From 577c10e6eb9e62543807230493d97b39b20aa0d2 Mon Sep 17 00:00:00 2001
From: James Garbutt <43081j@users.noreply.github.com>
Date: Tue, 3 Mar 2026 15:47:12 +0000
Subject: [PATCH 1/8] chore: add a little extra validation (#1894)

---
 .../api/registry/badge/[type]/[...pkg].get.ts | 28 +++++++++++++------
 shared/schemas/social.ts                      | 14 +++++++++-
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/server/api/registry/badge/[type]/[...pkg].get.ts b/server/api/registry/badge/[type]/[...pkg].get.ts
index fdc994233c..cbab8ac374 100644
--- a/server/api/registry/badge/[type]/[...pkg].get.ts
+++ b/server/api/registry/badge/[type]/[...pkg].get.ts
@@ -87,6 +87,14 @@ function measureDefaultTextWidth(text: string): number {
   return Math.max(MIN_BADGE_TEXT_WIDTH, Math.round(text.length * CHAR_WIDTH) + BADGE_PADDING_X * 2)
 }
 
+function escapeXML(str: string): string {
+  return str
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+}
+
 function measureShieldsTextLength(text: string): number {
   const measuredWidth = measureTextWidth(text, SHIELDS_FONT_SHORTHAND)
 
@@ -108,9 +116,11 @@ function renderDefaultBadgeSvg(params: {
   const rightWidth = measureDefaultTextWidth(finalValue)
   const totalWidth = leftWidth + rightWidth
   const height = 20
+  const escapedLabel = escapeXML(finalLabel)
+  const escapedValue = escapeXML(finalValue)
 
   return `
-    <svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="${height}" role="img" aria-label="${finalLabel}: ${finalValue}">
+    <svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="${height}" role="img" aria-label="${escapedLabel}: ${escapedValue}">
       <clipPath id="r">
         <rect width="${totalWidth}" height="${height}" rx="3" fill="#fff"/>
       </clipPath>
@@ -119,8 +129,8 @@ function renderDefaultBadgeSvg(params: {
         <rect x="${leftWidth}" width="${rightWidth}" height="${height}" fill="${finalColor}"/>
       </g>
       <g text-anchor="middle" font-family="Geist, system-ui, -apple-system, sans-serif" font-size="11">
-        <text x="${leftWidth / 2}" y="14" fill="#ffffff">${finalLabel}</text>
-        <text x="${leftWidth + rightWidth / 2}" y="14" fill="#ffffff">${finalValue}</text>
+        <text x="${leftWidth / 2}" y="14" fill="#ffffff">${escapedLabel}</text>
+        <text x="${leftWidth + rightWidth / 2}" y="14" fill="#ffffff">${escapedValue}</text>
       </g>
     </svg>
   `.trim()
@@ -141,7 +151,9 @@ function renderShieldsBadgeSvg(params: {
   const rightWidth = rightTextLength + SHIELDS_LABEL_PADDING_X * 2
   const totalWidth = leftWidth + rightWidth
   const height = 20
-  const title = `${finalLabel}: ${finalValue}`
+  const escapedLabel = escapeXML(finalLabel)
+  const escapedValue = escapeXML(finalValue)
+  const title = `${escapedLabel}: ${escapedValue}`
 
   const leftCenter = Math.round((leftWidth / 2) * 10)
   const rightCenter = Math.round((leftWidth + rightWidth / 2) * 10)
@@ -163,10 +175,10 @@ function renderShieldsBadgeSvg(params: {
         <rect width="${totalWidth}" height="${height}" fill="url(#s)"/>
       </g>
       <g fill="#fff" text-anchor="middle" font-family="Verdana, Geneva, DejaVu Sans, sans-serif" text-rendering="geometricPrecision" font-size="110">
-        <text aria-hidden="true" x="${leftCenter}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="${leftTextLengthAttr}">${finalLabel}</text>
-        <text x="${leftCenter}" y="140" transform="scale(.1)" fill="#fff" textLength="${leftTextLengthAttr}">${finalLabel}</text>
-        <text aria-hidden="true" x="${rightCenter}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="${rightTextLengthAttr}">${finalValue}</text>
-        <text x="${rightCenter}" y="140" transform="scale(.1)" fill="#fff" textLength="${rightTextLengthAttr}">${finalValue}</text>
+        <text aria-hidden="true" x="${leftCenter}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="${leftTextLengthAttr}">${escapedLabel}</text>
+        <text x="${leftCenter}" y="140" transform="scale(.1)" fill="#fff" textLength="${leftTextLengthAttr}">${escapedLabel}</text>
+        <text aria-hidden="true" x="${rightCenter}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="${rightTextLengthAttr}">${escapedValue}</text>
+        <text x="${rightCenter}" y="140" transform="scale(.1)" fill="#fff" textLength="${rightTextLengthAttr}">${escapedValue}</text>
       </g>
     </svg>
   `.trim()
diff --git a/shared/schemas/social.ts b/shared/schemas/social.ts
index f0c018e11d..1e3305941b 100644
--- a/shared/schemas/social.ts
+++ b/shared/schemas/social.ts
@@ -13,7 +13,19 @@ export type PackageLikeBody = v.InferOutput<typeof PackageLikeBodySchema>
 // TODO: add 'avatar'
 export const ProfileEditBodySchema = v.object({
   displayName: v.pipe(v.string(), v.maxLength(640)),
-  website: v.optional(v.union([v.literal(''), v.pipe(v.string(), v.url())])),
+  website: v.optional(
+    v.union([
+      v.literal(''),
+      v.pipe(
+        v.string(),
+        v.url(),
+        v.check(
+          url => url.startsWith('https://') || url.startsWith('http://'),
+          'Website must use http or https',
+        ),
+      ),
+    ]),
+  ),
   description: v.optional(v.pipe(v.string(), v.maxLength(2560))),
 })
 

From 1d5feeeb680d677c3049ac3148e4dd43e06e27a3 Mon Sep 17 00:00:00 2001
From: Daniel Roe <daniel@roe.dev>
Date: Tue, 3 Mar 2026 15:57:31 +0000
Subject: [PATCH 2/8] fix: handle custom canary environment

---
 config/env.ts                |  8 +++++---
 test/unit/config/env.spec.ts | 17 +++++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/config/env.ts b/config/env.ts
index cbd852d406..ec7cd7ed16 100644
--- a/config/env.ts
+++ b/config/env.ts
@@ -44,13 +44,15 @@ export const gitBranch = process.env.BRANCH || process.env.VERCEL_GIT_COMMIT_REF
  * Whether this is the canary environment (main.npmx.dev).
  *
  * Detected as any non-PR Vercel deploy from the `main` branch
- * (which may receive `VERCEL_ENV === 'production'` or `'preview'`
- * depending on the project's production branch configuration).
+ * (which may receive `VERCEL_ENV === 'production'`, `'preview'`, or a
+ * custom `'canary'` environment depending on the project configuration).
  *
  * @see {@link https://vercel.com/docs/environment-variables/system-environment-variables#VERCEL_ENV}
  */
 export const isCanary =
-  (process.env.VERCEL_ENV === 'production' || process.env.VERCEL_ENV === 'preview') &&
+  (process.env.VERCEL_ENV === 'production' ||
+    process.env.VERCEL_ENV === 'preview' ||
+    process.env.VERCEL_ENV === 'canary') &&
   gitBranch === 'main' &&
   !isPR
 
diff --git a/test/unit/config/env.spec.ts b/test/unit/config/env.spec.ts
index 48be8159b8..3d3fb0b4ec 100644
--- a/test/unit/config/env.spec.ts
+++ b/test/unit/config/env.spec.ts
@@ -43,6 +43,14 @@ describe('isCanary', () => {
     expect(isCanary).toBe(true)
   })
 
+  it('returns true when VERCEL_ENV is custom "canary" and branch is "main"', async () => {
+    vi.stubEnv('VERCEL_ENV', 'canary')
+    vi.stubEnv('VERCEL_GIT_COMMIT_REF', 'main')
+    const { isCanary } = await import('../../../config/env')
+
+    expect(isCanary).toBe(true)
+  })
+
   it('returns false when VERCEL_ENV is "preview", branch is "main", but is a PR', async () => {
     vi.stubEnv('VERCEL_ENV', 'preview')
     vi.stubEnv('VERCEL_GIT_COMMIT_REF', 'main')
@@ -97,6 +105,15 @@ describe('getEnv', () => {
     expect(result.env).toBe('canary')
   })
 
+  it('returns "canary" for custom Vercel "canary" environment on main branch', async () => {
+    vi.stubEnv('VERCEL_ENV', 'canary')
+    vi.stubEnv('VERCEL_GIT_COMMIT_REF', 'main')
+    const { getEnv } = await import('../../../config/env')
+    const result = await getEnv(false)
+
+    expect(result.env).toBe('canary')
+  })
+
   it('returns "preview" for Vercel preview PR deploys', async () => {
     vi.stubEnv('VERCEL_ENV', 'preview')
     vi.stubEnv('VERCEL_GIT_PULL_REQUEST_ID', '123')

From 002099971923e8ba88ecd402a06e3d681a530c9c Mon Sep 17 00:00:00 2001
From: Florian <45694132+flo-bit@users.noreply.github.com>
Date: Tue, 3 Mar 2026 17:08:20 +0100
Subject: [PATCH 3/8] chore: add blento to OSS Partners (#1897)

---
 app/assets/logos/oss-partners/blento.svg | 6 ++++++
 app/assets/logos/oss-partners/index.ts   | 6 ++++++
 2 files changed, 12 insertions(+)
 create mode 100644 app/assets/logos/oss-partners/blento.svg

diff --git a/app/assets/logos/oss-partners/blento.svg b/app/assets/logos/oss-partners/blento.svg
new file mode 100644
index 0000000000..38b4792e7f
--- /dev/null
+++ b/app/assets/logos/oss-partners/blento.svg
@@ -0,0 +1,6 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="2" y="2" width="7" height="17.5" rx="2" fill="#3B82F6"/>
+<rect x="12.5" y="2" width="17.5" height="17.5" rx="2" fill="#A855F7"/>
+<rect x="2" y="23" width="17.5" height="7" rx="2" fill="#EC4899"/>
+<rect x="23" y="23" width="7" height="7" rx="2" fill="#EF4444"/>
+</svg>
diff --git a/app/assets/logos/oss-partners/index.ts b/app/assets/logos/oss-partners/index.ts
index 4f14698d4d..e27f78f6b7 100644
--- a/app/assets/logos/oss-partners/index.ts
+++ b/app/assets/logos/oss-partners/index.ts
@@ -30,6 +30,7 @@ import LogoLunaria from './lunaria.svg'
 import LogoJsr from './jsr.svg'
 import LogoIconify from './iconify.svg'
 import LogoFloatingUi from './floating-ui-vue.svg'
+import LogoBlento from './blento.svg'
 
 // The list is used on the about page. To add, simply upload the logos nearby and add an entry here. Prefer SVGs.
 // For logo src, specify a string or object with the light and dark theme variants.
@@ -195,4 +196,9 @@ export const OSS_PARTNERS = [
     logo: LogoFloatingUi,
     url: 'https://floating-ui.com/',
   },
+  {
+    name: 'blento',
+    logo: LogoBlento,
+    url: 'https://blento.app/npmx.dev',
+  },
 ]

From 75255f17103e249654cfa718e5b502dd4be70001 Mon Sep 17 00:00:00 2001
From: Bailey Townsend <baileytownsend2323@gmail.com>
Date: Tue, 3 Mar 2026 11:20:14 -0600
Subject: [PATCH 4/8] fix: standard.site fixes (#1901)

---
 app/components/global/BlogPostWrapper.vue     | 10 ++++
 modules/standard-site-sync.ts                 | 46 ++++++-------------
 nuxt.config.ts                                |  1 +
 package.json                                  |  2 +-
 pnpm-lock.yaml                                | 35 ++++++++++++--
 .../site.standard.publication.get.ts          |  6 +++
 server/utils/atproto/utils/likes.ts           |  6 +--
 shared/utils/atproto.ts                       | 31 +++++++++++++
 shared/utils/constants.ts                     |  2 +
 .../unit/server/utils/likes-evolution.spec.ts |  4 +-
 10 files changed, 102 insertions(+), 41 deletions(-)
 create mode 100644 server/routes/.well-known/site.standard.publication.get.ts
 create mode 100644 shared/utils/atproto.ts

diff --git a/app/components/global/BlogPostWrapper.vue b/app/components/global/BlogPostWrapper.vue
index b2651f0845..d50ad9b8dc 100644
--- a/app/components/global/BlogPostWrapper.vue
+++ b/app/components/global/BlogPostWrapper.vue
@@ -1,5 +1,6 @@
 <script setup lang="ts">
 import type { BlogPostFrontmatter } from '#shared/schemas/blog'
+import { generateBlogTID } from '#shared/utils/atproto'
 
 const props = defineProps<{
   frontmatter: BlogPostFrontmatter
@@ -14,6 +15,15 @@ useSeoMeta({
   ...(props.frontmatter.draft ? { robots: 'noindex, nofollow' } : {}),
 })
 
+useHead({
+  link: [
+    {
+      rel: 'site.standard.document',
+      href: `at://${NPMX_DEV_DID}/site.standard.document/${generateBlogTID(props.frontmatter.date, props.frontmatter.slug)}`,
+    },
+  ],
+})
+
 defineOgImageComponent('BlogPost', {
   title: props.frontmatter.title,
   authors: props.frontmatter.authors,
diff --git a/modules/standard-site-sync.ts b/modules/standard-site-sync.ts
index c30f51c067..8536ce7f54 100644
--- a/modules/standard-site-sync.ts
+++ b/modules/standard-site-sync.ts
@@ -2,10 +2,9 @@ import process from 'node:process'
 import { createHash } from 'node:crypto'
 import { defineNuxtModule, useNuxt, createResolver } from 'nuxt/kit'
 import { safeParse } from 'valibot'
-import { BlogPostSchema, type BlogPostFrontmatter } from '../shared/schemas/blog'
-import { NPMX_SITE } from '../shared/utils/constants'
+import { BlogPostSchema, type BlogPostFrontmatter } from '#shared/schemas/blog'
+import { NPMX_DEV_DID, NPMX_SITE } from '#shared/utils/constants'
 import { read } from 'gray-matter'
-import { TID } from '@atproto/common'
 import { PasswordSession } from '@atproto/lex-password-session'
 import {
   Client,
@@ -15,11 +14,9 @@ import {
 } from '@atproto/lex'
 import * as com from '../shared/types/lexicons/com'
 import * as site from '../shared/types/lexicons/site'
+import { generateBlogTID, npmxPublicationRkey } from '#shared/utils/atproto'
 
 const syncedDocuments = new Map<string, string>()
-const CLOCK_ID_THREE = 3
-const MS_TO_MICROSECONDS = 1000
-const ONE_DAY_MILLISECONDS = 86400000
 
 type BlogPostDocument = Pick<
   BlogPostFrontmatter,
@@ -89,6 +86,8 @@ export default defineNuxtModule({
                 rkey: possiblePublication.tid,
               },
             )
+            // Wait for the firehose and indexers to catch up if we create a publication
+            await new Promise(sleepResolve => setTimeout(sleepResolve, 2_000))
           }
           if (documentsToSync.length > 0) {
             await syncsiteStandardDocuments(authenticatedClient, documentsToSync)
@@ -153,23 +152,6 @@ async function syncsiteStandardDocuments(client: Client, documentsToSync: Docume
   console.log('[standard-site-sync] synced all new publications')
 }
 
