npm - @dependabit/monitor - Versions diffs - 0.1.1 - Mend

@dependabit/monitor 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

package/CHANGELOG.md +9 -0
package/LICENSE +21 -0
package/README.md +33 -0
package/dist/checkers/github-repo.d.ts +17 -0
package/dist/checkers/github-repo.d.ts.map +1 -0
package/dist/checkers/github-repo.js +115 -0
package/dist/checkers/github-repo.js.map +1 -0
package/dist/checkers/index.d.ts +7 -0
package/dist/checkers/index.d.ts.map +1 -0
package/dist/checkers/index.js +7 -0
package/dist/checkers/index.js.map +1 -0
package/dist/checkers/openapi.d.ts +24 -0
package/dist/checkers/openapi.d.ts.map +1 -0
package/dist/checkers/openapi.js +221 -0
package/dist/checkers/openapi.js.map +1 -0
package/dist/checkers/url-content.d.ts +16 -0
package/dist/checkers/url-content.d.ts.map +1 -0
package/dist/checkers/url-content.js +66 -0
package/dist/checkers/url-content.js.map +1 -0
package/dist/comparator.d.ts +16 -0
package/dist/comparator.d.ts.map +1 -0
package/dist/comparator.js +53 -0
package/dist/comparator.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +12 -0
package/dist/index.js.map +1 -0
package/dist/monitor.d.ts +43 -0
package/dist/monitor.d.ts.map +1 -0
package/dist/monitor.js +85 -0
package/dist/monitor.js.map +1 -0
package/dist/normalizer.d.ts +24 -0
package/dist/normalizer.d.ts.map +1 -0
package/dist/normalizer.js +97 -0
package/dist/normalizer.js.map +1 -0
package/dist/scheduler.d.ts +64 -0
package/dist/scheduler.d.ts.map +1 -0
package/dist/scheduler.js +132 -0
package/dist/scheduler.js.map +1 -0
package/dist/severity.d.ts +22 -0
package/dist/severity.d.ts.map +1 -0
package/dist/severity.js +87 -0
package/dist/severity.js.map +1 -0
package/dist/types.d.ts +36 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/package.json +39 -0
package/src/checkers/github-repo.ts +150 -0
package/src/checkers/index.ts +7 -0
package/src/checkers/openapi.ts +310 -0
package/src/checkers/url-content.ts +78 -0
package/src/comparator.ts +68 -0
package/src/index.ts +20 -0
package/src/monitor.ts +120 -0
package/src/normalizer.ts +122 -0
package/src/scheduler.ts +175 -0
package/src/severity.ts +112 -0
package/src/types.ts +40 -0
package/test/checkers/github-repo.test.ts +124 -0
package/test/checkers/openapi.test.ts +352 -0
package/test/checkers/url-content.test.ts +99 -0
package/test/comparator.test.ts +108 -0
package/test/monitor.test.ts +177 -0
package/test/normalizer.test.ts +66 -0
package/test/scheduler.test.ts +674 -0
package/test/severity.test.ts +122 -0
package/tsconfig.json +10 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/types.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Common types for dependency checkers
+ */
+export interface DependencySnapshot {
+  version?: string | undefined;
+  stateHash: string;
+  fetchedAt: Date;
+  metadata?: Record<string, unknown>;
+}
+export interface ChangeDetection {
+  hasChanged: boolean;
+  changes: string[];
+  oldVersion?: string | undefined;
+  newVersion?: string | undefined;
+  diff?: unknown;
+  severity?: 'breaking' | 'major' | 'minor';
+}
+export interface AccessConfig {
+  url: string;
+  accessMethod: 'github-api' | 'http' | 'openapi' | 'context7' | 'arxiv';
+  auth?: {
+    type: 'token' | 'basic' | 'oauth' | 'none';
+    secret?: string;
+  };
+}
+export interface Checker {
+  /**
+   * Fetches the current state of a dependency
+   */
+  fetch(config: AccessConfig): Promise<DependencySnapshot>;
+  /**
+   * Compares two snapshots to detect changes
+   */
+  compare(prev: DependencySnapshot, curr: DependencySnapshot): Promise<ChangeDetection>;
+}

