'],
+    versionNode: {} as DistTagDependency['versionNode'],
   }
 }

---

39-49: Consider expanding test coverage for case-insensitive matching.

The checkDistTag rule uses tag.toLowerCase() when checking against COMMON_DIST_TAGS. Consider adding a test case to verify this case-insensitive behaviour works as expected (e.g., "LATEST", "Next", "BETA").

🧪 Suggested additional test case

it('should flag dist tags case-insensitively', async () => {
  const variations = ['LATEST', 'Next', 'BETA']

  for (const tag of variations) {
    const dependency = createDependency('lodash', tag)
    const packageInfo = createPackageInfo({})
    const result = await checkDistTag(dependency, packageInfo)

    expect(result).toBeDefined()
  }
})

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}