@yawlabs/npmjs-mcp 0.7.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +163 -110
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -21015,8 +21015,21 @@ var REGISTRY_URL = "https://registry.npmjs.org";
|
|
|
21015
21015
|
var DOWNLOADS_URL = "https://api.npmjs.org";
|
|
21016
21016
|
var REPLICATE_URL = "https://replicate.npmjs.com";
|
|
21017
21017
|
var REQUEST_TIMEOUT_MS = 3e4;
|
|
21018
|
+
var PACKAGE_NAME_MAX_LENGTH = 214;
|
|
21019
|
+
var PACKAGE_NAME_PATTERN = /^(?:@[a-zA-Z0-9][a-zA-Z0-9\-_.]*\/)?[a-zA-Z0-9][a-zA-Z0-9\-_.]*$/;
|
|
21020
|
+
function validatePackageName(name) {
|
|
21021
|
+
if (typeof name !== "string" || name.length === 0) return "Package name is empty";
|
|
21022
|
+
if (name.length > PACKAGE_NAME_MAX_LENGTH) {
|
|
21023
|
+
return `Package name exceeds ${PACKAGE_NAME_MAX_LENGTH} characters (got ${name.length}).`;
|
|
21024
|
+
}
|
|
21025
|
+
if (!PACKAGE_NAME_PATTERN.test(name)) {
|
|
21026
|
+
return `Invalid package name '${name}'. Names must start with an alphanumeric character and contain only [a-zA-Z0-9-_.], optionally prefixed with '@scope/' for scoped packages.`;
|
|
21027
|
+
}
|
|
21028
|
+
return null;
|
|
21029
|
+
}
|
|
21018
21030
|
function encPkg(name) {
|
|
21019
|
-
|
|
21031
|
+
const err = validatePackageName(name);
|
|
21032
|
+
if (err) throw new Error(err);
|
|
21020
21033
|
return name.startsWith("@") ? `@${encodeURIComponent(name.slice(1))}` : encodeURIComponent(name);
|
|
21021
21034
|
}
|
|
21022
21035
|
function isAuthenticated() {
|
|
@@ -21232,6 +21245,61 @@ function maxSatisfying(versions, range) {
|
|
|
21232
21245
|
return best;
|
|
21233
21246
|
}
|
|
21234
21247
|
|
|
21248
|
+
// src/errors.ts
|
|
21249
|
+
function translateError(res, context) {
|
|
21250
|
+
if (res.ok) return res;
|
|
21251
|
+
const pkgPart = context.pkg ? ` for ${context.pkg}` : "";
|
|
21252
|
+
const opPart = context.op ? ` during ${context.op}` : "";
|
|
21253
|
+
switch (res.status) {
|
|
21254
|
+
case 401:
|
|
21255
|
+
return {
|
|
21256
|
+
...res,
|
|
21257
|
+
error: `Authentication failed${pkgPart}${opPart}. Your NPM_TOKEN may be invalid, expired, or lack write scope. Create a Granular Access Token with 'Read and write' permission at https://www.npmjs.com/settings/~/tokens, or use a classic Automation token (which bypasses 2FA). Raw: ${res.error}`
|
|
21258
|
+
};
|
|
21259
|
+
case 403:
|
|
21260
|
+
return {
|
|
21261
|
+
...res,
|
|
21262
|
+
error: `Not authorized${pkgPart}${opPart}. You may not be a maintainer of this package, or the token's scope doesn't include it. Check current maintainers with npm_collaborators or npm_package_access. Raw: ${res.error}`
|
|
21263
|
+
};
|
|
21264
|
+
case 404:
|
|
21265
|
+
return {
|
|
21266
|
+
...res,
|
|
21267
|
+
error: `Not found${pkgPart}${opPart}. Check the exact package name (scoped packages require the @scope/ prefix). If the version is specified, verify it exists with npm_package. Raw: ${res.error}`
|
|
21268
|
+
};
|
|
21269
|
+
case 422:
|
|
21270
|
+
return {
|
|
21271
|
+
...res,
|
|
21272
|
+
error: `Registry rejected the request payload${pkgPart}${opPart} (422 Unprocessable Entity). Most common causes: (1) invalid semver range \u2014 validate with npm_package versions first; (2) deprecation message format \u2014 em-dash form works, period-capital form sometimes 422s; (3) account-level 2FA policy requires interactive CLI session. If #3, CLI fallback: \`npm login --auth-type=web\` followed by the npm CLI command. Raw: ${res.error}`
