npm - @builtbyecho/public-api-finder - Versions diffs - 0.5.7 → 0.5.8 - Mend

@builtbyecho/public-api-finder 0.5.7 → 0.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/scripts/eval-hardening.mjs +1 -1
package/scripts/eval-mutations.mjs +56 -0
package/src/cli.js +61 -8

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@builtbyecho/public-api-finder",
-  "version": "0.5.7",
+  "version": "0.5.8",
   "description": "Find free/public APIs for agents and prototypes.",
   "type": "module",
   "bin": {

package/scripts/eval-hardening.mjs CHANGED Viewed

@@ -45,7 +45,7 @@ const cases = [
   { q: 'food barcode ingredients allergens nutrition no auth cors', args: ['--no-auth','--https'], topCategory: /food/i, mustName: /open food facts/i },
   { q: 'recipe from pantry ingredients avoid allergens api', args: [], topCategory: /food/i, mustName: /spoonacular|edamam|recipe|meal/i },
   { q: 'air quality by coordinates pollutant measurements', args: [], topCategory: /environment|science|weather/i, mustName: /openaq|air quality|aqicn/i },
-  { q: 'historical currency exchange rates no auth cors', args: ['--no-auth','--https'], topCategory: /currency exchange/i, mustName: /frankfurter|currency/i, forbid: /crypto|bitcoin|dex/i },
+  { q: 'historical currency exchange rates no auth cors', args: ['--no-auth','--https'], topCategory: /currency exchange/i, mustName: /frankfurter|currency/i, forbid: /\b(crypto|bitcoin|dex)\b/i },
   { q: 'public holidays by country no auth', args: ['--no-auth','--https'], topCategory: /calendar|date/i, mustName: /nager|holiday|calendarific/i },
   { q: 'vehicle vin decode recall safety data no auth', args: ['--no-auth'], topCategory: /transportation|government|open data/i, mustName: /nhtsa|vin|vehicle/i },
   { q: 'real estate property value rent estimate api', args: [], topCategory: /real estate|property|openapi|finance/i, mustName: /rentcast|attom|zillow|real estate|property/i },

