npm - @yawlabs/npmjs-mcp - Versions diffs - 0.11.7 → 0.11.8 - Mend

@yawlabs/npmjs-mcp 0.11.7 → 0.11.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +32 -10
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -31569,7 +31569,11 @@ var analysisTools = [
             isDeprecated,
             isStale
           },
-          assessment: isDeprecated ? "DEPRECATED" : isStale ? "STALE" : daysSinceLastPublish !== null && daysSinceLastPublish < 90 ? "ACTIVE" : "MAINTENANCE"
+          // Holistic single-string verdict layered priority-first: a deprecated
+          // package supersedes everything (don't use it), a vulnerable package
+          // supersedes maintenance signals (active development doesn't undo a
+          // CVE), then staleness, recency, and the catch-all.
+          assessment: isDeprecated ? "DEPRECATED" : vulnerabilityCount !== null && vulnerabilityCount > 0 ? "VULNERABLE" : isStale ? "STALE" : daysSinceLastPublish !== null && daysSinceLastPublish < 90 ? "ACTIVE" : "MAINTENANCE"
         }
       };
     }
@@ -31782,7 +31786,12 @@ var authTools = [
           error: `Token failed /-/whoami check. Token is invalid, expired, or revoked. Create a new one at https://www.npmjs.com/settings/~/tokens. Raw: ${whoami.error}`
         };
       }
-      const tfa = profile.ok && profile.data?.tfa ? { enabled: true, mode: profile.data.tfa.mode } : { enabled: false };
+      const tfaData = profile.ok ? profile.data?.tfa : null;
+      const tfa = tfaData ? {
+        enabled: !tfaData.pending,
+        mode: tfaData.mode,
+        ...tfaData.pending ? { pending: true } : {}
+      } : { enabled: false };
       return {
         ok: true,
         status: 200,
@@ -31960,7 +31969,7 @@ var dependencyTools = [
   },
   {
     name: "npm_license_check",
-    description: "Check the license of a package and its direct production dependencies. Flags missing or non-standard licenses.",
+    description: "Check the license of a package and its direct production dependencies. Flags missing or non-standard licenses. Matches single SPDX license identifiers case-insensitively (so 'mit' and 'MIT' both match). SPDX expressions like '(MIT OR Apache-2.0)' are NOT decomposed \u2014 they are flagged unless added to `allowed` verbatim.",
     annotations: {
       title: "Check licenses",
       readOnlyHint: true,
@@ -31998,17 +32007,17 @@ var dependencyTools = [
           };
         })
       );
-      const allowedSet = new Set(
-        input.allowed ?? ["MIT", "ISC", "BSD-2-Clause", "BSD-3-Clause", "Apache-2.0", "0BSD", "Unlicense"]
-      );
+      const defaultAllowed = ["MIT", "ISC", "BSD-2-Clause", "BSD-3-Clause", "Apache-2.0", "0BSD", "Unlicense"];
+      const allowedInput = input.allowed ?? defaultAllowed;
+      const allowedSet = new Set(allowedInput.map((l) => l.toLowerCase()));
       const results = [{ name: pkg.name, version: pkg.version, license: pkg.license ?? "UNKNOWN" }, ...depLicenses];
-      const flagged = results.filter((r) => !allowedSet.has(r.license));
+      const flagged = results.filter((r) => !allowedSet.has(r.license.toLowerCase()));
       return {
         ok: true,
         status: 200,
         data: {
           total: results.length,
-          allowed: [...allowedSet],
+          allowed: allowedInput,
           flagged: flagged.length,
           packages: results,
           issues: flagged.length > 0 ? flagged : void 0
@@ -33365,7 +33374,9 @@ var writeTools = [
     inputSchema: external_exports.object({
       name: external_exports.string().describe("Package name (e.g. '@yawlabs/spend')"),
       message: external_exports.string().describe("Deprecation message. Empty string to clear deprecation (use npm_undeprecate instead)."),
-      versionRange: external_exports.string().optional().describe("Semver range. Omit to deprecate ALL versions. Example: '<1.0.0' or '0.3.x'.")
+      versionRange: external_exports.string().optional().describe(
+        "Semver range. Omit to deprecate ALL versions. Example: '<1.0.0' or '0.3.x'. Standard semver applies \u2014 bare integers are x-ranges (e.g. '0' means '0.x.x', not exact version 0). For a single version use '=1.2.3'."
+      )
     }),
     handler: async (input) => {
       const authErr = requireAuth();
@@ -34210,7 +34221,7 @@ var writeTools = [
 ];
 // src/index.ts
-var version2 = true ? "0.11.7" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.11.8" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "version" || subcommand === "--version" || subcommand === "-v" || subcommand === "-V") {
   console.log(version2);
@@ -34233,6 +34244,17 @@ var allTools = [
   ...writeTools,
   ...hookTools
 ];
+{
+  const seen = /* @__PURE__ */ new Set();
+  const duplicates = [];
+  for (const t of allTools) {
+    if (seen.has(t.name)) duplicates.push(t.name);
+    else seen.add(t.name);
+  }
+  if (duplicates.length > 0) {
+    throw new Error(`Duplicate tool name(s) registered: ${[...new Set(duplicates)].join(", ")}`);
+  }
+}
 var server = new McpServer({
   name: "@yawlabs/npmjs-mcp",
   version: version2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/npmjs-mcp",
-  "version": "0.11.7",
+  "version": "0.11.8",
   "mcpName": "io.github.YawLabs/npmjs-mcp",
   "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
   "license": "MIT",