Display earliest safe version for vulnurability check #24
Description
Something I noticed about the vulnurability warnings is that they only show that one exists:
Since VS-Codes native npm support only shows the latest version of a package, I think it would be helpful to display the latest version in which the current vulnurability is fixed.
An example in the wild would be a project that's on Next.js 15.5.6 with the React Server Components CVE. The latest displayed version would be 16.x, requiring developers to look up the documentation of the vulnurability to see in which version its fixed without upgrading to 16.x. Instead, we could show that the earliest safe version is 15.5.7.
I understand this requires some work on the npmx server side as well, so I'm not sure about feasibility at this moment. I also opened an issue in the npmx repo.
wdyt?