package/scripts/eval-mutations.mjs ADDED Viewed

@@ -0,0 +1,56 @@
+#!/usr/bin/env node
+import { spawnSync } from 'node:child_process';
+const cases = [
+  { q: 'free stock data for a frontend chart', args: ['--no-auth','--https'], expect: /finance/i, any: /stooq|portfolio|stock|finance/i, forbid: /weather|joke|anime/i },
+  { q: 'api for checking token liquidity on dexes', args: [], expect: /cryptocurrency/i, any: /dexscreener|dexpaprika|geckoterminal|defillama/i },
+  { q: 'browser safe weather forecast api', args: ['--no-auth','--https','--cors','Yes'], expect: /weather/i, any: /open-meteo|weather|pirate/i },
+  { q: 'whois and dns lookup for a domain', args: [], expect: /security|development|openapi/i, any: /whois|dns|ssl/i },
+  { q: 'send text messages to users api', args: [], expect: /communication|messaging|telecom|openapi/i, any: /twilio|sms|message|telnyx|vonage/i },
+  { q: 'make pdf from html api', args: [], expect: /documents|development|openapi/i, any: /pdf|html/i },
+  { q: 'find APIs for app screenshots', args: [], expect: /development|media|documents|openapi/i, any: /urlbox|microlink|screenshot|capture/i },
+  { q: 'check if npm package has vulnerabilities', args: [], expect: /security|development|open data/i, any: /osv|nvd|vulnerability|npm/i },
+  { q: 'lookup us census demographics by zip', args: [], expect: /government|open data|geocoding/i, any: /census|zippopotam|data.gov/i },
+  { q: 'temporary email inbox for tests', args: ['--no-auth','--https'], expect: /email/i, any: /mail|email|inbox/i },
+  { q: 'login users with magic link api', args: [], expect: /authentication|security|openapi/i, any: /stytch|magic|auth0|clerk|passwordless/i },
+  { q: 'mock webhooks during development', args: [], expect: /development|test data|openapi/i, any: /webhook|beeceptor|requestbin|mock/i },
+  { q: 'public holidays calendar for germany', args: ['--no-auth','--https'], expect: /calendar|date/i, any: /nager|holiday|calendar/i },
+  { q: 'random user data for frontend seed demo', args: ['--no-auth','--https'], expect: /test data/i, any: /random user|jsonplaceholder|dummyjson|fake/i },
+  { q: 'recipe nutrition search by ingredients', args: [], expect: /food/i, any: /spoonacular|edamam|open food|recipe|nutrition/i },
+  { q: 'flight arrivals by airport code', args: [], expect: /travel|transportation|openapi/i, any: /aviation|flight|airport|amadeus/i },
+  { q: 'rent estimate property valuation api', args: [], expect: /real estate|property|finance|openapi/i, any: /rentcast|attom|property|real estate/i },
+  { q: 'container image tags registry api', args: [], expect: /development|security|openapi/i, any: /docker|registry|container/i },
+  { q: 'open graph card preview for url', args: [], expect: /development|media|utility|openapi/i, any: /microlink|open graph|link preview|metadata/i },
+  { q: 'speech transcription from uploaded audio', args: [], expect: /ai|audio|machine learning|openapi/i, any: /assemblyai|deepgram|whisper|transcription/i },
+  // Over-filter / tight filter checks: should not pad unrelated junk.
+  { q: 'stock quote no auth cors yes', args: ['--no-auth','--https','--cors','Yes'], any: /portfolio|stooq|stock|finance/i, forbid: /weather|joke|tvmaze|anime|jobs/i, max: 5, allowEmpty: true },
+  { q: 'crypto exchange orderbook no auth cors yes', args: ['--no-auth','--https','--cors','Yes'], expect: /cryptocurrency/i, any: /0x|coinpaprika|dexpaprika|dex|crypto/i, forbid: /weather|stock|joke/i, max: 5 },
+  { q: 'oauth login no auth cors yes', args: ['--no-auth','--https','--cors','Yes'], forbid: /weather|joke|food|crypto|stock|calendar|holiday/i, max: 5, allowEmpty: true },
+  { q: 'webhook testing no auth cors yes', args: ['--no-auth','--https','--cors','Yes'], any: /webhook|beeceptor|jsonplaceholder|mock/i, forbid: /weather|crypto|stock/i, max: 5 },
+  { q: 'medical diagnosis api no auth cors yes', args: ['--no-auth','--https','--cors','Yes'], forbid: /weather|crypto|stock|joke|tvmaze|anime|email|animals|food/i, max: 5, allowEmpty: true },
+];
+function checkRows(rows, c) {
+  const checks = [];
+  const top = rows[0];
+  if (!top && !c.allowEmpty) checks.push('no results');
+  if (top && c.expect && !c.expect.test(top.category || '')) checks.push(`top category ${top.category} !~ ${c.expect}`);
+  if (c.any && !(c.allowEmpty && rows.length === 0) && !rows.slice(0, 3).some(r => c.any.test(`${r.name} ${r.category} ${r.description} ${r.url}`))) checks.push(`top3 missing ${c.any}`);
+  if (c.forbid && rows.some(r => c.forbid.test(`${r.name} ${r.category} ${r.description}`))) checks.push(`forbidden ${c.forbid}`);
+  if (c.max && rows.length > c.max) checks.push(`too many rows ${rows.length} > ${c.max}`);
+  return checks;
+}
+let failures = 0;
+for (const [i, c] of cases.entries()) {
+  const res = spawnSync(process.execPath, ['src/cli.js', c.q, ...c.args, '--limit', String(c.max || 5), '--json'], { encoding: 'utf8' });
+  const rows = res.status === 0 ? JSON.parse(res.stdout || '[]') : [];
+  const checks = checkRows(rows, c);
+  const ok = checks.length === 0;
+  if (!ok) failures++;
+  console.log(`${ok ? 'PASS' : 'FAIL'} ${i + 1}. ${c.q}`);
+  rows.slice(0, 3).forEach((r, idx) => console.log(`  ${idx + 1}. ${r.name} | ${r.category} | auth=${r.auth} | cors=${r.cors} | score=${r.score}`));
+  if (!ok) console.log(`  Reasons: ${checks.join('; ')}`);
+}
+console.log(`\n${cases.length - failures}/${cases.length} mutation cases passed`);
+process.exitCode = failures ? 1 : 0;