-// Parse date from frontmatter, add file-path entropy for same-date collision resolution
-function generateTID(dateString: string, filePath: string): string {
-  let timestamp = new Date(dateString).getTime()
-
-  // If date has no time component (exact midnight), add file-based entropy
-  // This ensures unique TIDs when multiple posts share the same date
-  if (timestamp % ONE_DAY_MILLISECONDS === 0) {
-    // Hash the file path to generate deterministic microseconds offset
-    const pathHash = createHash('md5').update(filePath).digest('hex')
-    const offset = parseInt(pathHash.slice(0, 8), 16) % 1000000 // 0-999999 microseconds
-    timestamp += offset
-  }
-
-  // Clock id(3) needs to be the same everytime to get the same TID from a timestamp
-  return TID.fromTime(timestamp * MS_TO_MICROSECONDS, CLOCK_ID_THREE).str
-}
-
 // Schema expects 'path' & frontmatter provides 'slug'
 function normalizeBlogFrontmatter(frontmatter: Record<string, unknown>): Record<string, unknown> {
   return {
@@ -187,12 +169,13 @@ function createContentHash(data: unknown): string {
 
 function buildATProtoDocument(siteUrl: string, data: BlogPostDocument) {
   return site.standard.document.$build({
-    site: siteUrl as `${string}:${string}`,
+    site: `at://${NPMX_DEV_DID}/site.standard.publication/${npmxPublicationRkey()}`,
     path: data.path,
     title: data.title,
     description: data.description ?? data.excerpt,
     tags: data.tags,
-    publishedAt: new Date(data.date).toISOString(),
+    // Publish on the record with the current date
+    publishedAt: new Date().toISOString(),
   })
 }
 
@@ -242,7 +225,7 @@ const syncFile = async (
     return
   }
 
-  const tid = generateTID(data.date, filePath)
+  const tid = generateBlogTID(data.date, data.slug)
 
   let checkForBlogResult = await pdsPublicClient.xrpcSafe(com.atproto.repo.getRecord, {
     params: {
@@ -275,11 +258,7 @@ const syncFile = async (
  * @returns
  */
 const checkPublication = async (identifier: AtIdentifierString, pdsPublicClient: Client) => {
-  // Using our release date as the tid for the publication
-  const publicationTid = TID.fromTime(
-    new Date('2026-03-03').getTime() * MS_TO_MICROSECONDS,
-    CLOCK_ID_THREE,
-  ).str
+  const publicationTid = npmxPublicationRkey()
 
   //Check to see if we have a publication yet
   const publicationCheck = await pdsPublicClient.xrpcSafe(com.atproto.repo.getRecord, {
@@ -302,8 +281,11 @@ const checkPublication = async (identifier: AtIdentifierString, pdsPublicClient:
         tid: publicationTid,
         record: site.standard.publication.$build({
           name: 'npmx.dev',
-          url: 'https://npmx.dev/blog',
+          url: 'https://npmx.dev',
           description: 'a fast, modern browser for the npm registry',
+          preferences: {
+            showInDiscover: true,
+          },
         }),
       }
     }
diff --git a/nuxt.config.ts b/nuxt.config.ts
index 2687d0ea45..7191bb477e 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -133,6 +133,7 @@ export default defineNuxtConfig({
     '/opensearch.xml': { isr: true },
     '/oauth-client-metadata.json': { prerender: true },
     '/.well-known/jwks.json': { prerender: true },
+    '/.well-known/site.standard.publication': { prerender: true },
     // never cache
     '/api/auth/**': { isr: false, cache: false },
     '/api/social/**': { isr: false, cache: false },
diff --git a/package.json b/package.json
index b67267954d..5624d4173e 100644
--- a/package.json
+++ b/package.json
@@ -54,8 +54,8 @@
   },
   "dependencies": {
     "@atcute/bluesky-richtext-segmenter": "3.0.0",
+    "@atcute/tid": "1.1.2",
     "@atproto/api": "^0.19.0",
-    "@atproto/common": "0.5.13",
     "@atproto/lex": "0.0.19",
     "@atproto/lex-password-session": "0.0.7",
     "@atproto/oauth-client-node": "^0.3.15",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index e26695d1a5..47ed71c8d5 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -40,12 +40,12 @@ importers:
       '@atcute/bluesky-richtext-segmenter':
         specifier: 3.0.0
         version: 3.0.0
+      '@atcute/tid':
+        specifier: 1.1.2
+        version: 1.1.2
       '@atproto/api':
         specifier: ^0.19.0
         version: 0.19.0
-      '@atproto/common':
-        specifier: 0.5.13
-        version: 0.5.13
       '@atproto/lex':
         specifier: 0.0.19
         version: 0.0.19
@@ -536,6 +536,12 @@ packages:
   '@atcute/bluesky-richtext-segmenter@3.0.0':
     resolution: {integrity: sha512-NhZTUKtFpeBBbILwAcxj5u4RobIoHOmGw3CAaaEFNebKYSvmTecrXJ7XufHw5DFOUdr8SiKXQVRQxGAxulMNWg==}
 
+  '@atcute/tid@1.1.2':
+    resolution: {integrity: sha512-bmPuOX/TOfcm/vsK9vM98spjkcx2wgd9S2PeK5oLgEr8IbNRPq7iMCAPzOL1nu5XAW3LlkOYQEbYRcw5vcQ37w==}
+
+  '@atcute/time-ms@1.2.3':
+    resolution: {integrity: sha512-pRrkYSVyPDCWHKp77Ygwg3lxgvfwnh52J3kOIWI1z93kM2jWQDSezbTNDLdJFAJT9xm4rnHsA+toN9Rdhrnidw==}
+
   '@atproto-labs/did-resolver@0.2.6':
     resolution: {integrity: sha512-2K1bC04nI2fmgNcvof+yA28IhGlpWn2JKYlPa7To9JTKI45FINCGkQSGiL2nyXlyzDJJ34fZ1aq6/IRFIOIiqg==}
 
@@ -4809,6 +4815,9 @@ packages:
   '@types/aria-query@5.0.4':
     resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==}
 
+  '@types/bun@1.3.10':
+    resolution: {integrity: sha512-0+rlrUrOrTSskibryHbvQkDOWRJwJZqZlxrUs1u4oOoTln8+WIXBPmAuCF35SWB2z4Zl3E84Nl/D0P7803nigQ==}
+
   '@types/chai@5.2.3':
     resolution: {integrity: sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==}
 
@@ -5863,6 +5872,9 @@ packages:
   buffer@6.0.3:
     resolution: {integrity: sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==}
 
+  bun-types@1.3.10:
+    resolution: {integrity: sha512-tcpfCCl6XWo6nCVnpcVrxQ+9AYN1iqMIzgrSKYMB/fjLtV2eyAVEg7AxQJuCq/26R6HpKWykQXuSOq/21RYcbg==}
+
   bundle-name@4.1.0:
     resolution: {integrity: sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==}
     engines: {node: '>=18'}
@@ -11178,6 +11190,15 @@ snapshots:
 
