docs: map npm package links to npmx.dev

[Copilot]

• Update [npm-url] reference link from https://npmjs.org/package/urllib to https://npmx.dev/package/urllib in README.md
• Update [download-url] reference link from https://npmjs.org/package/urllib to https://npmx.dev/package/urllib in README.md
• Update example URL from https://www.npmjs.com/package/urllib to https://npmx.dev/package/urllib in README.md
• Run pnpm dedupe to fix duplicate dependencies in lockfile (fixes vp dedupe --check CI failure)
• Remove invalid ts-equals-import group from experimentalSortImports in vite.config.ts (not a valid group name in newer oxfmt)

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Updates the README’s npm package links to use npmx.dev instead of npmjs.org/www.npmjs.com, keeping registry API URLs and badge URLs unchanged.

Changes:

• Updated [npm-url] and [download-url] reference links to https://npmx.dev/package/urllib.
• Updated the proxy example request URL to https://npmx.dev/package/urllib.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.77%. Comparing base (0433cd1) to head (384da90).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #661   +/-   ##
=======================================
  Coverage   92.77%   92.77%           
=======================================
  Files          10       10           
  Lines         747      747           
  Branches      233      233           
=======================================
  Hits          693      693           
  Misses         51       51           
  Partials        3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[fengmk2]

@copilot fix "vp dedupe --check" errors

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/node-modules/urllib@661

commit: 384da90

[Copilot]

@copilot fix "vp dedupe --check" errors

Fixed in 384da90. Ran pnpm dedupe to resolve duplicate dependencies in the lockfile, and removed the invalid ts-equals-import group from experimentalSortImports in vite.config.ts (not a recognized group name in the newer oxfmt version that came with the deduped vite-plus).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• oxc.rs
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​voidzero-dev/​vite-plus-test@​0.0.0-b1666489.20260220-0254 ⏵ 0.0.0-e32b32e5.20260224-0706	-5		+1	+1
	vite-plus@​0.0.0-b1666489.20260220-0254 ⏵ 0.0.0-e32b32e5.20260224-0706	+3		+1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @voidzero-dev/vite-plus-test is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: package.json → npm/@voidzero-dev/vite-plus-test@0.0.0-e32b32e5.20260224-0706 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@voidzero-dev/vite-plus-test@0.0.0-e32b32e5.20260224-0706. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report