@nekzus/mcp-server 1.11.8 → 1.12.33

package/dist/index.js

@@ -48,7 +48,7 @@ export const NpmMaintainerSchema = z
     email: z.string().optional(),
     url: z.string().optional(),
 })
-    .passthrough();
+    .loose();
 export const NpmPackageVersionSchema = z
     .object({
     name: z.string(),
@@ -63,7 +63,7 @@ export const NpmPackageVersionSchema = z
             email: z.string().optional(),
             url: z.string().optional(),
         })
-            .passthrough(),
+            .loose(),
     ])
         .optional(),
     license: z.string().optional(),
@@ -72,60 +72,60 @@ export const NpmPackageVersionSchema = z
         type: z.string().optional(),
         url: z.string().optional(),
     })
-        .passthrough()
+        .loose()
         .optional(),
     bugs: z
         .object({
         url: z.string().optional(),
     })
-        .passthrough()
+        .loose()
         .optional(),
     homepage: z.string().optional(),
-    dependencies: z.record(z.string()).optional(),
-    devDependencies: z.record(z.string()).optional(),
-    peerDependencies: z.record(z.string()).optional(),
+    dependencies: z.record(z.string(), z.string()).optional(),
+    devDependencies: z.record(z.string(), z.string()).optional(),
+    peerDependencies: z.record(z.string(), z.string()).optional(),
     types: z.string().optional(),
     typings: z.string().optional(),
     dist: z
         .object({ shasum: z.string().optional(), tarball: z.string().optional() })
-        .passthrough()
+        .loose()
         .optional(),
 })
-    .passthrough();
+    .loose();
 export const NpmPackageInfoSchema = z
     .object({
     name: z.string(),
-    'dist-tags': z.record(z.string()),
-    versions: z.record(NpmPackageVersionSchema),
-    time: z.record(z.string()).optional(),
+    'dist-tags': z.record(z.string(), z.string()),
+    versions: z.record(z.string(), NpmPackageVersionSchema),
+    time: z.record(z.string(), z.string()).optional(),
     repository: z
         .object({
         type: z.string().optional(),
         url: z.string().optional(),
     })
-        .passthrough()
+        .loose()
         .optional(),
     bugs: z
         .object({
         url: z.string().optional(),
     })
-        .passthrough()
+        .loose()
         .optional(),
     homepage: z.string().optional(),
     maintainers: z.array(NpmMaintainerSchema).optional(),
 })
-    .passthrough();
+    .loose();
 export const NpmPackageDataSchema = z.object({
     name: z.string(),
     version: z.string(),
     description: z.string().optional(),
     license: z.string().optional(),
-    dependencies: z.record(z.string()).optional(),
-    devDependencies: z.record(z.string()).optional(),
-    peerDependencies: z.record(z.string()).optional(),
+    dependencies: z.record(z.string(), z.string()).optional(),
+    devDependencies: z.record(z.string(), z.string()).optional(),
+    peerDependencies: z.record(z.string(), z.string()).optional(),
     types: z.string().optional(),
     typings: z.string().optional(),
-});
+}).loose();
 export const BundlephobiaDataSchema = z.object({
     size: z.number(),
     gzip: z.number(),
@@ -231,7 +231,7 @@ export const NpmSearchResultSchema = z
     })),
     total: z.number(), // total is a sibling of objects
 })
-    .passthrough();
+    .loose();
 // Logger function that uses stderr - only for critical errors
 const log = (...args) => {
     // Filter out server status messages
@@ -257,9 +257,15 @@ function isNpmPackageInfo(data) {
 }
 function isNpmPackageData(data) {
     try {
-        return NpmPackageDataSchema.parse(data) !== null;
+        // Use safeParse to get error details
+        const result = NpmPackageDataSchema.safeParse(data);
+        if (!result.success) {
+            console.error('isNpmPackageData validation failed:', JSON.stringify(result.error.issues, null, 2));
+        }
+        return result.success;
     }
-    catch {
+    catch (e) {
+        console.error('isNpmPackageData threw exception:', e);
         return false;
     }
 }
@@ -273,7 +279,11 @@ function isBundlephobiaData(data) {
 }
 function isNpmDownloadsData(data) {
     try {
-        return NpmDownloadsDataSchema.parse(data) !== null;
+        const result = NpmDownloadsDataSchema.safeParse(data);
+        if (!result.success) {
+            console.error('isNpmDownloadsData validation failed:', JSON.stringify(result.error.issues, null, 2));
+        }
+        return result.success;
     }
     catch {
         return false;
@@ -909,15 +919,67 @@ export async function handleNpmSize(args) {
         };
     }
 }
+// Helper to detect dependencies
+async function getPackageDependencies(pkgName, version) {
+    try {
+        const response = await fetch(`https://registry.npmjs.org/${pkgName}/${version}`, {
+            headers: { Accept: 'application/json', 'User-Agent': 'NPM-Sentinel-MCP' },
+        });
+        if (!response.ok)
+            return { dependencies: {}, devDependencies: {} };
+        const data = (await response.json());
+        return {
+            dependencies: data.dependencies || {},
+            devDependencies: data.devDependencies || {},
