@yawlabs/npmjs-mcp 0.11.4 → 0.11.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +7 -6
  2. package/dist/index.js +17 -8
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![GitHub stars](https://img.shields.io/github/stars/YawLabs/npmjs-mcp)](https://github.com/YawLabs/npmjs-mcp/stargazers)
6
6
  [![CI](https://github.com/YawLabs/npmjs-mcp/actions/workflows/ci.yml/badge.svg)](https://github.com/YawLabs/npmjs-mcp/actions/workflows/ci.yml) [![Release](https://github.com/YawLabs/npmjs-mcp/actions/workflows/release.yml/badge.svg)](https://github.com/YawLabs/npmjs-mcp/actions/workflows/release.yml)
7
7
 
8
- **Run npm registry operations from Claude Code, Cursor, and any MCP client.** 63 tools covering the full registry surface: package intelligence, security audits, dependency analysis, org/team management, and the write ops that normally fight you locally (`npm deprecate`, `npm dist-tag`, `npm owner`, `npm unpublish`).
8
+ **Run npm registry operations from Claude Code, Cursor, and any MCP client.** 64 tools covering the full registry surface: package intelligence, security audits, dependency analysis, org/team management, and the write ops that normally fight you locally (`npm deprecate`, `npm dist-tag`, `npm owner`, `npm unpublish`).
9
9
 
10
10
  Built and maintained by [Yaw Labs](https://yaw.sh).
11
11
 
@@ -17,7 +17,7 @@ One click adds this to your [mcp.hosting](https://mcp.hosting) account so it syn
17
17
 
18
18
  Other npm MCP servers wrap `npm search` and call it done. This one doesn't.
19
19
 
20
- - **Full registry HTTP surface** — 63 tools across reads, writes, orgs, teams, hooks, provenance, trusted publishers, and ops health. Not just `npm view`.
20
+ - **Full registry HTTP surface** — 64 tools across reads, writes, orgs, teams, hooks, provenance, trusted publishers, and ops health. Not just `npm view`.
21
21
  - **Write ops that actually work in agents** — `npm_deprecate`, `npm_dist_tag_set`, `npm_owner_add`, `npm_unpublish_version` go directly to the HTTP API with your token. No 2FA prompts, no `--otp` hunts, no `ENEEDAUTH` from a session-bound `.npmrc`.
22
22
  - **Agent-aware failure surfacing** — write tools detect non-interactive context and return specific human-runnable commands (`npm login --auth-type=web`) instead of looping on unrecoverable errors.
23
23
  - **Safety by default** — `npm_unpublish_*` requires `confirm: true`. `npm_owner_remove` blocks you from locking yourself out. `npm_deprecate` validates the message format (em-dash, no trailing period) that npmjs.com's API actually accepts.
@@ -112,7 +112,7 @@ That's it. Now ask your AI assistant:
112
112
 
113
113
  Use the same JSON block shown above in any of these.
114
114
 
115
- ## Tools (63)
115
+ ## Tools (64)
116
116
 
117
117
  ### Search (1)
118
118
  - **npm_search** — Search the npm registry with qualifiers (keywords, author, scope).
@@ -163,13 +163,14 @@ Use the same JSON block shown above in any of these.
163
163
  - **npm_verify_token** — One-call capability check. **Call this first** when debugging write failures.
164
164
  - **npm_user_packages** — Packages published by a user.
165
165
 
166
- ### Access & orgs (6, requires NPM_TOKEN)
166
+ ### Access & orgs (7, requires NPM_TOKEN)
167
167
  - **npm_collaborators** — Package collaborators and permissions.
168
168
  - **npm_package_access** — Package access settings.
169
169
  - **npm_org_members** — Org members and roles.
170
170
  - **npm_org_packages** — Org packages.
171
171
  - **npm_org_teams** — Org teams.
172
172
  - **npm_team_packages** — Team package permissions.
173
+ - **npm_team_members** — Team members and roles.
173
174
 