package/test/checkers/github-repo.test.ts ADDED Viewed

@@ -0,0 +1,124 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { GitHubRepoChecker } from '../../src/checkers/github-repo.js';
+// Mock global fetch
+const mockFetch = vi.fn();
+global.fetch = mockFetch as any;
+describe('GitHubRepoChecker', () => {
+  let checker: GitHubRepoChecker;
+  beforeEach(() => {
+    checker = new GitHubRepoChecker();
+    vi.clearAllMocks();
+    // Default mock response for releases
+    mockFetch.mockResolvedValue({
+      ok: true,
+      status: 200,
+      json: async () => ({
+        tag_name: 'v1.0.0',
+        name: 'Release v1.0.0',
+        published_at: '2024-01-01T00:00:00Z',
+        body: 'Release notes',
+        html_url: 'https://github.com/owner/repo/releases/v1.0.0'
+      })
+    });
+  });
+  describe('fetch', () => {
+    it('should fetch latest release information', async () => {
+      const config = {
+        url: 'https://github.com/owner/repo',
+        accessMethod: 'github-api' as const
+      };
+      const result = await checker.fetch(config);
+      expect(result).toBeDefined();
+      expect(result.version).toBeDefined();
+      expect(result.stateHash).toBeDefined();
+      expect(result.fetchedAt).toBeInstanceOf(Date);
+    });
+    it('should handle repositories without releases', async () => {
+      // Mock 404 response for no releases, then mock commits response
+      mockFetch
+        .mockResolvedValueOnce({
+          ok: false,
+          status: 404
+        })
+        .mockResolvedValueOnce({
+          ok: true,
+          status: 200,
+          json: async () => [
+            {
+              sha: 'abc123def456',
+              commit: {
+                message: 'Latest commit',
+                author: { date: '2024-01-01T00:00:00Z' }
+              }
+            }
+          ]
+        });
+      const config = {
+        url: 'https://github.com/owner/no-releases',
+        accessMethod: 'github-api' as const
+      };
+      const result = await checker.fetch(config);
+      expect(result).toBeDefined();
+      expect(result.version).toBeUndefined();
+    });
+    it('should throw error for invalid GitHub URL', async () => {
+      const config = {
+        url: 'https://example.com/not-github',
+        accessMethod: 'github-api' as const
+      };
+      await expect(checker.fetch(config)).rejects.toThrow();
+    });
+  });
+  describe('compare', () => {
+    it('should detect version changes', async () => {
+      const prev = {
+        version: 'v1.0.0',
+        stateHash: 'hash1',
+        fetchedAt: new Date('2024-01-01')
+      };
+      const curr = {
+        version: 'v1.1.0',
+        stateHash: 'hash2',
+        fetchedAt: new Date('2024-01-02')
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('version');
+    });
+    it('should return no change when versions match', async () => {
+      const prev = {
+        version: 'v1.0.0',
+        stateHash: 'hash1',
+        fetchedAt: new Date('2024-01-01')
+      };
+      const curr = {
+        version: 'v1.0.0',
+        stateHash: 'hash1',
+        fetchedAt: new Date('2024-01-02')
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(false);
+    });
+  });
+});

