@dependabit/github-client 0.1.1

package/dist/releases.js

@@ -0,0 +1,113 @@
+/**
+ * Release Manager
+ * Handles fetching and comparing GitHub releases
+ */
+import { Octokit } from 'octokit';
+export class ReleaseManager {
+    octokit;
+    constructor(auth) {
+        this.octokit = new Octokit({
+            auth: auth || process.env['GITHUB_TOKEN']
+        });
+    }
+    /**
+     * Fetches the latest release from a repository
+     */
+    async getLatestRelease(params) {
+        const { owner, repo } = params;
+        try {
+            const response = await this.octokit.rest.repos.getLatestRelease({
+                owner,
+                repo
+            });
+            return {
+                tagName: response.data.tag_name,
+                name: response.data.name || response.data.tag_name,
+                publishedAt: new Date(response.data.published_at || response.data.created_at),
+                body: response.data.body || undefined,
+                htmlUrl: response.data.html_url,
+                prerelease: response.data.prerelease,
+                draft: response.data.draft
+            };
+        }
+        catch (error) {
+            if (error.status === 404) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    /**
+     * Fetches all releases from a repository
+     */
+    async getAllReleases(params) {
+        const { owner, repo, page = 1, perPage = 30 } = params;
+        try {
+            const response = await this.octokit.rest.repos.listReleases({
+                owner,
+                repo,
+                page,
+                per_page: perPage
+            });
+            return response.data.map((release) => ({
+                tagName: release.tag_name,
+                name: release.name || release.tag_name,
+                publishedAt: new Date(release.published_at || release.created_at),
+                body: release.body || undefined,
+                htmlUrl: release.html_url,
+                prerelease: release.prerelease,
+                draft: release.draft
+            }));
+        }
+        catch (error) {
+            if (error.status === 404) {
+                return [];
+            }
+            throw error;
+        }
+    }
+    /**
+     * Compares two sets of releases to find new ones
+     */
+    compareReleases(oldReleases, newReleases) {
+        const oldTags = new Set(oldReleases.map((r) => r.tagName));
+        const newTags = new Set(newReleases.map((r) => r.tagName));
+        // Find releases in new but not in old
+        const newOnes = newReleases.filter((r) => !oldTags.has(r.tagName));
+        // Find releases in old but not in new (removed/deleted)
+        const oldOnes = oldReleases.filter((r) => !newTags.has(r.tagName));
+        return {
+            newReleases: newOnes,
+            oldReleases: oldOnes
+        };
+    }
+    /**
+     * Fetches release notes for a specific tag
+     */
+    async getReleaseByTag(params) {
+        const { owner, repo, tag } = params;
+        try {
+            const response = await this.octokit.rest.repos.getReleaseByTag({
+                owner,
+                repo,
+                tag
+            });
+            return {
+                tagName: response.data.tag_name,
+                name: response.data.name || response.data.tag_name,
+                publishedAt: new Date(response.data.published_at || response.data.created_at),
+                body: response.data.body || undefined,
+                htmlUrl: response.data.html_url,
+                prerelease: response.data.prerelease,
+                draft: response.data.draft
+            };
+        }
+        catch (error) {
+            if (error.status === 404) {
+                return null;
+            }
+            throw error;
+        }
+    }
+}
+//# sourceMappingURL=releases.js.map

