@yawlabs/npmjs-mcp 0.4.0 → 0.5.0

package/README.md

@@ -65,7 +65,7 @@ Add to `claude_desktop_config.json`:
 }
 ```
 
-## Tools (35)
+## Tools (37)
 
 ### Search
 - `npm_search` — Search the npm registry with qualifiers (keywords, author, scope)
@@ -76,6 +76,7 @@ Add to `claude_desktop_config.json`:
 - `npm_versions` — List all published versions with dates
 - `npm_readme` — Get README content
 - `npm_dist_tags` — Get dist-tags (latest, next, beta, etc)
+- `npm_types` — Check TypeScript type support (built-in types or @types/*)
 
 ### Dependencies
 - `npm_dependencies` — Get dependency lists (prod, dev, peer, optional)
@@ -106,10 +107,14 @@ Add to `claude_desktop_config.json`:
 ### Provenance
 - `npm_provenance` — Get Sigstore provenance attestations (SLSA, publish)
 
+### Trusted Publishers (requires NPM_TOKEN)
+- `npm_trusted_publishers` — List OIDC trust relationships with CI/CD providers
+
 ### Auth (requires NPM_TOKEN)
 - `npm_whoami` — Check authenticated user
 - `npm_profile` — Get profile, email, 2FA status
 - `npm_tokens` — List access tokens
+- `npm_user_packages` — List packages published by a user
 
 ### Access (requires NPM_TOKEN)
 - `npm_collaborators` — List package collaborators and permissions
@@ -121,16 +126,13 @@ Add to `claude_desktop_config.json`:
 - `npm_org_teams` — List org teams
 - `npm_team_packages` — List team package permissions
 
-### Hooks (requires NPM_TOKEN)
-- `npm_hooks` — List npm webhooks
-
 ### Workflows
 - `npm_check_auth` — Auth health check with headless publish feasibility
 - `npm_publish_preflight` — Pre-publish validation checklist
 
 ## Features
 
-- **35 tools** covering search, packages, deps, downloads, security, analysis, auth, orgs, provenance, and publish workflows
+- **37 tools** covering search, packages, deps, downloads, security, analysis, auth, orgs, provenance, trust, and publish workflows
 - **No API key required** for read-only tools — authenticated tools opt-in via NPM_TOKEN
 - **Zero runtime dependencies** — Single bundled file for instant `npx` startup
 - **Agent-aware publish tools** — Detects non-interactive context, provides human hand-off actions instead of unworkable retries

package/dist/index.js

@@ -21087,6 +21087,23 @@ function downloadsGet(path) {
 function replicateGet(path) {
   return request(REPLICATE_URL, path);
 }
+function createLimiter(max) {
+  let active = 0;
+  const queue = [];
+  return function runLimited(fn) {
+    return new Promise((resolve, reject) => {
+      const run = () => {
+        active++;
+        fn().then(resolve, reject).finally(() => {
+          active--;
+          if (queue.length > 0) queue.shift()();
+        });
+      };
+      if (active < max) run();
+      else queue.push(run);
+    });
+  };
+}
 function parseSemver(v) {
   const m = v.match(/^(\d+)\.(\d+)\.(\d+)/);
   return m ? [Number(m[1]), Number(m[2]), Number(m[3])] : null;
@@ -21098,63 +21115,109 @@ function cmpSemver(a, b) {
   }
   return 0;
 }
-function maxSatisfying(versions, range) {
-  const r = range.trim().replace(/^v/, "");
-  if (versions.includes(r)) return r;
-  let minInclusive = null;
-  let maxExclusive = null;
+function parseSingleConstraint(r) {
+  if (r === "*" || r === "") {
+    return { min: null, max: null };
+  }
   if (r.startsWith("^")) {
     const base = parseSemver(r.slice(1));
     if (!base) return null;
-    minInclusive = base;
-    if (base[0] > 0) maxExclusive = [base[0] + 1, 0, 0];
-    else if (base[1] > 0) maxExclusive = [0, base[1] + 1, 0];