+        };
+    }
+    catch (error) {
+        console.error(`Error fetching dependencies for ${pkgName}:`, error);
+        return { dependencies: {}, devDependencies: {} };
+    }
+}
 export async function handleNpmVulnerabilities(args) {
     try {
         const packagesToProcess = args.packages || [];
         if (packagesToProcess.length === 0) {
             throw new Error('No package names provided');
         }
-        const processedResults = await Promise.all(packagesToProcess.map(async (pkgInput) => {
+        // Prepare batch query, checking cache first
+        const finalBatchQueries = [];
+        const packageMap = new Map();
+        const cachedResultsMap = new Map();
+        const addToQuery = (name, releaseVersion, isDep) => {
+            const version = releaseVersion === 'latest' ? undefined : releaseVersion;
+            const key = `${name}@${version || 'latest'}`;
+            if (packageMap.has(key))
+                return; // Already requested/processed
+            // Check Cache
+            const cacheKey = generateCacheKey('handleNpmVulnerabilities', name, version || 'all');
+            const cachedData = cacheGet(cacheKey);
+            if (cachedData) {
+                // Store cached result directly using the same structure as we will build later
+                cachedResultsMap.set(key, {
+                    package: `${name}${version ? `@${version}` : ''}`,
+                    isDependency: isDep,
+                    vulnerabilities: cachedData.vulnerabilities,
+                    count: cachedData.vulnerabilities.length,
+                    status: cachedData.vulnerabilities.length > 0 ? 'vulnerable' : 'secure',
+                    source: 'cache'
+                });
+                packageMap.set(key, { name, version, isDependency: isDep });
+            }
+            else {
+                // Not in cache, add to API query
+                packageMap.set(key, { name, version, isDependency: isDep });
+                finalBatchQueries.push({
+                    package: { name, ecosystem: 'npm' },
+                    version: version === 'latest' ? undefined : version,
+                });
+            }
+        };
+        await Promise.all(packagesToProcess.map(async (pkgInput) => {
             let name = '';
-            let version = undefined;
+            let version = 'latest';
             if (typeof pkgInput === 'string') {
                 const atIdx = pkgInput.lastIndexOf('@');
                 if (atIdx > 0) {
@@ -928,142 +990,94 @@ export async function handleNpmVulnerabilities(args) {
                     name = pkgInput;
                 }
             }
-            else if (typeof pkgInput === 'object' && pkgInput !== null) {
-                name = pkgInput.name;
-                version = pkgInput.version;
-            }
-            const packageNameForOutput = version ? `${name}@${version}` : name;
-            const cacheKey = generateCacheKey('handleNpmVulnerabilities', name, version || 'all');
-            const cachedData = cacheGet(cacheKey);
-            if (cachedData) {
-                return {
-                    package: packageNameForOutput,
-                    versionQueried: version || null,
-                    status: 'success_cache',
-                    vulnerabilities: cachedData.vulnerabilities,
-                    message: `${cachedData.message} (from cache)`,
-                };
-            }
-            const osvBody = {
-                package: {
-                    name,
-                    ecosystem: 'npm',
-                },
-            };
-            if (version) {
-                osvBody.version = version;
+            else {
+                return; // Skip invalid
+            }
+            // Add main package
+            addToQuery(name, version, false);
+            // Add dependencies (only if version specified)
+            if (version !== 'latest') {
+                const { dependencies } = await getPackageDependencies(name, version);
+                for (const [depName, depVersion] of Object.entries(dependencies)) {
+                    const cleanVersion = depVersion.replace(/[\^~]/g, '');
+                    if (/^\d+\.\d+\.\d+/.test(cleanVersion)) {
+                        addToQuery(depName, cleanVersion, true);
+                    }
+                }
             }
-            const response = await fetch('https://api.osv.dev/v1/query', {
+        }));
+        let apiResults = [];
+        if (finalBatchQueries.length > 0) {
+            // Perform Batch API call to OSV for non-cached items
+            const response = await fetch('https://api.osv.dev/v1/querybatch', {
                 method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                },
-                body: JSON.stringify(osvBody),
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ queries: finalBatchQueries }),
             });
-            const queryVersionSpecified = !!version;
             if (!response.ok) {
-                const errorResult = {
-                    package: packageNameForOutput,
-                    versionQueried: version || null,