|
|
21273
|
+
};
|
|
21274
|
+
case 429:
|
|
21275
|
+
return {
|
|
21276
|
+
...res,
|
|
21277
|
+
error: `Rate limited${opPart}. Wait 60 seconds and retry. Raw: ${res.error}`
|
|
21278
|
+
};
|
|
21279
|
+
case 0:
|
|
21280
|
+
return {
|
|
21281
|
+
...res,
|
|
21282
|
+
error: `Network error${opPart}. Could not reach the registry. Raw: ${res.error}`
|
|
21283
|
+
};
|
|
21284
|
+
default:
|
|
21285
|
+
return res;
|
|
21286
|
+
}
|
|
21287
|
+
}
|
|
21288
|
+
function validateDeprecationMessage(msg) {
|
|
21289
|
+
if (msg.length > 1024) {
|
|
21290
|
+
return "Deprecation message exceeds 1024 characters (registry limit).";
|
|
21291
|
+
}
|
|
21292
|
+
if (msg.length === 0) return null;
|
|
21293
|
+
if (/\.\s+[A-Z]/.test(msg)) {
|
|
21294
|
+
return `Deprecation message contains the "period + space + capital letter" pattern that has triggered 422 Unprocessable Entity on at least one scoped package. The working form uses em-dash and lowercase continuation: e.g. "Renamed to @yawlabs/spend \u2014 install that instead". Pass force: true to bypass this validation.`;
|
|
21295
|
+
}
|
|
21296
|
+
return null;
|
|
21297
|
+
}
|
|
21298
|
+
function versionsMatchingRange(versions, range, maxSatisfying2) {
|
|
21299
|
+
if (range === "*" || range === "") return [...versions];
|
|
21300
|
+
return versions.filter((v) => maxSatisfying2([v], range) === v);
|
|
21301
|
+
}
|
|
21302
|
+
|
|
21235
21303
|
// src/tools/access.ts
|
|
21236
21304
|
var accessTools = [
|
|
21237
21305
|
{
|
|
@@ -21251,7 +21319,7 @@ var accessTools = [
|
|
|
21251
21319
|
const authErr = requireAuth();
|
|
21252
21320
|
if (authErr) return authErr;
|
|
21253
21321
|
const res = await registryGetAuth(`/-/package/${encPkg(input.name)}/collaborators`);
|
|
21254
|
-
if (!res.ok) return res;
|
|
21322
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "collaborators" });
|
|
21255
21323
|
const collaborators = Object.entries(res.data).map(([username, permissions]) => ({
|
|
21256
21324
|
username,
|
|
21257
21325
|
permissions
|
|
@@ -21287,7 +21355,7 @@ var accessTools = [
|
|
|
21287
21355
|
registryGetAuth(`/-/package/${encPkg(input.name)}/access`),
|
|
21288
21356
|
registryGetAuth(`/-/package/${encPkg(input.name)}/collaborators`)
|
|
21289
21357
|
]);
|
|
21290
|
-
if (!accessRes.ok && !collabRes.ok) return collabRes;
|
|
21358
|
+
if (!accessRes.ok && !collabRes.ok) return translateError(collabRes, { pkg: input.name, op: "package_access" });
|
|
21291
21359
|
const result = {
|
|
21292
21360
|
package: input.name,
|
|
21293
21361
|
isScoped: input.name.startsWith("@")
|
|
@@ -21388,7 +21456,7 @@ var analysisTools = [
|
|
|
21388
21456
|
downloadsGet(`/downloads/point/last-week/${encPkg(input.name)}`),
|
|
21389
21457
|
downloadsGet(`/downloads/point/last-month/${encPkg(input.name)}`)
|
|
21390
21458
|
]);
|
|
21391
|
-
if (!pkgRes.ok) return pkgRes;
|
|
21459
|
+
if (!pkgRes.ok) return translateError(pkgRes, { pkg: input.name, op: "health" });
|
|
21392
21460
|
const pkg = pkgRes.data;
|
|
21393
21461
|
const latest = pkg["dist-tags"]?.latest;
|
|
21394
21462
|
const latestVersion = latest ? pkg.versions[latest] : void 0;