174
175
  ### Workflows (2)
175
176
  - **npm_check_auth** — Auth health check with headless publish feasibility.
@@ -234,7 +235,7 @@ Call `npm_ops_playbook` at the start of any session to get the up-to-date matrix
234
235
 
235
236
  ```
236
237
  > "Compare fastify vs express vs koa for maintenance health"
237
- → npm_compare({ names: ["fastify", "express", "koa"] })
238
+ → npm_compare({ packages: ["fastify", "express", "koa"] })
238
239
  → npm_health({ name: "fastify" }) // ...etc
239
240
  ```
240
241
 
@@ -276,7 +277,7 @@ Call `npm_ops_playbook` at the start of any session to get the up-to-date matrix
276
277
 
277
278
  ## Requirements
278
279
 
279
- - Node.js 18+
280
+ - Node.js 20+ (the CI matrix tests 20 and 22; `package.json` declares `engines.node: ">=20"`)
280
281
  - (Optional) npm access token for write operations
281
282
 
282
283
  ## Contributing
package/dist/index.js CHANGED
@@ -31887,6 +31887,7 @@ var dependencyTools = [
31887
31887
  const maxDepth = input.depth ?? 3;
31888
31888
  const runLimited = createLimiter(10);
31889
31889
  const packumentCache = /* @__PURE__ */ new Map();
31890
+ const failedPackages = /* @__PURE__ */ new Set();
31890
31891
  const resolved = /* @__PURE__ */ new Set();
31891
31892
  const tree = {};
31892
31893
  const warnings = [];
@@ -31894,16 +31895,24 @@ var dependencyTools = [
31894
31895
  const hintKey = `${name}@${versionHint2}`;
31895
31896
  if (resolved.has(hintKey) || currentDepth > maxDepth) return;
31896
31897
  resolved.add(hintKey);
31897
- let pkg = packumentCache.get(name);
31898
+ let pending = packumentCache.get(name);
31899
+ if (!pending) {
31900
+ pending = runLimited(() => registryGetAbbreviated(`/${encPkg(name)}`)).then((res) => {
31901
+ if (!res.ok) {
31902
+ warnings.push(`Failed to fetch ${name}: ${res.error}`);
31903
+ return null;
31904
+ }
31905
+ return res.data;
31906
+ });
31907
+ packumentCache.set(name, pending);
31908
+ }
31909
+ const pkg = await pending;
31898
31910
  if (!pkg) {
31899
- const res = await runLimited(() => registryGetAbbreviated(`/${encPkg(name)}`));
31900
- if (!res.ok) {
31901
- warnings.push(`Failed to fetch ${name}: ${res.error}`);
31911
+ if (!failedPackages.has(name)) {
31912
+ failedPackages.add(name);
31902
31913
  tree[hintKey] = { version: versionHint2, dependencies: {}, failed: true };
31903
- return;
31904
31914
  }
31905
- pkg = res.data;
31906
- packumentCache.set(name, pkg);
31915
+ return;
31907
31916
  }
31908
31917
  let resolvedVersion;
31909
31918
  if (pkg.versions[versionHint2]) {
@@ -34201,7 +34210,7 @@ var writeTools = [
34201
34210
  ];
34202
34211
 
34203
34212
  // src/index.ts
34204
- var version2 = true ? "0.11.4" : (await null).createRequire(import.meta.url)("../package.json").version;
34213
+ var version2 = true ? "0.11.6" : (await null).createRequire(import.meta.url)("../package.json").version;
34205
34214
  var subcommand = process.argv[2];
34206
34215
  if (subcommand === "version" || subcommand === "--version" || subcommand === "-v" || subcommand === "-V") {
34207
34216
  console.log(version2);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@yawlabs/npmjs-mcp",
3
- "version": "0.11.4",
3
+ "version": "0.11.6",
4
4
  "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
5
5
  "license": "MIT",
6
6
  "author": "YawLabs <contact@yaw.sh>",