@ceon-oy/monitor-sdk 1.0.14 → 1.0.15

package/dist/index.d.mts

@@ -43,11 +43,14 @@ interface MonitorClientConfig {
     auditPaths?: AuditPath[];
     /** Include devDependencies when tracking dependencies (default: false) */
     includeDevDependencies?: boolean;
+    /** Enable fetching latest versions from npm registry (default: true) */
+    versionCheckEnabled?: boolean;
 }
 interface TechnologyItem {
     name: string;
     version: string;
     type?: TechnologyType;
+    latestVersion?: string;
 }
 interface ErrorContext {
     severity?: Severity;
@@ -178,6 +181,7 @@ declare class MonitorClient {
     private lastScanTime;
     private lastKnownScanRequestedAt;
     private lastKnownTechScanRequestedAt;
+    private versionCheckEnabled;
     constructor(config: MonitorClientConfig);
     /**
      * Security: Validate and sanitize metadata to prevent oversized payloads
@@ -229,10 +233,24 @@ declare class MonitorClient {
     private startFlushTimer;
     private stopFlushTimer;
     syncDependencies(): Promise<void>;
+    /**
+     * Enrich technologies with latest version information from npm registry.
+     * Only runs if versionCheckEnabled is true.
+     */
+    private enrichWithLatestVersions;
     syncTechnologies(technologies: TechnologyItem[]): Promise<void>;
     private readPackageJson;
     private readPackageJsonFromPath;
     private shouldExclude;
+    /**
+     * Fetch the latest version of a package from npm registry.
+     * Returns null if the package cannot be found or the request fails.
+     */
+    private fetchLatestVersion;
+    /**
+     * Fetch latest versions for multiple packages in parallel with concurrency limit.
+     */
+    private fetchLatestVersions;
     private sendTechnologies;
     private sendTechnologiesWithEnvironment;
     /**

package/dist/index.d.ts

@@ -43,11 +43,14 @@ interface MonitorClientConfig {
     auditPaths?: AuditPath[];
     /** Include devDependencies when tracking dependencies (default: false) */
     includeDevDependencies?: boolean;
+    /** Enable fetching latest versions from npm registry (default: true) */
+    versionCheckEnabled?: boolean;
 }
 interface TechnologyItem {
     name: string;
     version: string;
     type?: TechnologyType;
+    latestVersion?: string;
 }
 interface ErrorContext {
     severity?: Severity;
@@ -178,6 +181,7 @@ declare class MonitorClient {
     private lastScanTime;
     private lastKnownScanRequestedAt;
     private lastKnownTechScanRequestedAt;
+    private versionCheckEnabled;
     constructor(config: MonitorClientConfig);
     /**
      * Security: Validate and sanitize metadata to prevent oversized payloads
@@ -229,10 +233,24 @@ declare class MonitorClient {
     private startFlushTimer;
     private stopFlushTimer;
     syncDependencies(): Promise<void>;
+    /**
+     * Enrich technologies with latest version information from npm registry.
+     * Only runs if versionCheckEnabled is true.
+     */
+    private enrichWithLatestVersions;
     syncTechnologies(technologies: TechnologyItem[]): Promise<void>;
     private readPackageJson;
     private readPackageJsonFromPath;
     private shouldExclude;
+    /**
+     * Fetch the latest version of a package from npm registry.
+     * Returns null if the package cannot be found or the request fails.
+     */
+    private fetchLatestVersion;
+    /**
+     * Fetch latest versions for multiple packages in parallel with concurrency limit.
+     */
+    private fetchLatestVersions;
     private sendTechnologies;
     private sendTechnologiesWithEnvironment;
     /**

package/dist/index.js

@@ -117,6 +117,7 @@ var MonitorClient = class {
     this.autoAudit = config.autoAudit || false;
     this.auditPaths = config.auditPaths;
     this.includeDevDependencies = config.includeDevDependencies ?? false;
+    this.versionCheckEnabled = config.versionCheckEnabled ?? true;
     this.startFlushTimer();
     if (this.trackDependencies) {
       this.syncDependencies().catch((err) => {
@@ -437,17 +438,40 @@ var MonitorClient = class {
         for (const source of this.dependencySources) {
           const technologies = await this.readPackageJsonFromPath(source.path);
           if (technologies.length === 0) continue;
-          await this.sendTechnologiesWithEnvironment(technologies, source.environment);
+          const enrichedTechnologies = await this.enrichWithLatestVersions(technologies);
+          await this.sendTechnologiesWithEnvironment(enrichedTechnologies, source.environment);
         }
       } else {
         const technologies = await this.readPackageJson();
         if (technologies.length === 0) return;
-        await this.sendTechnologies(technologies);
+        const enrichedTechnologies = await this.enrichWithLatestVersions(technologies);
+        await this.sendTechnologies(enrichedTechnologies);
       }
     } catch (err) {
       console.error("[MonitorClient] Failed to sync dependencies:", err);
     }
   }
+  /**
+   * Enrich technologies with latest version information from npm registry.
+   * Only runs if versionCheckEnabled is true.
+   */
+  async enrichWithLatestVersions(technologies) {
+    if (!this.versionCheckEnabled) {
+      return technologies;
+    }
+    try {
+      console.log(`[MonitorClient] Fetching latest versions for ${technologies.length} packages...`);
+      const packageNames = technologies.map((t) => t.name);
+      const latestVersions = await this.fetchLatestVersions(packageNames);
+      return technologies.map((tech) => ({
+        ...tech,
+        latestVersion: latestVersions.get(tech.name) || void 0
+      }));
+    } catch (err) {
+      console.warn("[MonitorClient] Failed to fetch latest versions, continuing without:", err instanceof Error ? err.message : String(err));
+      return technologies;
+    }
+  }
   async syncTechnologies(technologies) {
     await this.sendTechnologies(technologies);
   }
@@ -514,6 +538,44 @@ var MonitorClient = class {
     }
     return false;
   }
+  /**
+   * Fetch the latest version of a package from npm registry.
+   * Returns null if the package cannot be found or the request fails.
+   */
+  async fetchLatestVersion(packageName) {
+    try {
+      const encodedName = encodeURIComponent(packageName).replace("%40", "@");
+      const response = await fetch(`https://registry.npmjs.org/${encodedName}`, {
+        headers: { "Accept": "application/json" },
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (!response.ok) return null;
+      const data = await response.json();
+      return data["dist-tags"]?.latest || null;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Fetch latest versions for multiple packages in parallel with concurrency limit.
+   */
+  async fetchLatestVersions(packageNames) {
+    const results = /* @__PURE__ */ new Map();
+    const concurrencyLimit = 5;
+    for (let i = 0; i < packageNames.length; i += concurrencyLimit) {
+      const batch = packageNames.slice(i, i + concurrencyLimit);
+      const batchResults = await Promise.all(
+        batch.map(async (name) => ({
+          name,
+          version: await this.fetchLatestVersion(name)
+        }))
+      );
+      for (const { name, version } of batchResults) {
+        results.set(name, version);
+      }
+    }
+    return results;
+  }
   async sendTechnologies(technologies) {
     await this.sendTechnologiesWithEnvironment(technologies, this.environment);
   }