   '@atcute/bluesky-richtext-segmenter@3.0.0': {}
 
+  '@atcute/tid@1.1.2':
+    dependencies:
+      '@atcute/time-ms': 1.2.3
+
+  '@atcute/time-ms@1.2.3':
+    dependencies:
+      '@types/bun': 1.3.10
+      node-gyp-build: 4.8.4
+
   '@atproto-labs/did-resolver@0.2.6':
     dependencies:
       '@atproto-labs/fetch': 0.2.3
@@ -15759,6 +15780,10 @@ snapshots:
 
   '@types/aria-query@5.0.4': {}
 
+  '@types/bun@1.3.10':
+    dependencies:
+      bun-types: 1.3.10
+
   '@types/chai@5.2.3':
     dependencies:
       '@types/deep-eql': 4.0.2
@@ -17038,6 +17063,10 @@ snapshots:
       base64-js: 1.5.1
       ieee754: 1.2.1
 
+  bun-types@1.3.10:
+    dependencies:
+      '@types/node': 24.11.0
+
   bundle-name@4.1.0:
     dependencies:
       run-applescript: 7.1.0
diff --git a/server/routes/.well-known/site.standard.publication.get.ts b/server/routes/.well-known/site.standard.publication.get.ts
new file mode 100644
index 0000000000..5d58b0dad2
--- /dev/null
+++ b/server/routes/.well-known/site.standard.publication.get.ts
@@ -0,0 +1,6 @@
+import { npmxPublicationRkey } from '#shared/utils/atproto'
+
+export default defineEventHandler(async event => {
+  setResponseHeader(event, 'content-type', 'text/plain')
+  return `at://${NPMX_DEV_DID}/site.standard.publication/${npmxPublicationRkey()}`
+})
diff --git a/server/utils/atproto/utils/likes.ts b/server/utils/atproto/utils/likes.ts
index a95810caa8..5e80ee2d4f 100644
--- a/server/utils/atproto/utils/likes.ts
+++ b/server/utils/atproto/utils/likes.ts
@@ -3,7 +3,7 @@ import type { Backlink } from '#shared/utils/constellation'
 import type * as blue from '#shared/types/lexicons/blue'
 import * as dev from '#shared/types/lexicons/dev'
 import { Client } from '@atproto/lex'
-import { TID } from '@atproto/common'
+import * as TID from '@atcute/tid'
 
 //Cache keys and helpers
 const CACHE_PREFIX = 'atproto-likes:'
@@ -26,8 +26,8 @@ export function aggregateBacklinksByDay(
   const countsByDay = new Map<string, number>()
   for (const backlink of backlinks) {
     try {
-      const tid = TID.fromStr(backlink.rkey)
-      const timestampMs = tid.timestamp() / 1000
+      const { timestamp } = TID.parse(backlink.rkey)
+      const timestampMs = timestamp / 1000
       const date = new Date(timestampMs)
       const day = date.toISOString().slice(0, 10)
       countsByDay.set(day, (countsByDay.get(day) ?? 0) + 1)
diff --git a/shared/utils/atproto.ts b/shared/utils/atproto.ts
new file mode 100644
index 0000000000..84625b6555
--- /dev/null
+++ b/shared/utils/atproto.ts
@@ -0,0 +1,31 @@
+import { TID_CLOCK_ID } from './constants'
+import * as TID from '@atcute/tid'
+
+const ONE_DAY_MILLISECONDS = 86400000
+const MS_TO_MICROSECONDS = 1000
+
+// A very simple hasher to get an offset for blog posts on the same day
+const simpleHash = (str: string): number => {
+  let h = 0
+  for (let i = 0; i < str.length; i++) {
+    h = ((h << 5) - h + str.charCodeAt(i)) >>> 0
+  }
+  return h
+}
+
+// Parse date from frontmatter, add slug-path entropy for same-date collision resolution
+export const generateBlogTID = (dateString: string, slug: string): string => {
+  let timestamp = new Date(dateString).getTime()
+
+  if (timestamp % ONE_DAY_MILLISECONDS === 0) {
+    const offset = simpleHash(slug) % 1000000
+    timestamp += offset
+  }
+
+  // Clock id(3) needs to be the same everytime to get the same TID from a timestamp
+  return TID.create(timestamp * MS_TO_MICROSECONDS, TID_CLOCK_ID)
+}
+
+// Using our release date as the tid for the publication
+export const npmxPublicationRkey = () =>
+  TID.create(new Date('2026-03-03').getTime() * MS_TO_MICROSECONDS, TID_CLOCK_ID)
diff --git a/shared/utils/constants.ts b/shared/utils/constants.ts
index 6741e299c3..4f13227657 100644
--- a/shared/utils/constants.ts
+++ b/shared/utils/constants.ts
@@ -51,6 +51,8 @@ export const PACKAGE_SUBJECT_REF = (packageName: string) =>
 // OAuth scopes as we add new ones we need to check these on certain actions. If not redirect the user to login again to upgrade the scopes
 export const LIKES_SCOPE = `repo:${dev.npmx.feed.like.$nsid}`
 export const PROFILE_SCOPE = `repo:${dev.npmx.actor.profile.$nsid}`
+export const NPMX_DEV_DID = 'did:plc:u5zp7npt5kpueado77kuihyz'
+export const TID_CLOCK_ID = 3
 
 // Discord
 export const DISCORD_COMMUNITY_URL = 'https://chat.npmx.dev'
diff --git a/test/unit/server/utils/likes-evolution.spec.ts b/test/unit/server/utils/likes-evolution.spec.ts
index d57b58c055..548cf7333b 100644
--- a/test/unit/server/utils/likes-evolution.spec.ts
+++ b/test/unit/server/utils/likes-evolution.spec.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it, vi, beforeEach, type Mocked } from 'vitest'
-import { TID } from '@atproto/common'
+import * as TID from '@atcute/tid'
 import type { ConstellationLike } from '../../../../server/utils/atproto/utils/likes'
 import type { CacheAdapter } from '../../../../server/utils/cache/shared'
 
@@ -18,7 +18,7 @@ const { aggregateBacklinksByDay, PackageLikesUtils } =
 
 function tidFromDate(date: Date): string {
   const microseconds = date.getTime() * 1000
-  return TID.fromTime(microseconds, 0).toString()
+  return TID.create(microseconds, 0).toString()
 }
 
 function backlink(date: Date): { did: string; collection: string; rkey: string } {

From 0d6e916737c9587c101c2bd05e5f4891e9d8d521 Mon Sep 17 00:00:00 2001
From: Daniel Roe <daniel@roe.dev>
Date: Tue, 3 Mar 2026 17:27:24 +0000
Subject: [PATCH 5/8] fix: calculate next version tag for display on home page
 (#1898)

---
 .github/workflows/release-pr.yml       |  62 +++++++-------
 .github/workflows/release-tag.yml      |  47 +++--------
 config/env.ts                          |  13 +--
 scripts/next-version.ts                | 108 +++++++++++++++++++++++++
 test/unit/config/env.spec.ts           |  11 +--
 test/unit/scripts/next-version.spec.ts |  31 +++++++
 6 files changed, 187 insertions(+), 85 deletions(-)
 create mode 100644 scripts/next-version.ts
 create mode 100644 test/unit/scripts/next-version.spec.ts

diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
index 09b9ec45ed..dff5505ca7 100644
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -20,6 +20,10 @@ jobs:
         with:
           fetch-depth: 0
 