-                    status: 'error',
-                    error: `OSV API Error: ${response.statusText}`,
-                    vulnerabilities: [],
-                };
-                // Do not cache error responses from OSV API as they might be temporary
-                return errorResult;
-            }
-            const data = (await response.json());
-            const vulns = data.vulns || [];
-            let message;
-            if (vulns.length === 0) {
-                message = `No known vulnerabilities found${queryVersionSpecified ? ' for the specified version' : ''}.`;
-            }
-            else {
-                message = `${vulns.length} vulnerability(ies) found${queryVersionSpecified ? ' for the specified version' : ''}.`;
+                throw new Error(`OSV Batch API Error: ${response.status} ${response.statusText}`);
             }
+            const batchData = (await response.json());
+            apiResults = batchData.results || [];
+        }
+        // Reconstruct all results (Cache + API)
+        // We iterate over the packageMap to maintain order essentially, or we reconstruct based on what we see
+        // Since map iteration order is insertion order, we can use that to return results generally in order of discovery
+        // Map API results back to their query keys to merge easily
+        const apiResultsMap = new Map();
+        finalBatchQueries.forEach((query, index) => {
+            const vulns = apiResults[index]?.vulns || [];
+            const pkgName = query.package.name;
+            const pkgVersion = query.version;
+            const key = `${pkgName}@${pkgVersion || 'latest'}`;
+            apiResultsMap.set(key, vulns);
+        });
+        const processedResults = [];
+        for (const [key, info] of packageMap.entries()) {
+            if (cachedResultsMap.has(key)) {
+                processedResults.push(cachedResultsMap.get(key));
+                continue;
+            }
+            // Process API result
+            const vulns = apiResultsMap.get(key) || [];
             const processedVulns = vulns.map((vuln) => {
-                const sev = typeof vuln.severity === 'object'
-                    ? vuln.severity.type || 'Unknown'
-                    : vuln.severity || 'Unknown';
+                const sev = typeof vuln.severity === 'object' ? vuln.severity.type || 'Unknown' : vuln.severity || 'Unknown';
                 const refs = vuln.references ? vuln.references.map((r) => r.url) : [];
-                const affectedRanges = [];
-                const affectedVersionsListed = [];
                 const vulnerabilityDetails = {
-                    summary: vuln.summary,
+                    id: vuln.id,
+                    summary: vuln.summary || 'No summary available',
                     severity: sev,
                     references: refs,
+                    aliases: vuln.aliases || [],
+                    modified: vuln.modified,
+                    published: vuln.published,
                 };
-                if (vuln.affected && vuln.affected.length > 0) {
-                    const lifecycle = {};
-                    const firstAffectedEvents = vuln.affected[0]?.ranges?.[0]?.events;
-                    if (firstAffectedEvents) {
-                        const introducedEvent = firstAffectedEvents.find((e) => e.introduced);
-                        const fixedEvent = firstAffectedEvents.find((e) => e.fixed);
-                        if (introducedEvent?.introduced)
-                            lifecycle.introduced = introducedEvent.introduced;
-                        if (fixedEvent?.fixed)
-                            lifecycle.fixed = fixedEvent.fixed;
-                    }
-                    if (Object.keys(lifecycle).length > 0) {
-                        vulnerabilityDetails.lifecycle = lifecycle;
-                        if (queryVersionSpecified && version && lifecycle.fixed) {
-                            const queriedParts = version.split('.').map(Number);
-                            const fixedParts = lifecycle.fixed.split('.').map(Number);
-                            let isFixedDecision = false;
-                            const maxLength = Math.max(queriedParts.length, fixedParts.length);
-                            for (let i = 0; i < maxLength; i++) {
-                                const qp = queriedParts[i] || 0;
-                                const fp = fixedParts[i] || 0;
-                                if (fp < qp) {
-                                    isFixedDecision = true;
-                                    break;
-                                }
-                                if (fp > qp) {
-                                    isFixedDecision = false;
-                                    break;
-                                }
-                                if (i === maxLength - 1) {
-                                    isFixedDecision = fixedParts.length <= queriedParts.length;
-                                }
-                            }
-                            vulnerabilityDetails.isFixedInQueriedVersion = isFixedDecision;