package/test/checkers/openapi.test.ts ADDED Viewed

@@ -0,0 +1,352 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { OpenAPIChecker } from '../../src/checkers/openapi.js';
+import type { AccessConfig, DependencySnapshot } from '../../src/types.js';
+describe('OpenAPIChecker', () => {
+  let checker: OpenAPIChecker;
+  beforeEach(() => {
+    checker = new OpenAPIChecker();
+  });
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+  describe('fetch', () => {
+    it('should fetch and parse JSON OpenAPI spec', async () => {
+      const mockSpec = {
+        openapi: '3.0.0',
+        info: {
+          title: 'Test API',
+          version: '1.0.0',
+          description: 'A test API'
+        },
+        paths: {
+          '/users': {
+            get: { operationId: 'getUsers' },
+            post: { operationId: 'createUser' }
+          },
+          '/users/{id}': {
+            get: { operationId: 'getUser' },
+            delete: { operationId: 'deleteUser' }
+          }
+        },
+        components: {
+          schemas: {
+            User: { type: 'object' },
+            Error: { type: 'object' }
+          }
+        }
+      };
+      vi.spyOn(global, 'fetch').mockResolvedValue({
+        ok: true,
+        headers: new Headers({ 'content-type': 'application/json' }),
+        text: async () => JSON.stringify(mockSpec)
+      } as Response);
+      const config: AccessConfig = {
+        url: 'https://api.example.com/openapi.json',
+        accessMethod: 'openapi'
+      };
+      const snapshot = await checker.fetch(config);
+      expect(snapshot.version).toBe('1.0.0');
+      expect(snapshot.stateHash).toBeDefined();
+      expect(snapshot.fetchedAt).toBeInstanceOf(Date);
+      expect(snapshot.metadata?.title).toBe('Test API');
+      expect(snapshot.metadata?.endpointCount).toBe(2);
+      expect(snapshot.metadata?.schemaCount).toBe(2);
+    });
+    it('should fetch and parse YAML OpenAPI spec', async () => {
+      const yamlSpec = `
+openapi: '3.0.0'
+info:
+  title: Test API
+  version: '2.0.0'
+paths:
+  /items:
+    get:
+      summary: List items
+    post:
+      summary: Create item
+components:
+  schemas:
+    Item:
+      type: object
+`;
+      vi.spyOn(global, 'fetch').mockResolvedValue({
+        ok: true,
+        headers: new Headers({ 'content-type': 'text/yaml' }),
+        text: async () => yamlSpec
+      } as Response);
+      const config: AccessConfig = {
+        url: 'https://api.example.com/openapi.yaml',
+        accessMethod: 'openapi'
+      };
+      const snapshot = await checker.fetch(config);
+      expect(snapshot.version).toBe('2.0.0');
+      expect(snapshot.metadata?.title).toBe('Test API');
+    });
+    it('should handle authentication token', async () => {
+      const mockSpec = { openapi: '3.0.0', info: { version: '1.0.0' } };
+      const fetchSpy = vi.spyOn(global, 'fetch').mockResolvedValue({
+        ok: true,
+        headers: new Headers({ 'content-type': 'application/json' }),
+        text: async () => JSON.stringify(mockSpec)
+      } as Response);
+      const config: AccessConfig = {
+        url: 'https://api.example.com/openapi.json',
+        accessMethod: 'openapi',
+        auth: {
+          type: 'token',
+          secret: 'test-token'
+        }
+      };
+      await checker.fetch(config);
+      expect(fetchSpy).toHaveBeenCalledWith(
+        'https://api.example.com/openapi.json',
+        expect.objectContaining({
+          headers: expect.objectContaining({
+            Authorization: 'Bearer test-token'
+          })
+        })
+      );
+    });
+    it('should throw error on HTTP failure', async () => {
+      vi.spyOn(global, 'fetch').mockResolvedValue({
+        ok: false,
+        status: 404,
+        statusText: 'Not Found'
+      } as Response);
+      const config: AccessConfig = {
+        url: 'https://api.example.com/openapi.json',
+        accessMethod: 'openapi'
+      };
+      await expect(checker.fetch(config)).rejects.toThrow('HTTP error: 404 Not Found');
+    });
+    it('should throw error on invalid JSON', async () => {
+      vi.spyOn(global, 'fetch').mockResolvedValue({
+        ok: true,
+        headers: new Headers({ 'content-type': 'application/json' }),
+        text: async () => 'invalid json'
+      } as Response);
+      const config: AccessConfig = {
+        url: 'https://api.example.com/openapi.json',
+        accessMethod: 'openapi'
+      };
+      await expect(checker.fetch(config)).rejects.toThrow('Failed to fetch OpenAPI spec');
+    });
+  });
+  describe('compare', () => {
+    it('should detect no changes when specs are identical', async () => {
+      const snapshot: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET', 'POST'] },
+          schemas: { User: {} }
+        }
+      };
+      const result = await checker.compare(snapshot, { ...snapshot });
+      expect(result.hasChanged).toBe(false);
+      expect(result.changes).toHaveLength(0);
+    });
+    it('should detect added endpoints', async () => {
+      const prev: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET'] },
+          schemas: {}
+        }
+      };
+      const curr: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'def456',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET'], '/items': ['GET', 'POST'] },
+          schemas: {}
+        }
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('endpoints_added');
+      expect(result.severity).toBe('minor');
+    });
+    it('should detect removed endpoints as breaking change', async () => {
+      const prev: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET'], '/items': ['GET'] },
+          schemas: {}
+        }
+      };
+      const curr: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'def456',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET'] },
+          schemas: {}
+        }
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('endpoints_removed');
+      expect(result.severity).toBe('breaking');
+    });
+    it('should detect modified endpoints as major change', async () => {
+      const prev: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET', 'POST'] },
+          schemas: {}
+        }
+      };
+      const curr: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'def456',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET', 'POST', 'PUT'] },
+          schemas: {}
+        }
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('endpoints_modified');
+      expect(result.severity).toBe('major');
+    });
+    it('should detect removed schemas as breaking change', async () => {
+      const prev: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: {},
+          schemas: { User: {}, Item: {} }
+        }
+      };
+      const curr: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'def456',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: {},
+          schemas: { User: {} }
+        }
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('schemas_removed');
+      expect(result.severity).toBe('breaking');
+    });
+    it('should detect version changes', async () => {
+      const prev: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: {},
+          schemas: {}
+        }
+      };
+      const curr: DependencySnapshot = {
+        version: '2.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: {},
+          schemas: {}
+        }
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('version');
+      expect(result.oldVersion).toBe('1.0.0');
+      expect(result.newVersion).toBe('2.0.0');
+    });
+    it('should include diff details', async () => {
+      const prev: DependencySnapshot = {
+        version: '1.0.0',
+        stateHash: 'abc123',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET'] },
+          schemas: { User: {} }
+        }
+      };
+      const curr: DependencySnapshot = {
+        version: '2.0.0',
+        stateHash: 'def456',
+        fetchedAt: new Date(),
+        metadata: {
+          endpoints: { '/users': ['GET'], '/items': ['POST'] },
+          schemas: { User: {}, Item: {} }
+        }
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.diff).toBeDefined();
+      const diff = result.diff as {
+        addedEndpoints: string[];
+        addedSchemas: string[];
+        versionChanged: boolean;
+      };
+      expect(diff.addedEndpoints).toContain('/items');
+      expect(diff.addedSchemas).toContain('Item');
+      expect(diff.versionChanged).toBe(true);
+    });
+  });
+});