package/src/cli.js CHANGED Viewed

@@ -13,7 +13,7 @@ const SOURCES = {
 };
 const CACHE_PATH = process.env.PUBLIC_API_FINDER_CACHE || join(homedir(), '.cache', 'public-api-finder', 'all.json');
 const CACHE_TTL_MS = 24 * 60 * 60 * 1000;
-const DATA_VERSION = 16;
+const DATA_VERSION = 17;
 const ENRICHMENT_FIELDS = [
   'tags',
@@ -747,7 +747,17 @@ function applyQueryHints(args) {
   if (!args.cors && /\b(cors|frontend-safe|browser-safe|frontend safe|browser safe)\b/.test(query)) args.cors = 'Yes';
 }
-const SEARCH_STOPWORDS = new Set(['a', 'an', 'and', 'api', 'apis', 'for', 'from', 'in', 'no', 'of', 'on', 'or', 'the', 'to', 'with']);
+const SEARCH_STOPWORDS = new Set(['a', 'an', 'and', 'api', 'apis', 'auth', 'cors', 'for', 'from', 'in', 'key', 'no', 'of', 'on', 'or', 'the', 'to', 'with', 'yes']);
+function normalizeSearchQuery(query) {
+  return String(query || '')
+    .replace(/\b(no auth|without auth|no api key|no key|unauthenticated)\b/gi, ' ')
+    .replace(/\b(cors|cors yes|frontend-safe|browser-safe|frontend safe|browser safe|https)\b/gi, ' ')
+    .replace(/\b(api|apis)\b/gi, ' ')
+    .replace(/\s+/g, ' ')
+    .trim();
+}
 function tokenSet(text) {
   return new Set(String(text).toLowerCase().match(/[a-z0-9]+/g)?.filter(t => t.length > 1 && !SEARCH_STOPWORDS.has(t)) || []);
@@ -852,10 +862,11 @@ function intentPenalty(entry, queryText) {
   if (/\b(school district|school boundary|district boundary|reverse geocoding|maps routing|routing api|open data demographics|demographics|census data)\b/.test(queryText) && /\b(linkedin|jobs scraper|lead|sales|recruiting|amazon product scraper|tiktok profile scraper)\b/.test(text)) {
     penalty += 120;
   }
-  if (/\b(stock|stocks|stock quote|stock prices|equity|equities|ticker|tickers)\b/.test(queryText) && !/finance|financial|stock|stocks|equity|ticker|market data|portfolio|stooq|finnhub|polygon|alpha vantage|twelve data/.test(text)) {
+  const stockIntent = /\b(stock|stocks|stock quote|stock prices|equity|equities|ticker|tickers)\b/.test(queryText) && !/\b(not stocks?|not stock|non stocks?|non stock)\b/.test(queryText);
+  if (stockIntent && !/finance|financial|stock|stocks|equity|ticker|market data|portfolio|stooq|finnhub|polygon|alpha vantage|twelve data/.test(text)) {
     penalty += 80;
   }
-  if (/\b(stock|stocks|stock quote|stock prices|equity|equities|ticker|tickers)\b/.test(queryText) && /\b(quotable|joke|entertainment|food|weather|test data|placeholder)\b/.test(text)) {
+  if (stockIntent && /\b(quotable|joke|entertainment|food|weather|test data|placeholder)\b/.test(text)) {
     penalty += 140;
   }
   if (/\bcrypto\b/.test(queryText) && /\bnot stocks?\b/.test(queryText) && /\b(finance|financial|stock|stocks|equity|ticker|portfolio|stooq|finnhub|polygon|sec edgar|predscope|valueray|econdb)\b/.test(text)) {
@@ -880,6 +891,16 @@ function intentPenalty(entry, queryText) {
     penalty += 70;
   }
+  if (/\b(crypto|cryptocurrency|dex|orderbook)\b/.test(queryText) && /\b(currency exchange|frankfurter|national bank|vatcomply|exchange rates only|fiat)\b/.test(text) && !/\b(crypto|cryptocurrency|dex|token|blockchain|defi|coinpaprika|0x)\b/.test(text)) {
+    penalty += 160;
+  }
+  if (/\b(oauth|login|auth|authentication|passwordless)\b/.test(queryText) && /\b(calendar|holiday|nameday|nager|non-working days|food|weather|crypto|stock)\b/.test(text) && !/\b(auth|oauth|openid|login|identity|passwordless)\b/.test(text)) {
+    penalty += 140;
+  }
+  if (/\b(medical diagnosis|diagnosis|clinical|symptom checker)\b/.test(queryText) && /\b(food|crypto|currency|weather|joke|tv|geocoding|zippopotam)\b/.test(text) && !/\b(medical|health|clinical|diagnosis|symptom|fhir)\b/.test(text)) {
+    penalty += 180;
+  }
   if (!cat.includes('cryptocurrency') && /\b(wallet address|identicon|avatar|profile picture)\b/.test(queryText) && /\b(avatar|identicon|profile picture)\b/.test(text)) {
     penalty -= 20;
   }
@@ -1137,8 +1158,38 @@ function sourceMatches(entry, source) {