-                        }
-                    }
-                }
-                if (!queryVersionSpecified && vuln.affected) {
-                    for (const aff of vuln.affected) {
-                        if (aff.ranges) {
-                            for (const range of aff.ranges) {
-                                affectedRanges.push({ type: range.type, events: range.events });
-                            }
-                        }
-                        if (aff.versions && aff.versions.length > 0) {
-                            affectedVersionsListed.push(...aff.versions);
-                        }
-                    }
-                    if (affectedRanges.length > 0) {
-                        vulnerabilityDetails.affectedRanges = affectedRanges;
-                    }
-                    if (affectedVersionsListed.length > 0) {
-                        vulnerabilityDetails.affectedVersionsListed = affectedVersionsListed;
-                    }
-                }
+                if (vuln.affected)
+                    vulnerabilityDetails.affected = vuln.affected;
                 return vulnerabilityDetails;
             });
-            const resultToCache = {
+            const resultEntry = {
+                package: `${info.name}${info.version && info.version !== 'latest' && info.version !== undefined ? `@${info.version}` : ''}`,
+                isDependency: info.isDependency,
                 vulnerabilities: processedVulns,
-                message: message,
+                count: processedVulns.length,
+                status: processedVulns.length > 0 ? 'vulnerable' : 'secure',
+                message: processedVulns.length > 0 ? `${processedVulns.length} vulnerability(ies) found` : 'No known vulnerabilities found',
             };
-            cacheSet(cacheKey, resultToCache, CACHE_TTL_MEDIUM);
-            return {
-                package: packageNameForOutput,
-                versionQueried: version || null,
-                status: 'success',
+            processedResults.push(resultEntry);
+            // Cache this result for future
+            const cacheKey = generateCacheKey('handleNpmVulnerabilities', info.name, info.version || 'all');
+            cacheSet(cacheKey, {
                 vulnerabilities: processedVulns,
-                message: message,
-            };
-        }));
-        const responseJson = JSON.stringify({ results: processedResults }, null, 2);
+                message: `${processedVulns.length} vulnerabilities found`
+            }, CACHE_TTL_MEDIUM);
+        }
+        // Filter final output
+        const finalOutput = processedResults.filter(r => r.count > 0 || !r.isDependency);
+        const responseJson = JSON.stringify({
+            summary: `Scanned ${packageMap.size} packages (including dependencies). Found vulnerabilities in ${finalOutput.filter(r => r.count > 0).length} packages. (${cachedResultsMap.size} from cache, ${finalBatchQueries.length} from API)`,
+            results: finalOutput
+        }, null, 2);
         return { content: [{ type: 'text', text: responseJson }], isError: false };
     }
     catch (error) {
@@ -3091,17 +3105,13 @@ export default function createServer({ config, }) {
     // Create server instance
     const server = new McpServer({
         name: 'npm-sentinel-mcp',
-        version: '1.11.8',
-        capabilities: {
-            resources: {},
-        },
+        version: '1.12.0',
     });
     // Update paths to be relative to the package
     const README_PATH = path.join(packageRoot, 'README.md');
     const LLMS_FULL_TEXT_PATH = path.join(packageRoot, 'llms-full.txt');
     // Register README.md resource
-    server.resource('serverReadme', 'doc://server/readme', {
-        name: 'Server README',
+    server.registerResource('serverReadme', 'doc://server/readme', {
         description: 'Main documentation and usage guide for this NPM Info Server.',
         mimeType: 'text/markdown',
     }, async (uri) => {
@@ -3127,8 +3137,7 @@ export default function createServer({ config, }) {
         }
     });
     // Register llms-full.txt resource (MCP Specification)
-    server.resource('mcpSpecification', 'doc://mcp/specification', {
-        name: 'MCP Full Specification',
+    server.registerResource('mcpSpecification', 'doc://mcp/specification', {
         description: 'The llms-full.txt content providing a comprehensive overview of the Model Context Protocol.',
         mimeType: 'text/plain',
     }, async (uri) => {
@@ -3154,207 +3163,283 @@ export default function createServer({ config, }) {
         }
     });
     // Add NPM tools - Ensuring each tool registration is complete and correct
-    server.tool('npmVersions', 'Get all available versions of an NPM package', {
-        packages: z.array(z.string()).describe('List of package names to get versions for'),
-    }, {
-        title: 'Get All Package Versions',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmVersions', {
+        description: 'Get all available versions of an NPM package',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get versions for'),
+        },
+        annotations: {
+            title: 'Get All Package Versions',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmVersions(args);
     });
-    server.tool('npmLatest', 'Get the latest version and changelog of an NPM package', {
-        packages: z.array(z.string()).describe('List of package names to get latest versions for'),
-    }, {
-        title: 'Get Latest Package Information',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Result for 'latest' tag can change, but call itself is idempotent
+    server.registerTool('npmLatest', {
+        description: 'Get the latest version and changelog of an NPM package',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get latest versions for'),
+        },
+        annotations: {
+            title: 'Get Latest Package Information',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Result for 'latest' tag can change, but call itself is idempotent
+        },
     }, async (args) => {
         return await handleNpmLatest(args);
     });
-    server.tool('npmDeps', 'Analyze dependencies and devDependencies of an NPM package', {
-        packages: z.array(z.string()).describe('List of package names to analyze dependencies for'),
-    }, {
-        title: 'Get Package Dependencies',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmDeps', {
+        description: 'Analyze dependencies and devDependencies of an NPM package',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to analyze dependencies for'),
+        },
+        annotations: {
+            title: 'Get Package Dependencies',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmDeps(args);
     });
-    server.tool('npmTypes', 'Check TypeScript types availability and version for a package', {
-        packages: z.array(z.string()).describe('List of package names to check types for'),
-    }, {
-        title: 'Check TypeScript Type Availability',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmTypes', {
+        description: 'Check TypeScript types availability and version for a package',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to check types for'),
+        },
+        annotations: {
+            title: 'Check TypeScript Type Availability',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmTypes(args);
     });
-    server.tool('npmSize', 'Get package size information including dependencies and bundle size', {
-        packages: z.array(z.string()).describe('List of package names to get size information for'),
-    }, {
-        title: 'Get Package Size (Bundlephobia)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmSize', {
+        description: 'Get package size information including dependencies and bundle size',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get size information for'),
+        },
+        annotations: {
+            title: 'Get Package Size (Bundlephobia)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmSize(args);
     });
-    server.tool('npmVulnerabilities', 'Check for known vulnerabilities in packages', {
-        packages: z.array(z.string()).describe('List of package names to check for vulnerabilities'),
-    }, {
-        title: 'Check Package Vulnerabilities (OSV.dev)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: false, // Vulnerability data can change frequently
+    server.registerTool('npmVulnerabilities', {
+        description: 'Check for known vulnerabilities in packages',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to check for vulnerabilities'),
+        },
+        annotations: {
+            title: 'Check Package Vulnerabilities (OSV.dev)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: false, // Vulnerability data can change frequently
+        },
     }, async (args) => {
         return await handleNpmVulnerabilities(args);
     });
-    server.tool('npmTrends', 'Get download trends and popularity metrics for packages', {
-        packages: z.array(z.string()).describe('List of package names to get trends for'),
-        period: z
-            .enum(['last-week', 'last-month', 'last-year'])
-            .describe('Time period for trends. Options: "last-week", "last-month", "last-year"')
-            .optional()
-            .default('last-month'),
-    }, {
-        title: 'Get NPM Package Download Trends',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Trends for a fixed past period are idempotent
+    server.registerTool('npmTrends', {
+        description: 'Get download trends and popularity metrics for packages',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get trends for'),
+            period: z
+                .enum(['last-week', 'last-month', 'last-year'])
+                .describe('Time period for trends. Options: "last-week", "last-month", "last-year"')
+                .optional()
+                .default('last-month'),
+        },
+        annotations: {
+            title: 'Get NPM Package Download Trends',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Trends for a fixed past period are idempotent
+        },
     }, async (args) => {
         return await handleNpmTrends(args);
     });
-    server.tool('npmCompare', 'Compare multiple NPM packages based on various metrics', {