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        with:
+          node-version: lts/*
+
       - name: 🔍 Check for unreleased commits
         id: check
         run: |
@@ -34,21 +38,26 @@ jobs:
             echo "$COMMITS"
           fi
 
+      - name: 🔢 Determine next version
+        if: steps.check.outputs.skip == 'false'
+        id: version
+        run: |
+          VERSION_JSON=$(node scripts/next-version.ts)
+          CURRENT_VERSION=$(echo "$VERSION_JSON" | jq -r .current)
+          NEXT_VERSION=$(echo "$VERSION_JSON" | jq -r .next)
+          FROM_REF=$(echo "$VERSION_JSON" | jq -r .from)
+          echo "current=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"
+          echo "next=v${NEXT_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "from=$FROM_REF" >> "$GITHUB_OUTPUT"
+
       - name: 📝 Generate changelog body
         if: steps.check.outputs.skip == 'false'
         id: changelog
+        env:
+          CURRENT_VERSION: ${{ steps.version.outputs.current }}
+          NEXT_VERSION: ${{ steps.version.outputs.next }}
+          FROM_REF: ${{ steps.version.outputs.from }}
         run: |
-          # Get the latest tag, or use initial commit if no tags exist
-          LATEST_TAG=$(git describe --tags --abbrev=0 origin/release 2>/dev/null || echo "")
-
-          if [ -z "$LATEST_TAG" ]; then
-            FROM_REF=$(git rev-list --max-parents=0 HEAD)
-            CURRENT_VERSION="0.0.0"
-          else
-            FROM_REF="$LATEST_TAG"
-            CURRENT_VERSION="${LATEST_TAG#v}"
-          fi
-
           # Categorize commits
           FEATURES=""
           FIXES=""
@@ -72,25 +81,12 @@ jobs:
             fi
           done <<< "$(git log "$FROM_REF"..origin/main --oneline --no-merges)"
 
-          # Determine next version
-          HAS_BREAKING=$(git log "$FROM_REF"..origin/main --format='%B' | grep -c 'BREAKING CHANGE\|!:' || true)
-          HAS_FEAT=$(git log "$FROM_REF"..origin/main --oneline --no-merges | grep -cE '^[a-f0-9]+ feat(\(|:)' || true)
-
-          IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
-
-          if [ "$HAS_BREAKING" -gt 0 ] && [ "$MAJOR" -gt 0 ]; then
-            NEXT_VERSION="$((MAJOR + 1)).0.0"
-          elif [ "$HAS_FEAT" -gt 0 ]; then
-            NEXT_VERSION="${MAJOR}.$((MINOR + 1)).0"
-          else
-            NEXT_VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))"
-          fi
-
-          echo "next_version=v${NEXT_VERSION}" >> "$GITHUB_OUTPUT"
+          # Strip the leading 'v' for display
+          DISPLAY_NEXT="${NEXT_VERSION#v}"
 
           # Build the PR body
           BODY="This PR will deploy the following changes to production (\`npmx.dev\`).\n\n"
-          BODY="${BODY}**Next version: \`v${NEXT_VERSION}\`** (current: \`v${CURRENT_VERSION}\`)\n\n"
+          BODY="${BODY}**Next version: \`${NEXT_VERSION}\`** (current: \`v${CURRENT_VERSION}\`)\n\n"
 
           if [ -n "$FEATURES" ]; then
             BODY="${BODY}### Features\n\n${FEATURES}\n"
@@ -108,8 +104,8 @@ jobs:
           BODY="${BODY}---\n\n"
           BODY="${BODY}> Merging this PR will:\n"
           BODY="${BODY}> - Deploy to \`npmx.dev\` via Vercel\n"
-          BODY="${BODY}> - Create a \`v${NEXT_VERSION}\` tag and GitHub Release\n"
-          BODY="${BODY}> - Publish \`npmx-connector@${NEXT_VERSION}\` to npm"
+          BODY="${BODY}> - Create a \`${NEXT_VERSION}\` tag and GitHub Release\n"
+          BODY="${BODY}> - Publish \`npmx-connector@${DISPLAY_NEXT}\` to npm"
 
           # Write body to file, truncating if needed (GitHub limits PR body to 65536 chars)
           echo -e "$BODY" > /tmp/pr-body.md
@@ -117,14 +113,14 @@ jobs:
             COMMIT_COUNT=$(git log "$FROM_REF"..origin/main --oneline --no-merges | wc -l)
             COMPARE_URL="https://github.com/npmx-dev/npmx.dev/compare/${FROM_REF}...main"
             TRUNCATED="This PR will deploy the following changes to production (\`npmx.dev\`).\n\n"
-            TRUNCATED="${TRUNCATED}**Next version: \`v${NEXT_VERSION}\`** (current: \`v${CURRENT_VERSION}\`)\n\n"
+            TRUNCATED="${TRUNCATED}**Next version: \`${NEXT_VERSION}\`** (current: \`v${CURRENT_VERSION}\`)\n\n"
             TRUNCATED="${TRUNCATED}> **${COMMIT_COUNT} commits** are included in this release. The full changelog is too large to display here.\n>\n"
             TRUNCATED="${TRUNCATED}> [View full diff on GitHub](${COMPARE_URL})\n\n"
             TRUNCATED="${TRUNCATED}---\n\n"
             TRUNCATED="${TRUNCATED}> Merging this PR will:\n"
             TRUNCATED="${TRUNCATED}> - Deploy to \`npmx.dev\` via Vercel\n"
-            TRUNCATED="${TRUNCATED}> - Create a \`v${NEXT_VERSION}\` tag and GitHub Release\n"
-            TRUNCATED="${TRUNCATED}> - Publish \`npmx-connector@${NEXT_VERSION}\` to npm"
+            TRUNCATED="${TRUNCATED}> - Create a \`${NEXT_VERSION}\` tag and GitHub Release\n"
+            TRUNCATED="${TRUNCATED}> - Publish \`npmx-connector@${DISPLAY_NEXT}\` to npm"
             echo -e "$TRUNCATED" > /tmp/pr-body.md
           fi
 
@@ -132,7 +128,7 @@ jobs:
         if: steps.check.outputs.skip == 'false'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NEXT_VERSION: ${{ steps.changelog.outputs.next_version }}
+          NEXT_VERSION: ${{ steps.version.outputs.next }}
         run: |
           EXISTING_PR=$(gh pr list --base release --head main --state open --json number --jq '.[0].number')
 
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index 7666e24377..512a3bffbb 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -23,42 +23,18 @@ jobs:
         with:
           fetch-depth: 0
 
