@yawlabs/npmjs-mcp 0.11.8 → 0.11.11

package/dist/index.js

@@ -31233,7 +31233,7 @@ function parseSingleConstraint(r) {
     if (patch === null) {
       return { min: [major, minor, 0], max: [major, minor + 1, 0] };
     }
-    return null;
+    return { min: [major, minor, patch], max: [major, minor, patch + 1] };
   }
   return null;
 }
@@ -31453,46 +31453,54 @@ var analysisTools = [
       packages: external_exports.array(external_exports.string()).min(2).max(5).describe("Package names to compare")
     }),
     handler: async (input) => {
-      const results = await Promise.all(
+      const partials = await Promise.all(
         input.packages.map(async (name) => {
           const [pkgRes, dlRes] = await Promise.all([
             registryGet(`/${encPkg(name)}`),
             downloadsGet(`/downloads/point/last-week/${encPkg(name)}`)
           ]);
-          if (!pkgRes.ok) {
-            return { name, error: pkgRes.error };
-          }
-          const pkg = pkgRes.data;
-          const latest = pkg["dist-tags"]?.latest;
-          const latestVersion = latest ? pkg.versions[latest] : void 0;
-          const versionKeys = Object.keys(pkg.versions);
-          let vulnerabilities = 0;
-          if (latest) {
-            const auditRes = await registryPost("/-/npm/v1/security/advisories/bulk", {
-              [name]: [latest]
-            });
-            if (auditRes.ok && auditRes.data?.[name]) {
-              vulnerabilities = auditRes.data[name].length;
-            }
-          }
-          return {
-            name,
-            description: pkg.description,
-            latest,
-            license: pkg.license ?? latestVersion?.license,
-            maintainers: pkg.maintainers?.map((m) => m.name),
-            weeklyDownloads: dlRes.ok ? dlRes.data.downloads : null,
-            versionCount: versionKeys.length,
-            created: pkg.time.created,
-            lastPublish: latest ? pkg.time[latest] : void 0,
-            deprecated: latestVersion?.deprecated ?? false,
-            hasReadme: !!(pkg.readme && pkg.readme.length > 0),
-            repository: pkg.repository,
-            homepage: pkg.homepage,
-            vulnerabilities
-          };
+          return { name, pkgRes, dlRes };
         })
       );
+      const auditMap = {};
+      for (const { name, pkgRes } of partials) {
+        if (!pkgRes.ok) continue;
+        const latest = pkgRes.data["dist-tags"]?.latest;
+        if (latest) auditMap[name] = [latest];
+      }
+      let auditData = {};
+      if (Object.keys(auditMap).length > 0) {
+        const auditRes = await registryPost("/-/npm/v1/security/advisories/bulk", auditMap);
+        if (auditRes.ok && auditRes.data) auditData = auditRes.data;
+      }
+      const results = partials.map(({ name, pkgRes, dlRes }) => {
+        if (!pkgRes.ok) {
+          const translated = translateError(pkgRes, { pkg: name, op: "compare" });
+          return { name, error: translated.error };
+        }
+        const pkg = pkgRes.data;
+        const latest = pkg["dist-tags"]?.latest;
+        const latestVersion = latest ? pkg.versions[latest] : void 0;
+        const versionKeys = Object.keys(pkg.versions);
+        const advisories = auditData[name];
+        const vulnerabilities = Array.isArray(advisories) ? advisories.length : 0;
+        return {
+          name,
+          description: pkg.description,
+          latest,
+          license: pkg.license ?? latestVersion?.license,
+          maintainers: pkg.maintainers?.map((m) => m.name),
+          weeklyDownloads: dlRes.ok ? dlRes.data.downloads : null,
+          versionCount: versionKeys.length,
+          created: pkg.time.created,
+          lastPublish: latest ? pkg.time[latest] : void 0,
+          deprecated: latestVersion?.deprecated ?? false,
+          hasReadme: !!(pkg.readme && pkg.readme.length > 0),
+          repository: pkg.repository,
+          homepage: pkg.homepage,
+          vulnerabilities
+        };
+      });
       return { ok: true, status: 200, data: { comparison: results } };
     }
   },
@@ -31521,6 +31529,7 @@ var analysisTools = [
       const latestVersion = latest ? pkg.versions[latest] : void 0;
       const versionKeys = Object.keys(pkg.versions);
       let vulnerabilityCount = null;
+      let auditReliable = true;
       if (latest) {
         const auditRes = await registryPost("/-/npm/v1/security/advisories/bulk", {
           [input.name]: [latest]
@@ -31528,7 +31537,11 @@ var analysisTools = [
         if (auditRes.ok) {
           const advisories = auditRes.data?.[input.name];
           vulnerabilityCount = Array.isArray(advisories) ? advisories.length : 0;
+        } else {
+          auditReliable = false;
         }
+      } else {
+        auditReliable = false;
       }
       const publishDates = versionKeys.map((v) => pkg.time[v]).filter(Boolean).map((d) => new Date(d).getTime()).sort((a, b) => b - a);
       const now = Date.now();
@@ -31562,6 +31575,7 @@ var analysisTools = [
             daysSinceLastPublish,
             avgDaysBetweenReleases,
             vulnerabilityCount,
+            auditReliable,
             hasLicense,
             hasReadme,
             hasRepo,
@@ -31937,7 +31951,7 @@ var dependencyTools = [
         if (tree[resolvedKey]) return;
         const versionData = pkg.versions[resolvedVersion];
         if (!versionData) {
-          tree[resolvedKey] = { version: resolvedVersion, dependencies: {} };
+          tree[resolvedKey] = { version: resolvedVersion, dependencies: {}, failed: true };
           return;
         }
         const deps = versionData.dependencies ?? {};
@@ -33475,7 +33489,7 @@ var writeTools = [
   // via the packument (step 3 succeeded), so we report success with a warning.
   {
     name: "npm_unpublish_version",
-    description: "Unpublish a specific version of a package. IRREVERSIBLE: once unpublished, the version cannot be re-published and will be blocked for 72 hours. Only works within 72 hours of the original publish for most packages. Requires explicit confirm: true to prevent accidents. Follows the npm CLI flow (mutate packument + delete tarball). For full-package unpublish use npm_unpublish_package.",
+    description: "Unpublish a specific version of a package. IRREVERSIBLE: once unpublished, the version cannot be re-published and will be blocked for 72 hours. Only works within 72 hours of the original publish for most packages. Requires explicit confirm: true to prevent accidents. Follows the npm CLI flow (mutate packument + delete tarball). For full-package unpublish use npm_unpublish_package. Dist-tag handling: any dist-tag that pointed at the unpublished version is removed. Only `latest` is auto-reassigned (to the highest remaining stable version). Other tags like `next`/`beta` are left unset \u2014 reassign them explicitly with npm_dist_tag_set if needed.",
     annotations: {
       title: "Unpublish version",
       readOnlyHint: false,
@@ -34221,7 +34235,7 @@ var writeTools = [
 ];
 
 // src/index.ts
-var version2 = true ? "0.11.8" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.11.11" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "version" || subcommand === "--version" || subcommand === "-v" || subcommand === "-V") {
   console.log(version2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/npmjs-mcp",
-  "version": "0.11.8",
+  "version": "0.11.11",
   "mcpName": "io.github.YawLabs/npmjs-mcp",
   "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
   "license": "MIT",