fix: use useFetch for useDependencyAnalysis

[OrbisK]

This fixes a bug where the state key was not updated when the version or package changed.

Now, requests are deduped correctly as well. We could remove useDependencyAnalysis() entirely in favour of just having useFetch(() =>`/api/registry/vulnerabilities/${encodePackageName(toValue(packageName))}/v/${toValue(version)}`)

---

There will be two followup issues:

1. nuxt (upstream): deduped fetches cause theses warnings

2. the vulnerabilies endpoint does not handle namespaced packages correctly (api/registry/vulnerabilities/ does not handle scoped packages #552)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Jan 31, 2026 8:49pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
npmx-lunaria	Ignored		Jan 31, 2026 8:49pm
docs.npmx.dev	Skipped		Jan 31, 2026 8:49pm

[OrbisK]

@danielroe I think ci/knip is lying. Can I help you with: webpro-nl/knip#1265 ? (I removed some unnecessary imports)

[danielroe]

please! do you want permissions for my fork?