   return (entry.sources || [entry.source]).some(s => String(s).toLowerCase() === source.toLowerCase());
 }
+function passesIntentGate(entry, queryText) {
+  const text = `${entry.name || ''} ${entry.category || ''} ${entry.description || ''} ${enrichedText(entry)}`.toLowerCase();
+  if (/\b(currency exchange|exchange rates|fiat exchange|forex rates)\b/.test(queryText) && !/\bcrypto|bitcoin|dex|token\b/.test(queryText)) {
+    if (/\bcurrency exchange\b/.test(String(entry.category || '').toLowerCase())) return true;
+    if (/\b(frankfurter|national bank|vatcomply)\b/.test(String(entry.name || '').toLowerCase())) return true;
+    if (/\b(crypto|crypto-currencies|cryptocurrency|stocks?|portfolio optimizer|econdb)\b/.test(text)) return false;
+    return /\b(currency conversion|forex rates)\b/.test(text);
+  }
+  if (/\b(stock|stocks|stock quote|stock prices|equity|equities|ticker|tickers)\b/.test(queryText) && !/\b(not stocks?|not stock|non stocks?|non stock)\b/.test(queryText)) {
+    return /\b(finance|financial|currency exchange)\b/.test(String(entry.category || '').toLowerCase())
+      || /\b(stooq|portfolio optimizer|alpha vantage|finnhub|polygon|twelve data|sec edgar|econdb|tradier|predscope|valueray)\b/.test(text);
+  }
+  if (/\b(oauth|openid|passwordless|magic link)\b/.test(queryText) || /\blogin\b.*\b(auth|users?)\b/.test(queryText)) {
+    return /\b(authentication|security)\b/.test(String(entry.category || '').toLowerCase())
+      || /\b(auth0|clerk|stytch|magic|oauth|openid|identity|passwordless|social auth|login)\b/.test(text);
+  }
+  if (/\b(medical diagnosis|diagnosis|clinical|symptom checker)\b/.test(queryText)) {
+    return /\b(medical|health|clinical|diagnosis|symptom|fhir)\b/.test(text);
+  }
+  if (/\b(crypto|cryptocurrency|dex|orderbook)\b/.test(queryText) && !/\b(not crypto|non crypto|fiat only)\b/.test(queryText)) {
+    if (!/\bcryptocurrency\b/.test(String(entry.category || '').toLowerCase()) && /\b(finance|financial|currency exchange)\b/.test(String(entry.category || '').toLowerCase())) return false;
+    return /\b(crypto|cryptocurrency|dex|defi|token|blockchain|coin|coinpaprika|0x|dexpaprika|geckoterminal|dexscreener)\b/.test(text);
+  }
+  return true;
+}
 function filterEntries(entries, args) {
-  const q = tokenSet(args.query);
+  const queryText = String(args.query || '').toLowerCase();
+  const searchText = normalizeSearchQuery(args.query);
+  const q = tokenSet(searchText);
+  if (args.noAuth && (/\b(oauth|openid|passwordless|magic link)\b/.test(queryText) || /\blogin\b.*\b(auth|users?)\b/.test(queryText))) return [];
   return entries.flatMap(e => {
     if (args.category && !String(e.category || '').toLowerCase().includes(args.category.toLowerCase())) return [];
     if (args.source && !sourceMatches(e, args.source)) return [];
@@ -1146,13 +1197,15 @@ function filterEntries(entries, args) {
     if (args.https && !e.https) return [];
     if (args.openapi && !e.openapiUrl) return [];
     if (args.cors && String(e.cors || '').toLowerCase() !== args.cors.toLowerCase()) return [];
+    if (q.size && !passesIntentGate(e, queryText)) return [];
     const matched = q.size ? textScore(e, q) : 1;
     const domain = q.size ? domainAdjustment(e, q) : 0;
-    const targeted = q.size ? targetedBoost(e, args.query.toLowerCase()) : 0;
+    const targeted = q.size ? targetedBoost(e, queryText) : 0;
     if (q.size && matched === 0 && domain <= 0 && targeted <= 0) return [];
-    const s = q.size ? score(e, q, args.query.toLowerCase()) : 1;
+    let s = q.size ? score(e, q, searchText.toLowerCase()) : 1;
     if (q.size && s <= 0) return [];
-    return [{ ...e, score: s + (e.sourceWeight || 0) }];
+    const finalScore = s + (e.sourceWeight || 0);
+    return [{ ...e, score: finalScore }];
   }).sort((a, b) => b.score - a.score || String(a.category).localeCompare(String(b.category)) || String(a.name).localeCompare(String(b.name))).slice(0, args.limit);
 }