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        with:
+          node-version: lts/*
+
       - name: 🔢 Determine next version
         id: version
         run: |
-          # Get the latest tag on this branch
-          LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
-
-          if [ -z "$LATEST_TAG" ]; then
-            CURRENT_VERSION="0.0.0"
-            FROM_REF=$(git rev-list --max-parents=0 HEAD)
-          else
-            CURRENT_VERSION="${LATEST_TAG#v}"
-            FROM_REF="$LATEST_TAG"
-          fi
-
-          # Analyze conventional commits since last tag
-          HAS_BREAKING=$(git log "${FROM_REF}..HEAD" --format='%B' | grep -c 'BREAKING CHANGE\|!:' || true)
-          HAS_FEAT=$(git log "${FROM_REF}..HEAD" --oneline --no-merges | grep -cE '^[a-f0-9]+ feat(\(|:)' || true)
-          HAS_FIX=$(git log "${FROM_REF}..HEAD" --oneline --no-merges | grep -cE '^[a-f0-9]+ fix(\(|:)' || true)
-
-          IFS='.' read -r MAJOR MINOR PATCH <<< "$CURRENT_VERSION"
-
-          if [ "$HAS_BREAKING" -gt 0 ] && [ "$MAJOR" -gt 0 ]; then
-            NEXT_VERSION="$((MAJOR + 1)).0.0"
-          elif [ "$HAS_FEAT" -gt 0 ]; then
-            NEXT_VERSION="${MAJOR}.$((MINOR + 1)).0"
-          elif [ "$HAS_FIX" -gt 0 ]; then
-            NEXT_VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))"
-          else
-            # Only chore/docs/ci commits — still bump patch
-            NEXT_VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))"
-          fi
-
-          echo "current=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"
-          echo "next=v${NEXT_VERSION}" >> "$GITHUB_OUTPUT"
-          echo "from=$FROM_REF" >> "$GITHUB_OUTPUT"
-          echo "Bumping from v${CURRENT_VERSION} to v${NEXT_VERSION}"
+          VERSION_JSON=$(node scripts/next-version.ts)
+          echo "current=$(echo "$VERSION_JSON" | jq -r .current)" >> "$GITHUB_OUTPUT"
+          echo "next=v$(echo "$VERSION_JSON" | jq -r .next)" >> "$GITHUB_OUTPUT"
+          echo "from=$(echo "$VERSION_JSON" | jq -r .from)" >> "$GITHUB_OUTPUT"
+          echo "Bumping from v$(echo "$VERSION_JSON" | jq -r .current) to v$(echo "$VERSION_JSON" | jq -r .next)"
 
       - name: 🔍 Check if tag already exists
         id: check
@@ -82,11 +58,6 @@ jobs:
           git tag -a "$VERSION" -m "Release $VERSION"
           git push origin "$VERSION"
 
-      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
-        if: steps.check.outputs.skip == 'false'
-        with:
-          node-version: lts/*
-
       - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # 4e1c8eafbd745f64b1ef30a7d7ed7965034c486c
         if: steps.check.outputs.skip == 'false'
         name: 🟧 Install pnpm
diff --git a/config/env.ts b/config/env.ts
index ec7cd7ed16..49daac01ae 100644
--- a/config/env.ts
+++ b/config/env.ts
@@ -4,6 +4,7 @@ import Git from 'simple-git'
 import * as process from 'node:process'
 
 import { version as packageVersion } from '../package.json'
+import { getNextVersion } from '../scripts/next-version'
 
 export { packageVersion as version }
 
@@ -159,15 +160,17 @@ export async function getFileLastUpdated(path: string) {
 }
 
 /**
- * Resolves the current version from git tags, falling back to `package.json`.
+ * Resolves the **next** version by analysing conventional commits since the
+ * last reachable `v*` tag.  Delegates to {@link getNextVersion} which is also
+ * used by the `release-tag` and `release-pr` GitHub Actions workflows so the
+ * version shown in the UI matches the tag that will be created *after* deploy.
  *
- * Uses `git describe --tags --abbrev=0 --match 'v*'` to find the most recent
- * reachable release tag (e.g. `v0.1.0` -> `0.1.0`).
+ * Falls back to `package.json` when git is unavailable (e.g. shallow clone).
  */
 export async function getVersion() {
   try {
-    const tag = (await git.raw(['describe', '--tags', '--abbrev=0', '--match', 'v*'])).trim()
-    return tag.replace(/^v/, '')
+    const { next } = await getNextVersion()
+    return next
   } catch {
     return packageVersion
   }
diff --git a/scripts/next-version.ts b/scripts/next-version.ts
new file mode 100644
index 0000000000..0edd1a04fc
--- /dev/null
+++ b/scripts/next-version.ts
@@ -0,0 +1,108 @@
+/**
+ * Calculates the next semantic version based on conventional commits since the
+ * last reachable `v*` tag.
+ *
+ * Zero external dependencies — uses `child_process` to shell out to `git`.
+ *
+ * ### Imported as a module
+ *
+ * ```ts
+ * import { getNextVersion } from './scripts/next-version'
+ * const { current, next, from } = await getNextVersion()
+ * ```
+ *
+ * ### CLI usage  (outputs JSON to stdout)
+ *
+ * ```sh
+ * node scripts/next-version.ts                # { "current": "0.1.0", "next": "0.2.0", "from": "v0.1.0" }
+ * node scripts/next-version.ts --next         # 0.2.0
+ * node scripts/next-version.ts --current      # 0.1.0
+ * node scripts/next-version.ts --from         # v0.1.0
+ * ```
+ */
+
+import { execFileSync } from 'node:child_process'
+
+function git(...args: string[]): string {
+  return execFileSync('git', args, { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim()
+}
+
+export interface VersionInfo {
+  /** The current version (from the latest tag), e.g. `"0.1.0"` */
+  current: string
+  /** The computed next version, e.g. `"0.2.0"` */
+  next: string
+  /** The git ref used as the starting point, e.g. `"v0.1.0"` or an initial commit SHA */
+  from: string
+}
+
+export async function getNextVersion(): Promise<VersionInfo> {
+  let current: string
+  let from: string
+
+  try {
+    const tag = git('describe', '--tags', '--abbrev=0', '--match', 'v*')
+    current = tag.replace(/^v/, '')
+    from = tag
+  } catch {
+    // No reachable tags — start from the initial commit
+    current = '0.0.0'
+    from = git('rev-list', '--max-parents=0', 'HEAD')
+  }
+
+  // Collect commit subjects since last tag (exclude merges)
+  let commits: string[]
+  try {
+    const log = git('log', `${from}..HEAD`, '--format=%s%n%b', '--no-merges')
+    commits = log ? log.split('\n') : []
+  } catch {
+    commits = []
+  }
+
+  let hasBreaking = false
+  let hasFeat = false
+  let hasFix = false
+
+  for (const line of commits) {
+    if (/BREAKING CHANGE|!:/.test(line)) hasBreaking = true
+    if (/^feat(?:\([^)]*\))?!?:/.test(line)) hasFeat = true
+    if (/^fix(?:\([^)]*\))?!?:/.test(line)) hasFix = true
+  }
+
+  const [major = 0, minor = 0, patch = 0] = current.split('.').map(Number)
+
+  let next: string
+  if (hasBreaking) {
+    next = major > 0 ? `${major + 1}.0.0` : `${major}.${minor + 1}.0`
+  } else if (hasFeat) {
+    next = `${major}.${minor + 1}.0`
+  } else if (hasFix || commits.length > 0) {
+    // Any non-empty diff bumps at least a patch
+    next = `${major}.${minor}.${patch + 1}`
+  } else {
+    // HEAD is exactly on the latest tag
+    next = current
+  }
+
+  return { current, next, from }
+}
+
+// --- CLI entry point ---
+const isCLI =
+  process.argv[1] &&
+  (process.argv[1].endsWith('/next-version.ts') || process.argv[1].endsWith('/next-version'))
+
+if (isCLI) {
+  const flag = process.argv[2]
+  getNextVersion()
+    .then(info => {
+      if (flag === '--next') console.log(info.next)
+      else if (flag === '--current') console.log(info.current)
+      else if (flag === '--from') console.log(info.from)
+      else console.log(JSON.stringify(info))
+    })
+    .catch(err => {
+      console.error(err)
+      process.exit(1)
+    })
+}
diff --git a/test/unit/config/env.spec.ts b/test/unit/config/env.spec.ts
index 3d3fb0b4ec..4b0edb88b1 100644
--- a/test/unit/config/env.spec.ts
+++ b/test/unit/config/env.spec.ts
@@ -327,18 +327,11 @@ describe('getProductionUrl', () => {
 })
 
