@lateos/npm-scan 0.12.1 → 0.12.3

package/backend/fetch.js

@@ -8,8 +8,21 @@ import { pipeline } from 'stream/promises';
 
 export async function fetchPackage(target, options = {}) {
   const { cacheDir, cacheTTL = 604800, cacheMaxSize = 1000000000 } = options;
+  let name, version;
   
-  // Check cache if enabled
+  if (target.startsWith('@')) {
+    const lastAt = target.lastIndexOf('@');
+    name = target.slice(0, lastAt);
+    version = target.slice(lastAt + 1);
+    if (!version) version = undefined;
+  } else {
+    const idx = target.indexOf('@');
+    name = idx > -1 ? target.slice(0, idx) : target;
+    version = idx > -1 ? target.slice(idx + 1) : undefined;
+  }
+  
+  const endpoint = version ? `/${encodeURIComponent(name)}/${version}` : `/${encodeURIComponent(name)}/latest`;
+
   if (cacheDir) {
     const cached = getFromCache(cacheDir, target, cacheTTL);
     if (cached) {
@@ -18,7 +31,7 @@ export async function fetchPackage(target, options = {}) {
     }
   }
 
-  const metaRes = await fetch(`https://registry.npmjs.org/${target}/latest`);
+  const metaRes = await fetch(`https://registry.npmjs.org${endpoint}`);
   const meta = await metaRes.json();
 
   if (!metaRes.ok || !meta.dist?.tarball) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lateos/npm-scan",
-  "version": "0.12.1",
+  "version": "0.12.3",
   "description": "Modern npm supply chain security scanner — detects obfuscated payloads, credential stealers, conditional triggers, sandbox evasion, and worm-like propagation. 11 attack types, SBOM, NIST/EU CRA compliance reporting.",
   "main": "backend/index.js",
   "bin": {