-    else maxExclusive = [0, 0, base[2] + 1];
-  } else if (r.startsWith("~")) {
+    let max;
+    if (base[0] > 0) max = [base[0] + 1, 0, 0];
+    else if (base[1] > 0) max = [0, base[1] + 1, 0];
+    else max = [0, 0, base[2] + 1];
+    return { min: base, max };
+  }
+  if (r.startsWith("~")) {
     const base = parseSemver(r.slice(1));
     if (!base) return null;
-    minInclusive = base;
-    maxExclusive = [base[0], base[1] + 1, 0];
-  } else if (r.startsWith(">=")) {
+    return { min: base, max: [base[0], base[1] + 1, 0] };
+  }
+  if (r.startsWith(">=")) {
     const base = parseSemver(r.slice(2));
     if (!base) return null;
-    minInclusive = base;
-  } else if (r.startsWith("<=")) {
+    return { min: base, max: null };
+  }
+  if (r.startsWith(">")) {
+    const base = parseSemver(r.slice(1));
+    if (!base) return null;
+    return { min: [base[0], base[1], base[2] + 1], max: null };
+  }
+  if (r.startsWith("<=")) {
     const base = parseSemver(r.slice(2));
     if (!base) return null;
-    maxExclusive = [base[0], base[1], base[2] + 1];
-  } else {
-    const xm = r.match(/^(\d+)(?:\.(\d+|x)(?:\.(\d+|x))?)?$/);
-    if (xm) {
-      const major = Number(xm[1]);
-      const minor = xm[2] !== void 0 && xm[2] !== "x" ? Number(xm[2]) : null;
-      if (minor === null) {
-        minInclusive = [major, 0, 0];
-        maxExclusive = [major + 1, 0, 0];
-      } else {
-        const patch = xm[3] !== void 0 && xm[3] !== "x" ? Number(xm[3]) : null;
-        if (patch === null) {
-          minInclusive = [major, minor, 0];
-          maxExclusive = [major, minor + 1, 0];
-        } else {
-          return null;
-        }
+    return { min: null, max: [base[0], base[1], base[2] + 1] };
+  }
+  if (r.startsWith("<")) {
+    const base = parseSemver(r.slice(1));
+    if (!base) return null;
+    return { min: null, max: base };
+  }
+  if (r.startsWith("=")) {
+    const base = parseSemver(r.slice(1));
+    if (!base) return null;
+    return { min: base, max: [base[0], base[1], base[2] + 1] };
+  }
+  const xm = r.match(/^(\d+)(?:\.(\d+|x|\*)(?:\.(\d+|x|\*))?)?$/);
+  if (xm) {
+    const major = Number(xm[1]);
+    const minor = xm[2] !== void 0 && xm[2] !== "x" && xm[2] !== "*" ? Number(xm[2]) : null;
+    if (minor === null) {
+      return { min: [major, 0, 0], max: [major + 1, 0, 0] };
+    }
+    const patch = xm[3] !== void 0 && xm[3] !== "x" && xm[3] !== "*" ? Number(xm[3]) : null;
+    if (patch === null) {
+      return { min: [major, minor, 0], max: [major, minor + 1, 0] };
+    }
+    return null;
+  }
+  return null;
+}
+function parseRange(r) {
+  const hyphenMatch = r.match(/^(\d+\.\d+\.\d+)\s+-\s+(\d+\.\d+\.\d+)$/);
+  if (hyphenMatch) {
+    const low = parseSemver(hyphenMatch[1]);
+    const high = parseSemver(hyphenMatch[2]);
+    if (low && high) return { min: low, max: [high[0], high[1], high[2] + 1] };
+    return null;
+  }
+  const parts = r.trim().split(/\s+/);
+  if (parts.length > 1) {
+    let min = null;
+    let max = null;
+    for (const part of parts) {
+      const constraint = parseSingleConstraint(part);
+      if (!constraint) return null;
+      if (constraint.min) {
+        if (!min || cmpSemver(constraint.min, min) > 0) min = constraint.min;
+      }
+      if (constraint.max) {
+        if (!max || cmpSemver(constraint.max, max) < 0) max = constraint.max;
       }
-    } else {
-      return null;
     }
+    return { min, max };
   }
+  return parseSingleConstraint(r.trim());
+}