package/dist/releases.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"releases.js","sourceRoot":"","sources":["../src/releases.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAiBlC,MAAM,OAAO,cAAc;IACjB,OAAO,CAAU;IAEzB,YAAY,IAAa,EAAE;QACzB,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC;YACzB,IAAI,EAAE,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;SAC1C,CAAC,CAAC;IAAA,CACJ;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAuC,EAA2B;QACvF,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC;gBAC9D,KAAK;gBACL,IAAI;aACL,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ;gBAC/B,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ;gBAClD,WAAW,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC;gBAC7E,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,SAAS;gBACrC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ;gBAC/B,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,UAAU;gBACpC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK;aAC3B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA6B,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IAAA,CACF;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,MAKpB,EAAsB;QACrB,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,EAAE,OAAO,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;gBAC1D,KAAK;gBACL,IAAI;gBACJ,IAAI;gBACJ,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACrC,OAAO,EAAE,OAAO,CAAC,QAAQ;gBACzB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ;gBACtC,WAAW,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,UAAU,CAAC;gBACjE,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,SAAS;gBAC/B,OAAO,EAAE,OAAO,CAAC,QAAQ;gBACzB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA6B,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClD,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IAAA,CACF;IAED;;OAEG;IACH,eAAe,CAAC,WAAsB,EAAE,WAAsB,EAAqB;QACjF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAE3D,sCAAsC;QACtC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAEnE,wDAAwD;QACxD,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAEnE,OAAO;YACL,WAAW,EAAE,OAAO;YACpB,WAAW,EAAE,OAAO;SACrB,CAAC;IAAA,CACH;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,MAIrB,EAA2B;QAC1B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC;gBAC7D,KAAK;gBACL,IAAI;gBACJ,GAAG;aACJ,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ;gBAC/B,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,QAAQ;gBAClD,WAAW,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC;gBAC7E,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,SAAS;gBACrC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ;gBAC/B,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,UAAU;gBACpC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK;aAC3B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA6B,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IAAA,CACF;CACF"}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@dependabit/github-client",
+  "version": "0.1.1",
+  "description": "GitHub API wrapper with rate limiting and authentication",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "dependencies": {
+    "@actions/github": "^9.0.0",
+    "octokit": "^5.0.5",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/node": "^25.2.2",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "keywords": [
+    "github",
+    "api",
+    "client"
+  ],
+  "license": "MIT",
+  "scripts": {
+    "build": "tsgo -p tsconfig.json",
+    "clean": "rm -rf dist",
+    "dev": "tsx watch src/index.ts",
+    "type-check": "tsgo --noEmit -p tsconfig.json",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  }
+}

package/src/auth/basic.ts

@@ -0,0 +1,102 @@
+/**
+ * Basic authentication handler for GitHub API
+ * Supports username/password or username/personal access token
+ */
+
+export interface BasicAuth {
+  type: 'basic';
+  username: string;
+  password: string;
+}
+
+/**
+ * Handler for HTTP Basic authentication
+ */
+export class BasicAuthHandler {
+  private username: string;
+  private password: string;
+
+  constructor(username: string, password: string) {
+    if (!username || username.trim() === '') {
+      throw new Error('Username cannot be empty');
+    }
+    if (!password || password.trim() === '') {
+      throw new Error('Password cannot be empty');
+    }
+    this.username = username;
+    this.password = password;
+  }
+
+  /**
+   * Authenticate and return auth object
+   */
+  async authenticate(): Promise<BasicAuth> {
+    return {
+      type: 'basic',
+      username: this.username,
+      password: this.password
+    };
+  }
+
+  /**
+   * Get base64-encoded Basic auth header value
+   */
+  getAuthHeader(): string {
+    const credentials = `${this.username}:${this.password}`;
+    const encoded = Buffer.from(credentials).toString('base64');
+    return `Basic ${encoded}`;
+  }
+
+  /**
+   * Validate credentials format
+   */
+  validate(): boolean {
+    // Check for invalid characters (newlines, etc.)
+    if (this.username.includes('\n') || this.username.includes('\r')) {
+      return false;
+    }
+    if (this.password.includes('\n') || this.password.includes('\r')) {
+      return false;
+    }
+    return true;
+  }
+
+  /**
+   * Get authentication type
+   */
+  getType(): string {
+    return 'basic';
+  }
+
+  /**
+   * Update credentials (for rotation)
+   */
+  updateCredentials(username: string, password: string): void {
+    if (!username || username.trim() === '') {
+      throw new Error('Username cannot be empty');
+    }
+    if (!password || password.trim() === '') {
+      throw new Error('Password cannot be empty');
+    }
+    this.username = username;
+    this.password = password;
+  }
+
+  /**
+   * String representation (masks password)
+   */
+  toString(): string {
+    return `BasicAuth(username=${this.username}, password=***)`;
+  }
+
+  /**
+   * JSON representation (excludes password)
+   */
+  toJSON(): Record<string, unknown> {
+    return {
+      type: 'basic',
+      username: this.username
+      // password intentionally excluded
+    };
+  }
+}

