Currently, when the "Enabled DataSources" are set to either GitHub or VulnerableCode, but their respective API keys are not provided, the search request still proceeds, and the loader runs indefinitely. During this process, failed 401 requests are made in the background, but no indication is given to the user that the API keys are missing.

This issue creates a poor user experience, as the user does not understand why the search fails or why the loader never completes.

Steps to Reproduce:

1. Navigate to the settings page.
2. Enable GitHub and/or VulnerableCode data sources without providing their API keys.
3. Go to the main page and initiate a search for a package.
4. Observe that the loader remains active indefinitely, and there are failed 401 requests in the background (visible in the network tab).

Expected Behavior:

• If GitHub or VulnerableCode is enabled, the extension should check whether the respective API key is provided.
• If the API key is missing, the loader should display an error message like "API key required for GitHub/VulnerableCode data sources."
• The search request should not be sent until the missing API key is provided.

Proposed Solution:

• Before making the search request, add checks to validate that the required API keys are provided for GitHub and VulnerableCode.
• If the keys are missing, display a notification or alert asking the user to provide the necessary keys before proceeding with the search.

Impact:

• This fix will improve the user experience by providing clear feedback when the required API keys are not provided.
• It will prevent unnecessary network requests and make sure that the search process only starts when all required data sources have valid credentials.

Screenshot: