@yawlabs/npmjs-mcp 0.11.0 → 0.11.1

package/dist/index.js

@@ -30174,6 +30174,9 @@ function validateUsername(username) {
 function validateTeam(team) {
   return validateIdent(team, "Team name");
 }
+function validateTag(tag) {
+  return validateIdent(tag, "Tag name");
+}
 function encPkg(name) {
   const err = validatePackageName(name);
   if (err) throw new Error(err);
@@ -30194,6 +30197,11 @@ function encTeam(team) {
   if (err) throw new Error(err);
   return encodeURIComponent(team);
 }
+function encTag(tag) {
+  const err = validateTag(tag);
+  if (err) throw new Error(err);
+  return encodeURIComponent(tag);
+}
 function isAuthenticated() {
   return !!process.env.NPM_TOKEN;
 }
@@ -30429,8 +30437,9 @@ function maxSatisfying(versions, range) {
   for (const sub of subRanges) {
     const parsed = parseRange(sub);
     if (!parsed) continue;
+    const subTargetsPrerelease = /\d+\.\d+\.\d+-/.test(sub);
     for (const v of versions) {
-      if (v.includes("-") && !sub.includes("-")) continue;
+      if (v.includes("-") && !subTargetsPrerelease) continue;
       const vp = parseSemver(v);
       if (!vp) continue;
       if (parsed.min && cmpSemver(vp, parsed.min) < 0) continue;
@@ -31178,7 +31187,7 @@ var downloadTools = [
   },
   {
     name: "npm_downloads_bulk",
-    description: "Compare download counts for multiple packages over a period. Up to 128 packages.",
+    description: "Compare download counts for multiple packages over a period. Up to 128 packages. Scoped packages (@scope/name) are NOT supported by the bulk endpoint \u2014 call npm_downloads separately for each scoped package.",
     annotations: {
       title: "Bulk download comparison",
       readOnlyHint: true,
@@ -31187,11 +31196,19 @@ var downloadTools = [
       openWorldHint: true
     },
     inputSchema: external_exports3.object({
-      packages: external_exports3.array(external_exports3.string()).min(1).max(128).describe("Array of package names to compare"),
+      packages: external_exports3.array(external_exports3.string()).min(1).max(128).describe("Array of package names to compare (unscoped only)"),
       period: external_exports3.string().optional().describe("Period (default: 'last-week')")
     }),
     handler: async (input) => {
       const period = input.period ?? "last-week";
+      const scoped = input.packages.filter((p) => p.startsWith("@"));
+      if (scoped.length > 0) {
+        return {
+          ok: false,
+          status: 400,
+          error: `npm_downloads_bulk does not support scoped packages (received: ${scoped.join(", ")}). Call npm_downloads separately for each scoped package.`
+        };
+      }
       const names = input.packages.map((p) => encPkg(p)).join(",");
       const res = await downloadsGet(`/downloads/point/${period}/${names}`);
       return res.ok ? res : translateError(res, { op: `downloads_bulk ${period}` });
@@ -31385,7 +31402,9 @@ var orgTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
-      const res = await registryGetAuth(`/-/org/${encodeURIComponent(input.org)}/user`);
+      const scopeErr = validateScope(input.org);
+      if (scopeErr) return { ok: false, status: 400, error: scopeErr };
+      const res = await registryGetAuth(`/-/org/${encScope(input.org)}/user`);
       if (!res.ok) return translateError(res, { op: `org_members ${input.org}` });
       const members = Object.entries(res.data).map(([username, role]) => ({ username, role }));
       return {
@@ -31415,7 +31434,9 @@ var orgTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
-      const res = await registryGetAuth(`/-/org/${encodeURIComponent(input.org)}/package`);
+      const scopeErr = validateScope(input.org);
+      if (scopeErr) return { ok: false, status: 400, error: scopeErr };
+      const res = await registryGetAuth(`/-/org/${encScope(input.org)}/package`);
       if (!res.ok) return translateError(res, { op: `org_packages ${input.org}` });
       const packages = Object.entries(res.data).map(([name, access]) => ({ name, access }));
       return {
@@ -31445,7 +31466,9 @@ var orgTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
-      const res = await registryGetAuth(`/-/org/${encodeURIComponent(input.org)}/team`);
+      const scopeErr = validateScope(input.org);
+      if (scopeErr) return { ok: false, status: 400, error: scopeErr };
+      const res = await registryGetAuth(`/-/org/${encScope(input.org)}/team`);
       if (!res.ok) return translateError(res, { op: `org_teams ${input.org}` });
       return {
         ok: true,
@@ -31475,8 +31498,12 @@ var orgTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const scopeErr = validateScope(input.org);
+      if (scopeErr) return { ok: false, status: 400, error: scopeErr };
+      const teamErr = validateTeam(input.team);
+      if (teamErr) return { ok: false, status: 400, error: teamErr };
       const res = await registryGetAuth(
-        `/-/team/${encodeURIComponent(input.org)}/${encodeURIComponent(input.team)}/package`
+        `/-/team/${encScope(input.org)}/${encTeam(input.team)}/package`
       );
       if (!res.ok) return translateError(res, { op: `team_packages ${input.org}:${input.team}` });
       const packages = Object.entries(res.data).map(([name, permissions]) => ({ name, permissions }));
@@ -31491,6 +31518,44 @@ var orgTools = [
         }
       };
     }
+  },
+  {
+    name: "npm_team_members",
+    description: "List all members of a team with their roles (e.g. 'developer'). Complements npm_team_member_add and npm_team_member_remove \u2014 use this to audit who is currently on the team before adding or removing members.",
+    annotations: {
+      title: "List team members",
+      readOnlyHint: true,
+      destructiveHint: false,
+      idempotentHint: true,
+      openWorldHint: true
+    },
+    inputSchema: external_exports3.object({
+      org: external_exports3.string().describe("Organization name (without @ prefix)"),
+      team: external_exports3.string().describe("Team name")
+    }),
+    handler: async (input) => {
+      const authErr = requireAuth();
+      if (authErr) return authErr;
+      const scopeErr = validateScope(input.org);
+      if (scopeErr) return { ok: false, status: 400, error: scopeErr };
+      const teamErr = validateTeam(input.team);
+      if (teamErr) return { ok: false, status: 400, error: teamErr };
+      const res = await registryGetAuth(
+        `/-/team/${encScope(input.org)}/${encTeam(input.team)}/user`
+      );
+      if (!res.ok) return translateError(res, { op: `team_members ${input.org}:${input.team}` });
+      const members = Object.entries(res.data).map(([username, role]) => ({ username, role }));
+      return {
+        ok: true,
+        status: 200,
+        data: {
+          org: input.org,
+          team: input.team,
+          memberCount: members.length,
+          members
+        }
+      };
+    }
   }
 ];
 