 describe('getVersion', () => {
-  it('returns package.json version when no git tags are reachable', async () => {
-    const { getVersion, version } = await import('../../../config/env')
-    const result = await getVersion()
-
-    // In test environments without reachable tags, falls back to package.json
-    expect(result).toBe(version)
-  })
-
-  it('strips the leading "v" prefix from the tag', async () => {
+  it('returns a valid semver string without a leading "v"', async () => {
     const { getVersion } = await import('../../../config/env')
     const result = await getVersion()
 
     expect(result).not.toMatch(/^v/)
+    expect(result).toMatch(/^\d+\.\d+\.\d+$/)
   })
 })
diff --git a/test/unit/scripts/next-version.spec.ts b/test/unit/scripts/next-version.spec.ts
new file mode 100644
index 0000000000..74c0c74adf
--- /dev/null
+++ b/test/unit/scripts/next-version.spec.ts
@@ -0,0 +1,31 @@
+import { describe, expect, it } from 'vitest'
+import { getNextVersion } from '../../../scripts/next-version'
+
+describe('getNextVersion', () => {
+  it('returns current, next, and from fields', async () => {
+    const result = await getNextVersion()
+
+    expect(result).toHaveProperty('current')
+    expect(result).toHaveProperty('next')
+    expect(result).toHaveProperty('from')
+  })
+
+  it('returns valid semver strings', async () => {
+    const result = await getNextVersion()
+
+    expect(result.current).toMatch(/^\d+\.\d+\.\d+$/)
+    expect(result.next).toMatch(/^\d+\.\d+\.\d+$/)
+  })
+
+  it('returns a next version >= current version', async () => {
+    const result = await getNextVersion()
+
+    const [curMajor, curMinor, curPatch] = result.current.split('.').map(Number)
+    const [nextMajor, nextMinor, nextPatch] = result.next.split('.').map(Number)
+
+    const curNum = curMajor! * 1_000_000 + curMinor! * 1_000 + curPatch!
+    const nextNum = nextMajor! * 1_000_000 + nextMinor! * 1_000 + nextPatch!
+
+    expect(nextNum).toBeGreaterThanOrEqual(curNum)
+  })
+})

From 48eca972d4229accbd05f0a2763d6622dfe360d3 Mon Sep 17 00:00:00 2001
From: Ameet Madan <ameetmadan@gmail.com>
Date: Tue, 3 Mar 2026 18:28:30 +0100
Subject: [PATCH 6/8] fix(i18n): add all missing translations for German
 (#1886)

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Daniel Roe <daniel@roe.dev>
---
 i18n/locales/de-DE.json | 112 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 107 insertions(+), 5 deletions(-)

diff --git a/i18n/locales/de-DE.json b/i18n/locales/de-DE.json
index d895a941b9..73252b2569 100644
--- a/i18n/locales/de-DE.json
+++ b/i18n/locales/de-DE.json
@@ -17,7 +17,9 @@
     "source": "Quellcode",
     "social": "Social",
     "chat": "Chat",
-    "keyboard_shortcuts": "Tastenkombination"
+    "keyboard_shortcuts": "Tastenkombination",
+    "blog": "Blog",
+    "builders_chat": "Builders-Chat"
   },
   "shortcuts": {
     "section": {
@@ -58,6 +60,12 @@
     "start_typing": "Tippe, um Pakete zu suchen",
     "algolia_disclaimer": "Bereitgestellt von Algolia",
     "exact_match": "exakt",
+    "instant_search": "Sofortsuche",
+    "instant_search_on": "Sofortsuche aktiviert",
+    "instant_search_off": "Sofortsuche deaktiviert",
+    "instant_search_turn_on": "Sofortsuche aktivieren",
+    "instant_search_turn_off": "Sofortsuche deaktivieren",
+    "instant_search_advisory": "Die Sofortsuche sendet bei jedem Tastendruck eine Anfrage.",
     "suggestion": {
       "user": "Benutzer",
       "org": "Organisation",
@@ -112,7 +120,9 @@
     "translation_progress": "Übersetzungsfortschritt",
     "background_themes": "Hintergrundschattierung",
     "keyboard_shortcuts_enabled": "Tastenkombinationen aktivieren",
-    "keyboard_shortcuts_enabled_description": "Tastenkombinationen können deaktiviert werden, wenn sie mit anderen Browser- oder Systemkürzeln in Konflikt stehen"
+    "keyboard_shortcuts_enabled_description": "Tastenkombinationen können deaktiviert werden, wenn sie mit anderen Browser- oder Systemkürzeln in Konflikt stehen",
+    "instant_search": "Sofortsuche",
+    "instant_search_description": "Suchergebnisse werden automatisch bei der Eingabe aktualisiert, ohne die Eingabetaste zu drücken."
   },
   "i18n": {
     "missing_keys": "{count} fehlende Übersetzung | {count} fehlende Übersetzungen",
@@ -144,7 +154,60 @@
       "role": "Rolle",
       "members": "Mitglieder"
     },
-    "scroll_to_top": "Nach oben scrollen"
+    "scroll_to_top": "Nach oben scrollen",
+    "cancel": "Abbrechen",
+    "save": "Speichern",
+    "edit": "Bearbeiten",
+    "error": "Fehler"
+  },
+  "error": {
+    "401": "Nicht autorisiert",
+    "404": "Seite nicht gefunden",
+    "500": "Interner Serverfehler",
+    "503": "Dienst nicht verfügbar",
+    "default": "Ein unerwarteter Fehler ist aufgetreten"
+  },
+  "profile": {
+    "display_name": "Anzeigename",
+    "description": "Beschreibung",
+    "no_description": "Keine Beschreibung vorhanden",
+    "website": "Website",
+    "website_placeholder": "https://beispiel.de",
+    "likes": "Likes",
+    "seo_title": "{name} – Profil auf npmx",
+    "seo_description": "Profil von {name} auf npmx – Pakete, Likes und mehr.",
+    "not_found": "Profil nicht gefunden",
+    "not_found_message": "Dieses Profil konnte nicht gefunden werden.",
+    "invite": {
+      "message": "Schau dir mein Profil auf npmx an!",
+      "share_button": "Profil teilen",
+      "compose_text": "Schau dir {name} auf npmx an: {url}"
+    }
+  },
+  "blog": {
+    "title": "Blog",
+    "heading": "Blog",
+    "meta_description": "Neuigkeiten, Updates und Artikel rund um npmx.",
+    "author": {
+      "view_profile": "Profil von {name} anzeigen"
+    },
+    "draft_badge": "Entwurf",
+    "draft_banner": "Dies ist ein Entwurf und noch nicht öffentlich sichtbar.",
+    "atproto": {
+      "view_on_bluesky": "Auf Bluesky ansehen",
+      "reply_on_bluesky": "Auf Bluesky antworten",
+      "likes_on_bluesky": "{count} Like auf Bluesky | {count} Likes auf Bluesky",
+      "like_or_reply_on_bluesky": "Auf Bluesky liken oder antworten",
+      "no_comments_yet": "Noch keine Kommentare. Sei der Erste!",
+      "could_not_load_comments": "Kommentare konnten nicht geladen werden.",
+      "comments": "Kommentare",
+      "loading_comments": "Kommentare werden geladen...",
+      "updating": "(wird aktualisiert...)",
+      "reply_count": "{count} Antwort | {count} Antworten",
+      "like_count": "{count} Like | {count} Likes",
+      "repost_count": "{count} Repost | {count} Reposts",
+      "more_replies": "{count} weitere Antwort anzeigen | {count} weitere Antworten anzeigen"
+    }
   },
   "package": {
     "not_found": "Paket nicht gefunden",
@@ -383,6 +446,8 @@
       "y_axis_label": "{facet} {granularity}",
       "facet": "Facette",
       "title": "Trends",
+      "open_options": "Diagrammoptionen öffnen",
+      "close_options": "Diagrammoptionen schließen",
       "contributors_skip": "Nicht angezeigt bei Mitwirkende (hat kein GitHub-Repository): | Nicht angezeigt bei Mitwirkende (haben kein GitHub-Repository):",
       "items": {
         "downloads": "Downloads",
@@ -417,6 +482,7 @@
     },
     "downloads": {
       "title": "Wöchentliche Downloads",
+      "subtitle": "Downloads über die Zeit",
       "community_distribution": "Community-Adoptionsverteilung ansehen"
     },
     "install_scripts": {
@@ -903,6 +969,11 @@
         "title": "Bleib auf dem Laufenden",
         "description": "Erfahre das Neueste über npmx.",
         "cta": "Auf Bluesky folgen"
+      },
+      "builders": {
+        "title": "Builders-Community",
+        "description": "Vernetze dich mit anderen Entwicklern, die auf npmx aufbauen.",
+        "cta": "Builders-Chat beitreten"
       }
     }
   },
@@ -931,7 +1002,8 @@
       "connect_bluesky": "Mit Bluesky verbinden",
       "what_is_atmosphere": "Was ist ein Atmosphere-Konto?",
       "atmosphere_explanation": "{npmx} nutzt das {atproto}, um viele seiner sozialen Funktionen zu betreiben. So können Nutzer ihre Daten selbst verwalten und ein einziges Konto für alle kompatiblen Anwendungen nutzen. Sobald du ein Konto erstellt hast, kannst du andere Apps wie {bluesky} und {tangled} mit demselben Konto nutzen.",
-      "default_input_error": "Bitte geben Sie einen gültigen Handle, eine DID oder eine vollständige PDS-URL ein"
+      "default_input_error": "Bitte gib einen gültigen Handle, eine DID oder eine vollständige PDS-URL ein",
+      "profile": "Profil anzeigen"
     }
   },
   "header": {
@@ -1103,7 +1175,9 @@
     "files_button": "Dateien",
     "select_file_prompt": "Wähle eine Datei in der Seitenleiste, um die Änderungen anzuzeigen",
     "close_files_panel": "Dateibereich schließen",
-    "filter_files_label": "Dateien nach Art der Änderung filtern"
+    "filter_files_label": "Dateien nach Art der Änderung filtern",
+    "file_too_large": "Datei zu groß für Diff-Ansicht",
+    "file_size_warning": "{size} überschreitet das Limit für die Diff-Anzeige"
   },
   "privacy_policy": {
     "title": "Datenschutzerklärung",
@@ -1214,5 +1288,33 @@
       "p1": "Wenn du bei {app} auf eine Barriere stößt, sag uns bitte Bescheid, indem du ein Ticket in unserem {link} eröffnest. Wir nehmen diese Meldungen ernst und werden unser Bestes tun, um sie zu beheben.",
       "link": "GitHub-Repository"
     }
+  },
+  "pds": {
+    "title": "npmx PDS",
+    "meta_description": "Tritt dem persönlichen Datenspeicher (PDS) von npmx bei – deiner Heimat im AT-Protokoll-Netzwerk.",
+    "join": {
+      "title": "Dem PDS beitreten",
+      "description": "Erstelle ein Konto auf dem npmx PDS und werde Teil des dezentralen AT-Protokoll-Netzwerks.",
+      "migrate": "Bestehendes Konto migrieren"
+    },
+    "server": {
+      "title": "Serverinformationen",
+      "location_label": "Standort",
+      "location_value": "EU",
+      "infrastructure_label": "Infrastruktur",
+      "infrastructure_value": "Vercel",
+      "privacy_label": "Datenschutz",
+      "privacy_value": "Datenschutzerklärung ansehen",
+      "learn_more": "Mehr über PDS erfahren"
+    },
+    "community": {
+      "title": "Community",
+      "description": "Nutzende, die diesen PDS verwenden.",
+      "loading": "Community wird geladen...",
+      "error": "Community konnte nicht geladen werden",
+      "empty": "Noch keine Mitglieder gefunden.",
+      "view_profile": "Profil von {name} anzeigen",
+      "new_accounts": "Neue Konten"
+    }
   }
 }

