npm - @yawlabs/npmjs-mcp - Versions diffs - 0.11.15 → 0.12.0 - Mend

@yawlabs/npmjs-mcp 0.11.15 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +56 -18
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -31347,12 +31347,23 @@ function translateError(res, context) {
         ...res,
         error: `Rate limited${opPart}. Retried automatically and still failed \u2014 wait longer and retry, or contact npm support if this persists. Raw: ${res.error}`
       };
+    case 409:
+      return {
+        ...res,
+        error: `Version conflict${pkgPart}${opPart}. The package metadata changed between read and write (a concurrent publish, deprecate, or registry _rev bump). Re-run the operation \u2014 it re-fetches the current _rev each call. Raw: ${res.error}`
+      };
     case 0:
       return {
         ...res,
         error: `Network error${opPart}. Could not reach the registry. Raw: ${res.error}`
       };
     default:
+      if (res.status >= 500) {
+        return {
+          ...res,
+          error: `Registry server error${pkgPart}${opPart} (HTTP ${res.status}). Retried automatically and still failed \u2014 the registry is likely having a transient outage. Wait and retry; check https://status.npmjs.org if it persists. Raw: ${res.error}`
+        };
+      }
       return res;
   }
 }
@@ -31383,7 +31394,7 @@ var accessTools = [
       if (authErr) return authErr;
       const res = await registryGetAuth(`/-/package/${encPkg(input.name)}/collaborators`);
       if (!res.ok) return translateError(res, { pkg: input.name, op: "collaborators" });
-      const collaborators = Object.entries(res.data).map(([username, permissions]) => ({
+      const collaborators = Object.entries(res.data ?? {}).map(([username, permissions]) => ({
         username,
         permissions
       }));
@@ -31431,7 +31442,7 @@ var accessTools = [
         result.access = accessRes.data;
       }
       if (collabRes.ok) {
-        result.collaborators = Object.entries(collabRes.data).map(([username, permissions]) => ({
+        result.collaborators = Object.entries(collabRes.data ?? {}).map(([username, permissions]) => ({
           username,
           permissions
         }));
@@ -31499,7 +31510,10 @@ var analysisTools = [
           latest,
           license: pkg.license ?? latestVersion?.license,
           maintainers: pkg.maintainers?.map((m) => m.name),
-          weeklyDownloads: dlRes.ok ? dlRes.data.downloads : null,
+          // Guard on data presence, not just .ok: a 2xx with an empty body yields
+          // ok:true with no data (api.ts), and dlRes.data!.downloads would throw
+          // and crash the whole compare. Degrade to null instead.
+          weeklyDownloads: dlRes.ok && dlRes.data ? dlRes.data.downloads : null,
           versionCount: versionKeys.length,
           created: pkg.time.created,
           lastPublish: latest ? pkg.time[latest] : void 0,
@@ -31578,8 +31592,10 @@ var analysisTools = [
           name: pkg.name,
           latest,
           signals: {
-            weeklyDownloads: dlWeekRes.ok ? dlWeekRes.data.downloads : null,
-            monthlyDownloads: dlMonthRes.ok ? dlMonthRes.data.downloads : null,
+            // Guard on data presence, not just .ok: an empty-body 2xx yields
+            // ok:true with no data (api.ts); degrade to null rather than throw.