package/src/auth/oauth.ts

@@ -0,0 +1,183 @@
+/**
+ * OAuth 2.0 authentication handler for GitHub
+ * Supports authorization code flow and token refresh
+ */
+
+export interface OAuthConfig {
+  clientId: string;
+  clientSecret: string;
+  redirectUri: string;
+}
+
+export interface OAuthAuth {
+  type: 'oauth';
+  token: string;
+  tokenType: string;
+  scope?: string | undefined;
+  expiresIn?: number | undefined;
+  refreshToken?: string | undefined;
+}
+
+interface TokenResponse {
+  access_token: string;
+  token_type: string;
+  scope?: string;
+  expires_in?: number;
+  refresh_token?: string;
+}
+
+/**
+ * Handler for OAuth 2.0 authentication
+ */
+export class OAuthHandler {
+  private config: OAuthConfig;
+  private readonly GITHUB_OAUTH_URL = 'https://github.com/login/oauth';
+
+  constructor(config: OAuthConfig) {
+    if (!config.clientId || config.clientId.trim() === '') {
+      throw new Error('clientId is required');
+    }
+    if (!config.clientSecret || config.clientSecret.trim() === '') {
+      throw new Error('clientSecret is required');
+    }
+    this.config = config;
+  }
+
+  /**
+   * Exchange authorization code for access token
+   */
+  async authenticate(code: string): Promise<OAuthAuth> {
+    if (!code || code.trim() === '') {
+      throw new Error('Authorization code is required');
+    }
+
+    const tokenResponse = await this.exchangeCodeForToken(code);
+
+    return {
+      type: 'oauth',
+      token: tokenResponse.access_token,
+      tokenType: tokenResponse.token_type,
+      scope: tokenResponse.scope,
+      expiresIn: tokenResponse.expires_in,
+      refreshToken: tokenResponse.refresh_token
+    };
+  }
+
+  /**
+   * Generate authorization URL for OAuth flow
+   */
+  getAuthorizationUrl(scopes: string[], state?: string): string {
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      redirect_uri: this.config.redirectUri,
+      scope: scopes.join(' ')
+    });
+
+    if (state) {
+      params.append('state', state);
+    }
+
+    return `${this.GITHUB_OAUTH_URL}/authorize?${params.toString()}`;
+  }
+
+  /**
+   * Refresh an expired access token
+   */
+  async refreshToken(refreshToken: string): Promise<OAuthAuth> {
+    if (!refreshToken || refreshToken.trim() === '') {
+      throw new Error('Refresh token is required');
+    }
+
+    const tokenResponse = await this.performTokenRefresh(refreshToken);
+
+    return {
+      type: 'oauth',
+      token: tokenResponse.access_token,
+      tokenType: tokenResponse.token_type,
+      scope: tokenResponse.scope,
+      expiresIn: tokenResponse.expires_in
+    };
+  }
+
+  /**
+   * Validate OAuth configuration
+   */
+  validate(): boolean {
+    try {
+      // Validate redirect URI format
+      new URL(this.config.redirectUri);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Get authentication type
+   */
+  getType(): string {
+    return 'oauth';
+  }
+
+  /**
+   * Exchange authorization code for token (internal)
+   */
+  private async exchangeCodeForToken(code: string): Promise<TokenResponse> {
+    const response = await fetch(`${this.GITHUB_OAUTH_URL}/access_token`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Accept: 'application/json'
+      },
+      body: JSON.stringify({
+        client_id: this.config.clientId,
+        client_secret: this.config.clientSecret,
+        code: code,
+        redirect_uri: this.config.redirectUri
+      })
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to exchange code for token: ${response.statusText}`);
+    }
+
+    const data = await response.json();
+
+    if (data.error) {
+      throw new Error(data.error_description || data.error);
+    }
+
+    return data;
+  }
+
+  /**
+   * Perform token refresh (internal)
+   */
+  private async performTokenRefresh(refreshToken: string): Promise<TokenResponse> {
+    const response = await fetch(`${this.GITHUB_OAUTH_URL}/access_token`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Accept: 'application/json'
+      },
+      body: JSON.stringify({
+        client_id: this.config.clientId,
+        client_secret: this.config.clientSecret,
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken
+      })
+    });
+
+    if (!response.ok) {
+      throw new Error(`Failed to refresh token: ${response.statusText}`);
+    }
+
+    const data = await response.json();
+
+    if (data.error) {
+      throw new Error(data.error_description || data.error);
+    }
+
+    return data;
+  }
+}