|
|
@@ -21462,7 +21530,7 @@ var analysisTools = [
|
|
|
21462
21530
|
}),
|
|
21463
21531
|
handler: async (input) => {
|
|
21464
21532
|
const res = await registryGet(`/${encPkg(input.name)}`);
|
|
21465
|
-
if (!res.ok) return res;
|
|
21533
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "maintainers" });
|
|
21466
21534
|
const pkg = res.data;
|
|
21467
21535
|
const publishCounts = {};
|
|
21468
21536
|
for (const ver of Object.values(pkg.versions)) {
|
|
@@ -21498,7 +21566,7 @@ var analysisTools = [
|
|
|
21498
21566
|
}),
|
|
21499
21567
|
handler: async (input) => {
|
|
21500
21568
|
const res = await registryGet(`/${encPkg(input.name)}`);
|
|
21501
|
-
if (!res.ok) return res;
|
|
21569
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "release_frequency" });
|
|
21502
21570
|
const pkg = res.data;
|
|
21503
21571
|
const limit = input.limit ?? 20;
|
|
21504
21572
|
const releases = Object.keys(pkg.versions).map((v) => ({ version: v, date: pkg.time[v] })).filter((r) => r.date).sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime()).slice(0, limit);
|
|
@@ -21545,7 +21613,8 @@ var authTools = [
|
|
|
21545
21613
|
handler: async () => {
|
|
21546
21614
|
const authErr = requireAuth();
|
|
21547
21615
|
if (authErr) return authErr;
|
|
21548
|
-
|
|
21616
|
+
const res = await registryGetAuth("/-/whoami");
|
|
21617
|
+
return res.ok ? res : translateError(res, { op: "whoami" });
|
|
21549
21618
|
}
|
|
21550
21619
|
},
|
|
21551
21620
|
{
|
|
@@ -21563,7 +21632,7 @@ var authTools = [
|
|
|
21563
21632
|
const authErr = requireAuth();
|
|
21564
21633
|
if (authErr) return authErr;
|
|
21565
21634
|
const res = await registryGetAuth("/-/npm/v1/user");
|
|
21566
|
-
if (!res.ok) return res;
|
|
21635
|
+
if (!res.ok) return translateError(res, { op: "profile" });
|
|
21567
21636
|
const p = res.data;
|
|
21568
21637
|
return {
|
|
21569
21638
|
ok: true,
|
|
@@ -21607,7 +21676,7 @@ var authTools = [
|
|
|
21607
21676
|
const qs = params.toString();
|
|
21608
21677
|
const path = `/-/npm/v1/tokens${qs ? `?${qs}` : ""}`;
|
|
21609
21678
|
const res = await registryGetAuth(path);
|
|
21610
|
-
if (!res.ok) return res;
|
|
21679
|
+
if (!res.ok) return translateError(res, { op: "tokens" });
|
|
21611
21680
|
const data = res.data;
|
|
21612
21681
|
return {
|
|
21613
21682
|
ok: true,
|
|
@@ -21681,7 +21750,7 @@ var authTools = [
|
|
|
21681
21750
|
const res = await registryGetAuth(
|
|
21682
21751
|
`/-/user/org.couchdb.user:${encodeURIComponent(input.username)}/package`
|
|
21683
21752
|
);
|
|
21684
|
-
if (!res.ok) return res;
|
|
21753
|
+
if (!res.ok) return translateError(res, { op: `user_packages ${input.username}` });
|
|
21685
21754
|
const packages = Object.entries(res.data).map(([name, access]) => ({ name, access }));
|
|
21686
21755
|
return {
|
|
21687
21756
|
ok: true,
|
|
@@ -21715,7 +21784,7 @@ var dependencyTools = [
|
|
|
21715
21784
|
handler: async (input) => {
|
|
21716
21785
|
const ver = input.version ?? "latest";
|
|
21717
21786
|
const res = await registryGet(`/${encPkg(input.name)}/${ver}`);
|
|
21718
|
-
if (!res.ok) return res;
|
|
21787
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: `dependencies ${ver}` });
|
|
21719
21788
|
const v = res.data;
|
|
21720
21789
|
return {
|
|
21721
21790
|
ok: true,
|
|