@@ -32655,8 +32720,10 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const tagErr = validateTag(input.tag);
+      if (tagErr) return { ok: false, status: 400, error: tagErr };
       const putRes = await registryPutAuth(
-        `/-/package/${encPkg(input.name)}/dist-tags/${encodeURIComponent(input.tag)}`,
+        `/-/package/${encPkg(input.name)}/dist-tags/${encTag(input.tag)}`,
         input.version
       );
       if (!putRes.ok) return translateError(putRes, { pkg: input.name, op: `dist-tag set ${input.tag}` });
@@ -32691,6 +32758,8 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const tagErr = validateTag(input.tag);
+      if (tagErr) return { ok: false, status: 400, error: tagErr };
       if (input.tag === "latest") {
         return {
           ok: false,
@@ -32698,9 +32767,7 @@ var writeTools = [
           error: "The 'latest' tag cannot be removed. Use npm_dist_tag_set to reassign it to a different version."
         };
       }
-      const delRes = await registryDeleteAuth(
-        `/-/package/${encPkg(input.name)}/dist-tags/${encodeURIComponent(input.tag)}`
-      );
+      const delRes = await registryDeleteAuth(`/-/package/${encPkg(input.name)}/dist-tags/${encTag(input.tag)}`);
       if (!delRes.ok) return translateError(delRes, { pkg: input.name, op: `dist-tag remove ${input.tag}` });
       return {
         ok: true,
@@ -33155,7 +33222,9 @@ var writeTools = [
       if (input.role) body.role = input.role;
       const res = await registryPutAuth(`/-/org/${encScope(org)}/user`, body);
       if (!res.ok) return translateError(res, { op: `org_member_set ${org}/${user}` });
-      return { ok: true, status: 200, data: { org, user, role: input.role } };
+      const data = { org, user };
+      if (input.role) data.role = input.role;
+      return { ok: true, status: 200, data };
     }
   },
   // ───────────────────────────────────────────────────────
@@ -33234,7 +33303,7 @@ var writeTools = [
 ];
 