package/dist/index.mjs

@@ -81,6 +81,7 @@ var MonitorClient = class {
     this.autoAudit = config.autoAudit || false;
     this.auditPaths = config.auditPaths;
     this.includeDevDependencies = config.includeDevDependencies ?? false;
+    this.versionCheckEnabled = config.versionCheckEnabled ?? true;
     this.startFlushTimer();
     if (this.trackDependencies) {
       this.syncDependencies().catch((err) => {
@@ -401,17 +402,40 @@ var MonitorClient = class {
         for (const source of this.dependencySources) {
           const technologies = await this.readPackageJsonFromPath(source.path);
           if (technologies.length === 0) continue;
-          await this.sendTechnologiesWithEnvironment(technologies, source.environment);
+          const enrichedTechnologies = await this.enrichWithLatestVersions(technologies);
+          await this.sendTechnologiesWithEnvironment(enrichedTechnologies, source.environment);
         }
       } else {
         const technologies = await this.readPackageJson();
         if (technologies.length === 0) return;
-        await this.sendTechnologies(technologies);
+        const enrichedTechnologies = await this.enrichWithLatestVersions(technologies);
+        await this.sendTechnologies(enrichedTechnologies);
       }
     } catch (err) {
       console.error("[MonitorClient] Failed to sync dependencies:", err);
     }
   }
+  /**
+   * Enrich technologies with latest version information from npm registry.
+   * Only runs if versionCheckEnabled is true.
+   */
+  async enrichWithLatestVersions(technologies) {
+    if (!this.versionCheckEnabled) {
+      return technologies;
+    }
+    try {
+      console.log(`[MonitorClient] Fetching latest versions for ${technologies.length} packages...`);
+      const packageNames = technologies.map((t) => t.name);
+      const latestVersions = await this.fetchLatestVersions(packageNames);
+      return technologies.map((tech) => ({
+        ...tech,
+        latestVersion: latestVersions.get(tech.name) || void 0
+      }));
+    } catch (err) {
+      console.warn("[MonitorClient] Failed to fetch latest versions, continuing without:", err instanceof Error ? err.message : String(err));
+      return technologies;
+    }
+  }
   async syncTechnologies(technologies) {
     await this.sendTechnologies(technologies);
   }
@@ -478,6 +502,44 @@ var MonitorClient = class {
     }
     return false;
   }
+  /**
+   * Fetch the latest version of a package from npm registry.
+   * Returns null if the package cannot be found or the request fails.
+   */
+  async fetchLatestVersion(packageName) {
+    try {
+      const encodedName = encodeURIComponent(packageName).replace("%40", "@");
+      const response = await fetch(`https://registry.npmjs.org/${encodedName}`, {
+        headers: { "Accept": "application/json" },
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (!response.ok) return null;
+      const data = await response.json();
+      return data["dist-tags"]?.latest || null;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Fetch latest versions for multiple packages in parallel with concurrency limit.
+   */
+  async fetchLatestVersions(packageNames) {
+    const results = /* @__PURE__ */ new Map();
+    const concurrencyLimit = 5;
+    for (let i = 0; i < packageNames.length; i += concurrencyLimit) {
+      const batch = packageNames.slice(i, i + concurrencyLimit);
+      const batchResults = await Promise.all(
+        batch.map(async (name) => ({
+          name,
+          version: await this.fetchLatestVersion(name)
+        }))
+      );
+      for (const { name, version } of batchResults) {
+        results.set(name, version);
+      }
+    }
+    return results;
+  }
   async sendTechnologies(technologies) {
     await this.sendTechnologiesWithEnvironment(technologies, this.environment);
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ceon-oy/monitor-sdk",
-  "version": "1.0.14",
+  "version": "1.0.15",
   "description": "Client SDK for Ceon Monitor - Error tracking, health monitoring, security events, and vulnerability scanning",
   "author": "Ceon",
   "license": "MIT",