-        packages: z.array(z.string()).describe('List of package names to compare'),
-    }, {
-        title: 'Compare NPM Packages',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmCompare', {
+        description: 'Compare multiple NPM packages based on various metrics',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to compare'),
+        },
+        annotations: {
+            title: 'Compare NPM Packages',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmCompare(args);
     });
-    server.tool('npmMaintainers', 'Get maintainers information for NPM packages', {
-        packages: z.array(z.string()).describe('List of package names to get maintainers for'),
-    }, {
-        title: 'Get NPM Package Maintainers',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmMaintainers', {
+        description: 'Get maintainers information for NPM packages',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get maintainers for'),
+        },
+        annotations: {
+            title: 'Get NPM Package Maintainers',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmMaintainers(args);
     });
-    server.tool('npmScore', 'Get consolidated package score based on quality, maintenance, and popularity metrics', {
-        packages: z.array(z.string()).describe('List of package names to get scores for'),
-    }, {
-        title: 'Get NPM Package Score (NPMS.io)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Score for a version is stable, for 'latest' can change
+    server.registerTool('npmScore', {
+        description: 'Get consolidated package score based on quality, maintenance, and popularity metrics',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get scores for'),
+        },
+        annotations: {
+            title: 'Get NPM Package Score (NPMS.io)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Score for a version is stable, for 'latest' can change
+        },
     }, async (args) => {
         return await handleNpmScore(args);
     });
-    server.tool('npmPackageReadme', 'Get the README content for NPM packages', {
-        packages: z.array(z.string()).describe('List of package names to get READMEs for'),
-    }, {
-        title: 'Get NPM Package README',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmPackageReadme', {
+        description: 'Get the README content for NPM packages',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get READMEs for'),
+        },
+        annotations: {
+            title: 'Get NPM Package README',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmPackageReadme(args);
     });
-    server.tool('npmSearch', 'Search for NPM packages with optional limit', {
-        query: z.string().describe('Search query for packages'),
-        limit: z
-            .number()
-            .min(1)
-            .max(50)
-            .optional()
-            .describe('Maximum number of results to return (default: 10)'),
-    }, {
-        title: 'Search NPM Packages',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: false, // Search results can change
+    server.registerTool('npmSearch', {
+        description: 'Search for NPM packages with optional limit',
+        inputSchema: {
+            query: z.string().describe('Search query for packages'),
+            limit: z
+                .number()
+                .min(1)
+                .max(50)
+                .optional()
+                .describe('Maximum number of results to return (default: 10)'),
+        },
+        annotations: {
+            title: 'Search NPM Packages',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: false, // Search results can change
+        },
     }, async (args) => {
         return await handleNpmSearch(args);
     });
-    server.tool('npmLicenseCompatibility', 'Check license compatibility between multiple packages', {
-        packages: z
-            .array(z.string())
-            .min(1)
-            .describe('List of package names to check for license compatibility'),
-    }, {
-        title: 'Check NPM License Compatibility',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmLicenseCompatibility', {
+        description: 'Check license compatibility between multiple packages',
+        inputSchema: {
+            packages: z
+                .array(z.string())
+                .min(1)
+                .describe('List of package names to check for license compatibility'),
+        },
+        annotations: {
+            title: 'Check NPM License Compatibility',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmLicenseCompatibility(args);
     });
-    server.tool('npmRepoStats', 'Get repository statistics for NPM packages', {
-        packages: z.array(z.string()).describe('List of package names to get repository stats for'),
-    }, {
-        title: 'Get NPM Package Repository Stats (GitHub)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Stats for a repo at a point in time, though they change over time
+    server.registerTool('npmRepoStats', {
+        description: 'Get repository statistics for NPM packages',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to get repository stats for'),
