chore: release v0.11.0

[github-actions]

This PR will deploy the following changes to production (npmx.dev).

Next version: v0.11.0 (current: v0.10.0)

Features

• feat: show badge on top liked packages, link to leaderboard (feat: show badge on top liked packages, link to leaderboard #2459) (1fef8da3)
• feat: add SolidJS data anomalies to download-anomalies.data.ts (feat: add SolidJS data anomalies to download-anomalies.data.ts #2661) (1cd4f82a)

Fixes

• fix: show license from correct version (fix: show license from correct version #2662) (75739533)

Other Changes

• chore: install Vercel Speed Insights (chore: install Vercel Speed Insights #2671) (c26421f5)

---

Merging this PR will:

• Deploy to npmx.dev via Vercel
• Create a v0.11.0 tag and GitHub Release
• Publish npmx-connector@0.11.0 to npm

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ready	Preview, Comment	May 3, 2026 4:59pm
npmx-lunaria	Ready	Preview, Comment	May 3, 2026 4:59pm
npmx.dev	Ready	Preview, Comment	May 3, 2026 4:59pm

[codecov]

Codecov Report

❌ Patch coverage is 88.53755% with 29 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
app/pages/leaderboard/likes.vue	89.04%	23 Missing ⚠️
app/components/Package/Likes.vue	90.32%	3 Missing ⚠️
app/composables/npm/usePackage.ts	57.14%	1 Missing and 2 partials ⚠️

📢 Thoughts on this report? Let us know!

[github-actions]

Lunaria Status Overview

🌕 This pull request will trigger status changes.

Learn more

By default, every PR changing files present in the Lunaria configuration's files property will be considered and trigger status changes accordingly.

You can change this by adding one of the keywords present in the ignoreKeywords property in your Lunaria configuration file in the PR's title (ignoring all files) or by including a tracker directive in the merged commit's description.

Tracked Files

File	Note
i18n/locales/en.json	Source changed, localizations will be marked as outdated.
i18n/locales/fr-FR.json	Localization changed, will be marked as complete. 🔄️

Warnings reference

Icon	Description
🔄️	The source for this localization has been updated since the creation of this pull request, make sure all changes in the source have been applied.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​sanitize-html@​2.16.1
	@​unocss/​nuxt@​66.6.7
	@​vueuse/​shared@​14.2.1
	@​takumi-rs/​core@​1.0.9
	@​takumi-rs/​wasm@​1.0.9
	@​types/​semver@​7.7.1
	@​vueuse/​core@​14.2.1
	@​vueuse/​router@​14.2.1
	@​voidzero-dev/​vite-plus-test@​0.1.16
	@​unocss/​preset-wind4@​66.6.7
	@​types/​validate-npm-package-name@​4.0.2
	@​vitest/​coverage-v8@​4.1.5
	@​types/​node@​24.12.0
	@​vite-pwa/​assets-generator@​1.0.2
	@​vueuse/​nuxt@​14.2.1
	@​vueuse/​integrations@​14.2.1
	@​vercel/​speed-insights@​2.0.0
	@​vue/​test-utils@​2.4.6
	@​vite-pwa/​nuxt@​1.1.1
	@​upstash/​redis@​1.37.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @voidzero-dev/vite-plus-core is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/@voidzero-dev/vite-plus-test@0.1.16 → npm/@storybook-vue/nuxt@9.0.1 → npm/@voidzero-dev/vite-plus-core@0.1.16 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@voidzero-dev/vite-plus-core@0.1.16. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[github-actions]

📊 Dependency Size Changes

Warning

This PR adds 366.7 kB of new dependencies, which exceeds the threshold of 200 kB.

📦 Package	📏 Size
@vercel/speed-insights@2.0.0	366.7 kB

Total size change: 366.7 kB