+            weeklyDownloads: dlWeekRes.ok && dlWeekRes.data ? dlWeekRes.data.downloads : null,
+            monthlyDownloads: dlMonthRes.ok && dlMonthRes.data ? dlMonthRes.data.downloads : null,
             maintainerCount: pkg.maintainers?.length ?? 0,
             versionCount: versionKeys.length,
             daysSinceLastPublish,
@@ -31813,12 +31829,20 @@ var authTools = [
           error: `Token failed /-/whoami check. Token is invalid, expired, or revoked. Create a new one at https://www.npmjs.com/settings/~/tokens. Raw: ${whoami.error}`
         };
       }
-      const tfaData = profile.ok ? profile.data?.tfa : null;
-      const tfa = tfaData ? {
-        enabled: !tfaData.pending,
-        mode: tfaData.mode,
-        ...tfaData.pending ? { pending: true } : {}
-      } : { enabled: false };
+      let tfa;
+      if (!profile.ok) {
+        tfa = {
+          unknown: true,
+          warning: `2FA status unknown: profile lookup failed (HTTP ${profile.status}). Token is valid (whoami passed) but write-readiness could not be fully assessed. Raw: ${profile.error}`
+        };
+      } else {
+        const tfaData = profile.data?.tfa;
+        tfa = tfaData ? {
+          enabled: !tfaData.pending,
+          mode: tfaData.mode,
+          ...tfaData.pending ? { pending: true } : {}
+        } : { enabled: false };
+      }
       return {
         ok: true,
         status: 200,
@@ -32753,7 +32777,7 @@ var provenanceTools = [
         `/-/npm/v1/attestations/${encPkg(input.name)}@${encodeURIComponent(input.version)}`
       );
       if (!res.ok) return translateError(res, { pkg: input.name, op: `provenance ${input.version}` });
-      const attestations = (res.data.attestations ?? []).map((a) => ({
+      const attestations = (res.data?.attestations ?? []).map((a) => ({
         predicateType: a.predicateType,
         bundle: a.bundle
       }));
@@ -32814,7 +32838,7 @@ var registryTools = [
         replicateGet(`/_changes?limit=${limit}&descending=true`)
       ]);
       if (!changesRes.ok) return translateError(changesRes, { op: "recent_changes" });
-      const changes = changesRes.data.results.map((r) => ({
+      const changes = (changesRes.data?.results ?? []).map((r) => ({
         package: r.id,
         rev: r.changes[0]?.rev
       }));
@@ -32822,7 +32846,13 @@ var registryTools = [
         ok: true,
         status: 200,
         data: {
-          totalPackages: dbRes.ok ? dbRes.data.doc_count : null,
+          // `totalPackages` is the registry doc-count from replicate.npmjs.com
+          // (the entire npm registry, ~3M) -- NOT the count of returned
+          // changes. `changes.length` is the per-call result size. The field
+          // name reads as if it were a per-call count; this comment pins the
+          // semantic so a consumer reading "totalPackages: 50" doesn't assume
+          // only 50 packages exist on the registry.
+          totalPackages: dbRes.data?.doc_count ?? null,
           changes
         }
       };
@@ -32921,6 +32951,13 @@ var searchTools = [
       maintenance: external_exports.number().min(0).max(1).optional().describe("Weight for maintenance score (0-1)")
     }),
     handler: async (input) => {
+      if (input.query.trim() === "") {
+        return {
+          ok: false,
+          status: 400,
+          error: "Query cannot be empty. Provide a search term or qualifier (e.g. 'mcp', 'keywords:react')."
+        };
+      }
       const params = new URLSearchParams({ text: input.query });
       if (input.size !== void 0) params.set("size", String(input.size));
       if (input.from !== void 0) params.set("from", String(input.from));
@@ -32929,7 +32966,8 @@ var searchTools = [
       if (input.maintenance !== void 0) params.set("maintenance", String(input.maintenance));
       const res = await registryGet(`/-/v1/search?${params}`);
       if (!res.ok) return translateError(res, { op: `search "${input.query}"` });
-      const results = res.data.objects.map((obj) => ({
+      const objects = res.data?.objects ?? [];
+      const results = objects.map((obj) => ({
         name: obj.package.name,
         version: obj.package.version,
         description: obj.package.description,
@@ -32940,7 +32978,7 @@ var searchTools = [
         links: obj.package.links,
         score: obj.score.detail
       }));
-      return { ok: true, status: 200, data: { total: res.data.total, results } };
+      return { ok: true, status: 200, data: { total: res.data?.total ?? objects.length, results } };
     }
   }
 ];
@@ -34081,7 +34119,7 @@ var writeTools = [
   // ───────────────────────────────────────────────────────
   {
     name: "npm_team_delete",
-    description: "Delete a team. Team is passed as '@scope:team'. Revokes all package permissions that team held. Requires confirm: true \u2014 this removes the team and all its package grants in one call.",
+    description: "Delete a team. Team is passed as '@scope:team'. Revokes all package permissions that team held, and team memberships are also removed. Requires confirm: true \u2014 this removes the team and all its package grants in one call. List the team's current grants with npm_team_packages first if you need to preserve them.",
     annotations: {
       title: "Delete team",
       readOnlyHint: false,
@@ -34293,7 +34331,7 @@ var writeTools = [
 ];
 // src/index.ts
-var version2 = true ? "0.11.15" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.12.0" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "version" || subcommand === "--version" || subcommand === "-v" || subcommand === "-V") {
   console.log(version2);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/npmjs-mcp",
-  "version": "0.11.15",
+  "version": "0.12.0",
   "mcpName": "io.github.YawLabs/npmjs-mcp",
   "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
   "license": "MIT",