+        },
+        annotations: {
+            title: 'Get NPM Package Repository Stats (GitHub)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Stats for a repo at a point in time, though they change over time
+        },
     }, async (args) => {
         return await handleNpmRepoStats(args);
     });
-    server.tool('npmDeprecated', 'Check if packages are deprecated', {
-        packages: z.array(z.string()).describe('List of package names to check for deprecation'),
-    }, {
-        title: 'Check NPM Package Deprecation Status',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Deprecation status is generally stable for a version
+    server.registerTool('npmDeprecated', {
+        description: 'Check if packages are deprecated',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to check for deprecation'),
+        },
+        annotations: {
+            title: 'Check NPM Package Deprecation Status',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Deprecation status is generally stable for a version
+        },
     }, async (args) => {
         return await handleNpmDeprecated(args);
     });
-    server.tool('npmChangelogAnalysis', 'Analyze changelog and release history of packages', {
-        packages: z.array(z.string()).describe('List of package names to analyze changelogs for'),
-    }, {
-        title: 'Analyze NPM Package Changelog (GitHub)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true,
+    server.registerTool('npmChangelogAnalysis', {
+        description: 'Analyze changelog and release history of packages',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to analyze changelogs for'),
+        },
+        annotations: {
+            title: 'Analyze NPM Package Changelog (GitHub)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true,
+        },
     }, async (args) => {
         return await handleNpmChangelogAnalysis(args);
     });
-    server.tool('npmAlternatives', 'Find alternative packages with similar functionality', {
-        packages: z.array(z.string()).describe('List of package names to find alternatives for'),
-    }, {
-        title: 'Find NPM Package Alternatives',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: false, // Search-based, results can change
+    server.registerTool('npmAlternatives', {
+        description: 'Find alternative packages with similar functionality',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to find alternatives for'),
+        },
+        annotations: {
+            title: 'Find NPM Package Alternatives',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: false, // Search-based, results can change
+        },
     }, async (args) => {
         return await handleNpmAlternatives(args);
     });
-    server.tool('npmQuality', 'Analyze package quality metrics', {
-        packages: z.array(z.string()).describe('List of package names to analyze'),
-    }, {
-        title: 'Analyze NPM Package Quality (NPMS.io)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Score for a version is stable, for 'latest' can change
+    server.registerTool('npmQuality', {
+        description: 'Analyze package quality metrics',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to analyze'),
+        },
+        annotations: {
+            title: 'Analyze NPM Package Quality (NPMS.io)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Score for a version is stable, for 'latest' can change
+        },
     }, async (args) => {
         return await handleNpmQuality(args);
     });
-    server.tool('npmMaintenance', 'Analyze package maintenance metrics', {
-        packages: z.array(z.string()).describe('List of package names to analyze'),
-    }, {
-        title: 'Analyze NPM Package Maintenance (NPMS.io)',
-        readOnlyHint: true,
-        openWorldHint: true,
-        idempotentHint: true, // Score for a version is stable, for 'latest' can change
+    server.registerTool('npmMaintenance', {
+        description: 'Analyze package maintenance metrics',
+        inputSchema: {
+            packages: z.array(z.string()).describe('List of package names to analyze'),
+        },
+        annotations: {
+            title: 'Analyze NPM Package Maintenance (NPMS.io)',
+            readOnlyHint: true,
+            openWorldHint: true,
+            idempotentHint: true, // Score for a version is stable, for 'latest' can change
+        },
     }, async (args) => {
         return await handleNpmMaintenance(args);
     });
@@ -3387,8 +3472,11 @@ async function main() {
 // Type guard for NpmPackageVersionSchema
 function isNpmPackageVersionData(data) {
     try {
-        // Use safeParse for type guards to avoid throwing errors on invalid data
-        return NpmPackageVersionSchema.safeParse(data).success;
+        const result = NpmPackageVersionSchema.safeParse(data);
+        if (!result.success) {
+            console.error('isNpmPackageVersionData validation failed:', JSON.stringify(result.error.issues, null, 2));
+        }
+        return result.success;
     }
     catch (e) {
         // This catch block might not be strictly necessary with safeParse but kept for safety