@@ -21830,7 +21899,7 @@ var dependencyTools = [
|
|
|
21830
21899
|
handler: async (input) => {
|
|
21831
21900
|
const ver = input.version ?? "latest";
|
|
21832
21901
|
const res = await registryGet(`/${encPkg(input.name)}/${ver}`);
|
|
21833
|
-
if (!res.ok) return res;
|
|
21902
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: `license_check ${ver}` });
|
|
21834
21903
|
const pkg = res.data;
|
|
21835
21904
|
const depEntries = Object.entries(pkg.dependencies ?? {});
|
|
21836
21905
|
const runLimited = createLimiter(10);
|
|
@@ -21888,7 +21957,8 @@ var downloadTools = [
|
|
|
21888
21957
|
}),
|
|
21889
21958
|
handler: async (input) => {
|
|
21890
21959
|
const period = input.period ?? "last-week";
|
|
21891
|
-
|
|
21960
|
+
const res = await downloadsGet(`/downloads/point/${period}/${encPkg(input.name)}`);
|
|
21961
|
+
return res.ok ? res : translateError(res, { pkg: input.name, op: `downloads ${period}` });
|
|
21892
21962
|
}
|
|
21893
21963
|
},
|
|
21894
21964
|
{
|
|
@@ -21907,7 +21977,8 @@ var downloadTools = [
|
|
|
21907
21977
|
}),
|
|
21908
21978
|
handler: async (input) => {
|
|
21909
21979
|
const period = input.period ?? "last-month";
|
|
21910
|
-
|
|
21980
|
+
const res = await downloadsGet(`/downloads/range/${period}/${encPkg(input.name)}`);
|
|
21981
|
+
return res.ok ? res : translateError(res, { pkg: input.name, op: `downloads_range ${period}` });
|
|
21911
21982
|
}
|
|
21912
21983
|
},
|
|
21913
21984
|
{
|
|
@@ -21927,7 +21998,8 @@ var downloadTools = [
|
|
|
21927
21998
|
handler: async (input) => {
|
|
21928
21999
|
const period = input.period ?? "last-week";
|
|
21929
22000
|
const names = input.packages.map((p) => encPkg(p)).join(",");
|
|
21930
|
-
|
|
22001
|
+
const res = await downloadsGet(`/downloads/point/${period}/${names}`);
|
|
22002
|
+
return res.ok ? res : translateError(res, { op: `downloads_bulk ${period}` });
|
|
21931
22003
|
}
|
|
21932
22004
|
},
|
|
21933
22005
|
{
|
|
@@ -21946,66 +22018,12 @@ var downloadTools = [
|
|
|
21946
22018
|
}),
|
|
21947
22019
|
handler: async (input) => {
|
|
21948
22020
|
const period = input.period ?? "last-week";
|
|
21949
|
-
|
|
22021
|
+
const res = await downloadsGet(`/versions/${encPkg(input.name)}/${period}`);
|
|
22022
|
+
return res.ok ? res : translateError(res, { pkg: input.name, op: `version_downloads ${period}` });
|
|
21950
22023
|
}
|
|
21951
22024
|
}
|
|
21952
22025
|
];
|
|
21953
22026
|
|
|
21954
|
-
// src/errors.ts
|
|
21955
|
-
function translateError(res, context) {
|
|
21956
|
-
if (res.ok) return res;
|
|
21957
|
-
const pkgPart = context.pkg ? ` for ${context.pkg}` : "";
|
|
21958
|
-
const opPart = context.op ? ` during ${context.op}` : "";
|
|
21959
|
-
switch (res.status) {
|
|
21960
|
-
case 401:
|
|
21961
|
-
return {
|
|
21962
|
-
...res,
|
|
21963
|
-
error: `Authentication failed${pkgPart}${opPart}. Your NPM_TOKEN may be invalid, expired, or lack write scope. Create a Granular Access Token with 'Read and write' permission at https://www.npmjs.com/settings/~/tokens, or use a classic Automation token (which bypasses 2FA). Raw: ${res.error}`
|
|
21964
|
-
};
|
|
21965
|
-
case 403:
|
|
21966
|
-
return {
|
|
21967
|
-
...res,
|
|
21968
|
-
error: `Not authorized${pkgPart}${opPart}. You may not be a maintainer of this package, or the token's scope doesn't include it. Check current maintainers with npm_collaborators or npm_package_access. Raw: ${res.error}`