From 6517eb2cb1c7f80bf6841855bb944969f88cc15d Mon Sep 17 00:00:00 2001
From: Daniel Roe <daniel@roe.dev>
Date: Tue, 3 Mar 2026 17:34:26 +0000
Subject: [PATCH 7/8] fix: look for tags on release branch

---
 scripts/next-version.ts | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/scripts/next-version.ts b/scripts/next-version.ts
index 0edd1a04fc..9e9f7999a2 100644
--- a/scripts/next-version.ts
+++ b/scripts/next-version.ts
@@ -41,13 +41,20 @@ export async function getNextVersion(): Promise<VersionInfo> {
   let from: string
 
   try {
-    const tag = git('describe', '--tags', '--abbrev=0', '--match', 'v*')
+    const tag = git('describe', '--tags', '--abbrev=0', '--match', 'v*', 'origin/release')
     current = tag.replace(/^v/, '')
     from = tag
   } catch {
-    // No reachable tags — start from the initial commit
-    current = '0.0.0'
-    from = git('rev-list', '--max-parents=0', 'HEAD')
+    try {
+      // Fallback: check tags reachable from HEAD (works in local dev)
+      const tag = git('describe', '--tags', '--abbrev=0', '--match', 'v*')
+      current = tag.replace(/^v/, '')
+      from = tag
+    } catch {
+      // No reachable tags — start from the initial commit
+      current = '0.0.0'
+      from = git('rev-list', '--max-parents=0', 'HEAD')
+    }
   }
 
   // Collect commit subjects since last tag (exclude merges)

From 504e448043b90459ab6f12113404bf7126746ae6 Mon Sep 17 00:00:00 2001
From: Abbey Perini <68071056+abbeyperini@users.noreply.github.com>
Date: Tue, 3 Mar 2026 13:16:05 -0500
Subject: [PATCH 8/8] chore(blog): add Abbey's FCC blog to alpha-release post
 (#1904)

---
 app/pages/blog/alpha-release.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/pages/blog/alpha-release.md b/app/pages/blog/alpha-release.md
index 56e3e3aca8..2dd53c48a7 100644
--- a/app/pages/blog/alpha-release.md
+++ b/app/pages/blog/alpha-release.md
@@ -101,6 +101,12 @@ headline="Read more from the community"
     authorHandle: 'patak.cat',
     description: 'The story of the many people and communities that converged to build npmx together.'
   },
+  {
+    url: 'https://www.freecodecamp.org/news/learning-to-enjoy-code-reviews-with-npmx/',
+    title: 'OSS Pull Request Therapy: Learning to Enjoy Code Reviews with npmx',
+    authorHandle: 'abbeyperini.dev',
+    description: 'For years, I thought Open Source Software (OSS) just wasn\'t for me. Curious about the hype I saw on Bluesky, I recently joined the npmx Discord server on a whim. My journey from lurker to contributor taught me a lot about OSS and gave me new confidence going into code reviews.'
+  },
   {
     url: 'https://graphieros.github.io/graphieros-blog/blog/2026/npmx.html',
     title: 'vue-data-ui is on npmx npmx is on vue-data-ui',