+function maxSatisfying(versions, range) {
+  const r = range.trim().replace(/^v/, "");
+  if (versions.includes(r)) return r;
+  const subRanges = r.split("||").map((s) => s.trim());
   let best = null;
   let bestParsed = null;
-  for (const v of versions) {
-    if (v.includes("-") && !r.includes("-")) continue;
-    const parsed = parseSemver(v);
+  for (const sub of subRanges) {
+    const parsed = parseRange(sub);
     if (!parsed) continue;
-    if (minInclusive && cmpSemver(parsed, minInclusive) < 0) continue;
-    if (maxExclusive && cmpSemver(parsed, maxExclusive) >= 0) continue;
-    if (!bestParsed || cmpSemver(parsed, bestParsed) > 0) {
-      best = v;
-      bestParsed = parsed;
+    for (const v of versions) {
+      if (v.includes("-") && !sub.includes("-")) continue;
+      const vp = parseSemver(v);
+      if (!vp) continue;
+      if (parsed.min && cmpSemver(vp, parsed.min) < 0) continue;
+      if (parsed.max && cmpSemver(vp, parsed.max) >= 0) continue;
+      if (!bestParsed || cmpSemver(vp, bestParsed) > 0) {
+        best = v;
+        bestParsed = vp;
+      }
     }
   }
   return best;
@@ -21641,26 +21704,11 @@ var dependencyTools = [
     }),
     handler: async (input) => {
       const maxDepth = input.depth ?? 3;
-      const MAX_CONCURRENT = 10;
+      const runLimited = createLimiter(10);
       const packumentCache = /* @__PURE__ */ new Map();
       const resolved = /* @__PURE__ */ new Set();
       const tree = {};
       const warnings = [];
-      let active = 0;
-      const queue = [];
-      function runLimited(fn) {
-        return new Promise((resolve2, reject) => {
-          const run = () => {
-            active++;
-            fn().then(resolve2, reject).finally(() => {
-              active--;
-              if (queue.length > 0) queue.shift()();
-            });
-          };
-          if (active < MAX_CONCURRENT) run();
-          else queue.push(run);
-        });
-      }
       async function resolve(name, versionHint2, currentDepth) {
         const hintKey = `${name}@${versionHint2}`;
         if (resolved.has(hintKey) || currentDepth > maxDepth) return;
@@ -21739,22 +21787,7 @@ var dependencyTools = [
       if (!res.ok) return res;
       const pkg = res.data;
       const depEntries = Object.entries(pkg.dependencies ?? {});
-      const MAX_CONCURRENT = 10;
-      let active = 0;
-      const queue = [];
-      function runLimited(fn) {
-        return new Promise((resolve, reject) => {
-          const run = () => {
-            active++;
-            fn().then(resolve, reject).finally(() => {
-              active--;
-              if (queue.length > 0) queue.shift()();
-            });
-          };
-          if (active < MAX_CONCURRENT) run();
-          else queue.push(run);
-        });
-      }
+      const runLimited = createLimiter(10);
       const depLicenses = await Promise.all(
         depEntries.map(async ([depName, depRange]) => {
           const abbrevRes = await runLimited(() => registryGetAbbreviated(`/${encPkg(depName)}`));
@@ -22763,7 +22796,7 @@ var workflowTools = [
 ];
 
 // src/index.ts
-var version2 = true ? "0.4.0" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.5.0" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "version" || subcommand === "--version") {
   console.log(version2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/npmjs-mcp",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
   "license": "MIT",
   "author": "YawLabs <contact@yaw.sh>",