fix: navigating to org page from search leads to 404 page

[serhalp]

Bug

See #1190.

Fix

Org packages are fetched from the npm registry api (/-/org/{org}/package) in two places:

1. Server route /api/registry/org/[org]/packages.get.ts: calls $fetch('https://registry.npmjs.org/-/org/{org}/package')
2. Client composable useOrgPackages(): calls $npmRegistry('/-/org/{org}/package')

The composable bypasses the server route, duplicating the registry call, org name encoding, and error handling, and bypassing the important server-side caching. But most importantly, calls to the registry from the client fail with a CORS error, since the registry doesn't allow cross-origin requests from browsers.

Fixes #1190.

QA

Note: if you try this fix, please note that if you use an org that has many packages you'll likely run into a separate issue that prints a ton of 429s (with CORS errors) in your browser console. This is a separate latent issue. Let's fix that in a separate PR 😅.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Feb 8, 2026 2:41am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Feb 8, 2026 2:41am
npmx-lunaria	Ignored		Feb 8, 2026 2:41am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates the organisation packages retrieval flow across both client and server layers. The client-side composable is modified to consume a new API endpoint that returns packages and count directly, replacing a previously wrapped data structure. The server-side API endpoint introduces specific error handling for 404 responses from the registry, propagating "Organisation not found" errors to clients, whilst non-404 errors are logged and result in an empty package list. This distinction allows consumers to differentiate between missing organisations and empty results.

Possibly related PRs

• fix: lazy loading packages #966: Related changes to the org-packages fetch/error handling flow, specifically addressing where 404 errors are caught and handled in the page-level integration.

Suggested reviewers

• danielroe

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description clearly explains the bug, the fix location, and why it matters, directly relating to the code changes in both files.
Linked Issues check	✅ Passed	The pull request fixes the client composable to fetch org packages via the existing server route instead of directly from the npm registry, resolving the CORS error that caused the regression where org search results showed 'No packages found'.
Out of Scope Changes check	✅ Passed	All changes are scoped to fetching org packages: modifications to the composable and server route align with the stated objective of using the server route to bypass CORS issues.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/1190

---

No actionable comments were generated in the recent review. 🎉

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[serhalp]

oh hmm wait a sec, this is effectively reverting a change from #641? 👀

[danielroe]

ahh, probably an unintentional change

it was an older PR I merged stuff into.