 // src/index.ts
-var version2 = true ? "0.11.0" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.11.1" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "version" || subcommand === "--version") {
   console.log(version2);

package/package.json

@@ -1,57 +1,57 @@
-{
-  "name": "@yawlabs/npmjs-mcp",
-  "version": "0.11.0",
-  "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
-  "license": "MIT",
-  "author": "YawLabs <contact@yaw.sh>",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/YawLabs/npmjs-mcp.git"
-  },
-  "keywords": [
-    "npm",
-    "npmjs",
-    "registry",
-    "mcp",
-    "model-context-protocol",
-    "ai",
-    "packages",
-    "security",
-    "audit",
-    "dependencies"
-  ],
-  "type": "module",
-  "main": "dist/index.js",
-  "bin": {
-    "npmjs-mcp": "dist/index.js"
-  },
-  "files": [
-    "dist/index.js"
-  ],
-  "scripts": {
-    "build": "tsc && node build.mjs",
-    "dev": "tsc --watch",
-    "start": "node dist/index.js",
-    "test": "npm run build && node --test dist/api.test.js dist/tools/tools.test.js dist/tools/handlers.test.js dist/tools/writes.test.js dist/tools/hooks.test.js",
-    "test:ci": "npm run test",
-    "lint": "biome check src/",
-    "lint:fix": "biome check --write src/",
-    "prepublishOnly": "npm run build"
-  },
-  "dependencies": {},
-  "overrides": {
-    "hono": "^4.12.14",
-    "@hono/node-server": "^1.19.13"
-  },
-  "devDependencies": {
-    "@biomejs/biome": "^2.4.12",
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "@types/node": "^25.6.0",
-    "esbuild": "^0.28.0",
-    "typescript": "^6.0.3",
-    "zod": "^4.3.6"
-  },
-  "engines": {
-    "node": ">=18"
-  }
-}
+{
+  "name": "@yawlabs/npmjs-mcp",
+  "version": "0.11.1",
+  "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
+  "license": "MIT",
+  "author": "YawLabs <contact@yaw.sh>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/YawLabs/npmjs-mcp.git"
+  },
+  "keywords": [
+    "npm",
+    "npmjs",
+    "registry",
+    "mcp",
+    "model-context-protocol",
+    "ai",
+    "packages",
+    "security",
+    "audit",
+    "dependencies"
+  ],
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "npmjs-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist/index.js"
+  ],
+  "scripts": {
+    "build": "tsc && node build.mjs",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js",
+    "test": "npm run build && node --test dist/api.test.js dist/tools/tools.test.js dist/tools/handlers.test.js dist/tools/writes.test.js dist/tools/hooks.test.js",
+    "test:ci": "npm run test",
+    "lint": "biome check src/",
+    "lint:fix": "biome check --write src/",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {},
+  "overrides": {
+    "hono": "^4.12.14",
+    "@hono/node-server": "^1.19.13"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^2.4.12",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@types/node": "^25.6.0",
+    "esbuild": "^0.28.0",
+    "typescript": "^6.0.3",
+    "zod": "^4.3.6"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}