package/test/checkers/url-content.test.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { URLContentChecker } from '../../src/checkers/url-content.js';
+// Mock global fetch
+const mockFetch = vi.fn();
+global.fetch = mockFetch as any;
+describe('URLContentChecker', () => {
+  let checker: URLContentChecker;
+  beforeEach(() => {
+    checker = new URLContentChecker();
+    vi.clearAllMocks();
+    // Default mock response for HTTP content
+    mockFetch.mockResolvedValue({
+      ok: true,
+      status: 200,
+      headers: {
+        get: (name: string) => (name === 'content-type' ? 'text/html' : null)
+      },
+      text: async () => '<html><body>Test content</body></html>'
+    });
+  });
+  describe('fetch', () => {
+    it('should fetch and hash URL content', async () => {
+      const config = {
+        url: 'https://example.com/docs',
+        accessMethod: 'http' as const
+      };
+      const result = await checker.fetch(config);
+      expect(result).toBeDefined();
+      expect(result.stateHash).toBeDefined();
+      expect(result.stateHash).toMatch(/^[a-f0-9]{64}$/); // SHA256 hex
+      expect(result.fetchedAt).toBeInstanceOf(Date);
+    });
+    it('should normalize HTML before hashing', async () => {
+      const config = {
+        url: 'https://example.com/docs',
+        accessMethod: 'http' as const
+      };
+      const result = await checker.fetch(config);
+      // Should produce consistent hash after normalization
+      expect(result.stateHash).toBeDefined();
+    });
+    it('should throw error for unreachable URLs', async () => {
+      mockFetch.mockRejectedValue(new Error('Network error'));
+      const config = {
+        url: 'https://invalid-url-that-does-not-exist.com',
+        accessMethod: 'http' as const
+      };
+      await expect(checker.fetch(config)).rejects.toThrow();
+    });
+  });
+  describe('compare', () => {
+    it('should detect content changes via hash difference', async () => {
+      const prev = {
+        stateHash: 'abc123def456',
+        fetchedAt: new Date('2024-01-01')
+      };
+      const curr = {
+        stateHash: 'xyz789uvw012',
+        fetchedAt: new Date('2024-01-02')
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(true);
+      expect(result.changes).toContain('content');
+    });
+    it('should return no change when hashes match', async () => {
+      const prev = {
+        stateHash: 'abc123def456',
+        fetchedAt: new Date('2024-01-01')
+      };
+      const curr = {
+        stateHash: 'abc123def456',
+        fetchedAt: new Date('2024-01-02')
+      };
+      const result = await checker.compare(prev, curr);
+      expect(result.hasChanged).toBe(false);
+    });
+  });
+});