Issues with Unicode Handling and Missing Primary Package Links in PackageVersions API

[a2ure123]

Hello,

I am currently using the packageversions API to retrieve package names corresponding to Git links, but I am encountering a couple of issues:

Unicode in Package Versions: When querying package names like @nio/ui-kit\u003E2.1.7\u003Ereact-dom, which includes Unicode characters (such as \u003E for >), I am not sure how to properly query these versions. Could you provide guidance on how to handle this type of input correctly?

Missing Main Package in Dependencies: When querying a Git link like https://github.com/facebook/react, I expect the package react to be included, as it is the primary package linked to this Git repository. However, when I query via the packageversions API, the main package is not included, which causes an issue. Specifically, when I attempt to use the GetDependents endpoint to retrieve the number of dependents, the count seems much smaller than expected due to the absence of the core package. Is there a way to solve this problem and retrieve the core package as well?

Any guidance or suggestions to solve these issues would be greatly appreciated.

Thank you!

[sarnesjo-google]

If you access the API via gRPC, you pass the name @nio/ui-kit>2.1.7>react-dom exactly as written. If you use HTTP, you need to percent-encode it as %40nio%2Fui-kit%3E2.1.7%3Ereact-dom, as mentioned in the documentation.

As for react not being included in the response to calling GetProjectPackageVersions with github.com/facebook/react, that's certainly surprising behavior. The problem is that there are many, many npm packages that claim that repo (which the API reports as "relationType": "SOURCE_REPO" and "relationProvenance": "UNVERIFIED_METADATA") and without provenance attestations (which react does not use), there's no bulletproof way to determine the "real" ones. With that said, we could probably improve our heuristics. Thanks for reporting this issue!