@yawlabs/npmjs-mcp 0.11.11 → 0.11.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +19 -7
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -31469,9 +31469,13 @@ var analysisTools = [
|
|
|
31469
31469
|
if (latest) auditMap[name] = [latest];
|
|
31470
31470
|
}
|
|
31471
31471
|
let auditData = {};
|
|
31472
|
+
let auditSucceeded = false;
|
|
31472
31473
|
if (Object.keys(auditMap).length > 0) {
|
|
31473
31474
|
const auditRes = await registryPost("/-/npm/v1/security/advisories/bulk", auditMap);
|
|
31474
|
-
if (auditRes.ok && auditRes.data)
|
|
31475
|
+
if (auditRes.ok && auditRes.data) {
|
|
31476
|
+
auditData = auditRes.data;
|
|
31477
|
+
auditSucceeded = true;
|
|
31478
|
+
}
|
|
31475
31479
|
}
|
|
31476
31480
|
const results = partials.map(({ name, pkgRes, dlRes }) => {
|
|
31477
31481
|
if (!pkgRes.ok) {
|
|
@@ -31482,8 +31486,9 @@ var analysisTools = [
|
|
|
31482
31486
|
const latest = pkg["dist-tags"]?.latest;
|
|
31483
31487
|
const latestVersion = latest ? pkg.versions[latest] : void 0;
|
|
31484
31488
|
const versionKeys = Object.keys(pkg.versions);
|
|
31489
|
+
const wasAudited = auditSucceeded && name in auditMap;
|
|
31485
31490
|
const advisories = auditData[name];
|
|
31486
|
-
const vulnerabilities = Array.isArray(advisories) ? advisories.length : 0;
|
|
31491
|
+
const vulnerabilities = wasAudited ? Array.isArray(advisories) ? advisories.length : 0 : null;
|
|
31487
31492
|
return {
|
|
31488
31493
|
name,
|
|
31489
31494
|
description: pkg.description,
|
|
@@ -31498,7 +31503,8 @@ var analysisTools = [
|
|
|
31498
31503
|
hasReadme: !!(pkg.readme && pkg.readme.length > 0),
|
|
31499
31504
|
repository: pkg.repository,
|
|
31500
31505
|
homepage: pkg.homepage,
|
|
31501
|
-
vulnerabilities
|
|
31506
|
+
vulnerabilities,
|
|
31507
|
+
auditReliable: wasAudited
|
|
31502
31508
|
};
|
|
31503
31509
|
});
|
|
31504
31510
|
return { ok: true, status: 200, data: { comparison: results } };
|
|
@@ -31586,8 +31592,11 @@ var analysisTools = [
|
|
|
31586
31592
|
// Holistic single-string verdict layered priority-first: a deprecated
|
|
31587
31593
|
// package supersedes everything (don't use it), a vulnerable package
|
|
31588
31594
|
// supersedes maintenance signals (active development doesn't undo a
|
|
31589
|
-
// CVE), then
|
|
31590
|
-
|
|
31595
|
+
// CVE), then AUDIT_UNKNOWN when we couldn't verify vuln status (a 5xx
|
|
31596
|
+
// on the audit endpoint or a packument with no `latest` to audit) --
|
|
31597
|
+
// better to flag the unknown than confidently report ACTIVE on
|
|
31598
|
+
// unverified data. Then staleness, recency, and the catch-all.
|
|
31599
|
+
assessment: isDeprecated ? "DEPRECATED" : vulnerabilityCount !== null && vulnerabilityCount > 0 ? "VULNERABLE" : !auditReliable ? "AUDIT_UNKNOWN" : isStale ? "STALE" : daysSinceLastPublish !== null && daysSinceLastPublish < 90 ? "ACTIVE" : "MAINTENANCE"
|
|
31591
31600
|
}
|
|
31592
31601
|
};
|
|
31593
31602
|
}
|
|
@@ -31951,7 +31960,10 @@ var dependencyTools = [
|
|
|
31951
31960
|
if (tree[resolvedKey]) return;
|
|
31952
31961
|
const versionData = pkg.versions[resolvedVersion];
|
|
31953
31962
|
if (!versionData) {
|
|
31954
|
-
|
|
31963
|
+
if (!failedPackages.has(name)) {
|
|
31964
|
+
failedPackages.add(name);
|
|
31965
|
+
tree[resolvedKey] = { version: resolvedVersion, dependencies: {}, failed: true };
|
|
31966
|
+
}
|
|
31955
31967
|
return;
|
|
31956
31968
|
}
|
|
31957
31969
|
const deps = versionData.dependencies ?? {};
|
|
@@ -34235,7 +34247,7 @@ var writeTools = [
|
|
|
34235
34247
|
];
|
|
34236
34248
|
|
|
34237
34249
|
// src/index.ts
|
|
34238
|
-
var version2 = true ? "0.11.
|
|
34250
|
+
var version2 = true ? "0.11.12" : (await null).createRequire(import.meta.url)("../package.json").version;
|
|
34239
34251
|
var subcommand = process.argv[2];
|
|
34240
34252
|
if (subcommand === "version" || subcommand === "--version" || subcommand === "-v" || subcommand === "-V") {
|
|
34241
34253
|
console.log(version2);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@yawlabs/npmjs-mcp",
|
|
3
|
-
"version": "0.11.
|
|
3
|
+
"version": "0.11.12",
|
|
4
4
|
"mcpName": "io.github.YawLabs/npmjs-mcp",
|
|
5
5
|
"description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
|
|
6
6
|
"license": "MIT",
|