package/src/auth/token.ts

@@ -0,0 +1,81 @@
+/**
+ * Token authentication handler for GitHub API
+ * Supports GitHub PAT tokens, fine-grained tokens, and API keys
+ */
+
+export interface TokenAuth {
+  type: 'token';
+  token: string;
+}
+
+/**
+ * Handler for token-based authentication (GitHub PAT, API keys)
+ */
+export class TokenAuthHandler {
+  private token: string;
+  private readonly GITHUB_TOKEN_PREFIXES = [
+    'ghp_', // Personal Access Token
+    'gho_', // OAuth Access Token
+    'ghu_', // User-to-Server Token
+    'ghs_', // Server-to-Server Token
+    'ghr_', // Refresh Token
+    'github_pat_' // Fine-grained PAT
+  ];
+
+  constructor(token: string) {
+    if (!token || token.trim() === '') {
+      throw new Error('Token cannot be empty');
+    }
+    this.token = token;
+  }
+
+  /**
+   * Authenticate and return auth object
+   */
+  async authenticate(): Promise<TokenAuth> {
+    return {
+      type: 'token',
+      token: this.token
+    };
+  }
+
+  /**
+   * Validate token format
+   */
+  validate(): boolean {
+    // Check if token starts with valid GitHub prefix or is an API key
+    const hasValidPrefix = this.GITHUB_TOKEN_PREFIXES.some((prefix) =>
+      this.token.startsWith(prefix)
+    );
+
+    // Allow any token format, but prefer GitHub token prefixes
+    return hasValidPrefix || this.token.length > 0;
+  }
+
+  /**
+   * Get authentication type
+   */
+  getType(): string {
+    return 'token';
+  }
+
+  /**
+   * Update token (for rotation)
+   */
+  updateToken(newToken: string): void {
+    if (!newToken || newToken.trim() === '') {
+      throw new Error('Token cannot be empty');
+    }
+    this.token = newToken;
+  }
+
+  /**
+   * Get current token
+   *
+   * @warning This method exposes the raw token value. Use with caution and avoid
+   * logging or displaying the token. Prefer using authenticate() for auth operations.
+   */
+  getToken(): string {
+    return this.token;
+  }
+}

package/src/auth.ts

@@ -0,0 +1,100 @@
+/**
+ * Authentication support for GitHub API client
+ * Provides token, OAuth, and basic authentication methods
+ */
+
+import { TokenAuthHandler, type TokenAuth } from './auth/token';
+import { OAuthHandler, type OAuthAuth, type OAuthConfig } from './auth/oauth';
+import { BasicAuthHandler, type BasicAuth } from './auth/basic';
+
+export type AuthType = 'token' | 'oauth' | 'basic';
+export type AuthResult = TokenAuth | OAuthAuth | BasicAuth;
+
+export interface AuthConfig {
+  type: AuthType;
+  token?: string;
+  oauth?: OAuthConfig;
+  username?: string;
+  password?: string;
+}
+
+/**
+ * Authentication manager that supports multiple auth methods
+ */
+export class AuthManager {
+  private handler: TokenAuthHandler | OAuthHandler | BasicAuthHandler;
+
+  constructor(config: AuthConfig) {
+    switch (config.type) {
+      case 'token':
+        if (!config.token) {
+          throw new Error('Token is required for token authentication');
+        }
+        this.handler = new TokenAuthHandler(config.token);
+        break;
+
+      case 'oauth':
+        if (!config.oauth) {
+          throw new Error('OAuth config is required for OAuth authentication');
+        }
+        this.handler = new OAuthHandler(config.oauth);
+        break;
+
+      case 'basic':
+        if (!config.username || !config.password) {
+          throw new Error('Username and password are required for basic authentication');
+        }
+        this.handler = new BasicAuthHandler(config.username, config.password);
+        break;
+
+      default:
+        throw new Error(`Unsupported authentication type: ${config.type}`);
+    }
+  }
+
+  /**
+   * Perform authentication
+   */
+  async authenticate(code?: string): Promise<AuthResult> {
+    if (this.handler instanceof OAuthHandler && code) {
+      return this.handler.authenticate(code);
+    }
+    if (this.handler instanceof TokenAuthHandler || this.handler instanceof BasicAuthHandler) {
+      return this.handler.authenticate();
+    }
+    throw new Error('Invalid authentication flow');
+  }
+
+  /**
+   * Validate authentication configuration
+   */
+  validate(): boolean {
+    return this.handler.validate();
+  }
+
+  /**
+   * Get authentication type
+   */
+  getType(): string {
+    return this.handler.getType();
+  }
+
+  /**
+   * Get underlying handler
+   */
+  getHandler(): TokenAuthHandler | OAuthHandler | BasicAuthHandler {
+    return this.handler;
+  }
+}
+
+/**
+ * Create authentication manager from config
+ */
+export function createAuth(config: AuthConfig): AuthManager {
+  return new AuthManager(config);
+}
+
+// Re-export handler classes and types
+export { TokenAuthHandler, type TokenAuth } from './auth/token';
+export { OAuthHandler, type OAuthAuth, type OAuthConfig } from './auth/oauth';
+export { BasicAuthHandler, type BasicAuth } from './auth/basic';