|
|
21969
|
-
};
|
|
21970
|
-
case 404:
|
|
21971
|
-
return {
|
|
21972
|
-
...res,
|
|
21973
|
-
error: `Not found${pkgPart}${opPart}. Check the exact package name (scoped packages require the @scope/ prefix). If the version is specified, verify it exists with npm_package. Raw: ${res.error}`
|
|
21974
|
-
};
|
|
21975
|
-
case 422:
|
|
21976
|
-
return {
|
|
21977
|
-
...res,
|
|
21978
|
-
error: `Registry rejected the request payload${pkgPart}${opPart} (422 Unprocessable Entity). Most common causes: (1) invalid semver range \u2014 validate with npm_package versions first; (2) deprecation message format \u2014 em-dash form works, period-capital form sometimes 422s; (3) account-level 2FA policy requires interactive CLI session. If #3, CLI fallback: \`npm login --auth-type=web\` followed by the npm CLI command. Raw: ${res.error}`
|
|
21979
|
-
};
|
|
21980
|
-
case 429:
|
|
21981
|
-
return {
|
|
21982
|
-
...res,
|
|
21983
|
-
error: `Rate limited${opPart}. Wait 60 seconds and retry. Raw: ${res.error}`
|
|
21984
|
-
};
|
|
21985
|
-
case 0:
|
|
21986
|
-
return {
|
|
21987
|
-
...res,
|
|
21988
|
-
error: `Network error${opPart}. Could not reach the registry. Raw: ${res.error}`
|
|
21989
|
-
};
|
|
21990
|
-
default:
|
|
21991
|
-
return res;
|
|
21992
|
-
}
|
|
21993
|
-
}
|
|
21994
|
-
function validateDeprecationMessage(msg) {
|
|
21995
|
-
if (msg.length > 1024) {
|
|
21996
|
-
return "Deprecation message exceeds 1024 characters (registry limit).";
|
|
21997
|
-
}
|
|
21998
|
-
if (msg.length === 0) return null;
|
|
21999
|
-
if (/\.\s+[A-Z]/.test(msg)) {
|
|
22000
|
-
return `Deprecation message contains the "period + space + capital letter" pattern that has triggered 422 Unprocessable Entity on at least one scoped package. The working form uses em-dash and lowercase continuation: e.g. "Renamed to @yawlabs/spend \u2014 install that instead". Pass force: true to bypass this validation.`;
|
|
22001
|
-
}
|
|
22002
|
-
return null;
|
|
22003
|
-
}
|
|
22004
|
-
function versionsMatchingRange(versions, range, maxSatisfying2) {
|
|
22005
|
-
if (range === "*" || range === "") return [...versions];
|
|
22006
|
-
return versions.filter((v) => maxSatisfying2([v], range) === v);
|
|
22007
|
-
}
|
|
22008
|
-
|
|
22009
22027
|
// src/tools/hooks.ts
|
|
22010
22028
|
function classifyHookTarget(target) {
|
|
22011
22029
|
if (target.startsWith("~")) return { type: "owner", name: target.slice(1) };
|
|
@@ -22159,7 +22177,7 @@ var orgTools = [
|
|
|
22159
22177
|
const authErr = requireAuth();
|
|
22160
22178
|
if (authErr) return authErr;
|
|
22161
22179
|
const res = await registryGetAuth(`/-/org/${encodeURIComponent(input.org)}/user`);
|
|
22162
|
-
if (!res.ok) return res;
|
|
22180
|
+
if (!res.ok) return translateError(res, { op: `org_members ${input.org}` });
|
|
22163
22181
|
const members = Object.entries(res.data).map(([username, role]) => ({ username, role }));
|
|
22164
22182
|
return {
|
|
22165
22183
|
ok: true,
|
|
@@ -22189,7 +22207,7 @@ var orgTools = [
|
|
|
22189
22207
|
const authErr = requireAuth();
|
|
22190
22208
|
if (authErr) return authErr;
|
|
22191
22209
|
const res = await registryGetAuth(`/-/org/${encodeURIComponent(input.org)}/package`);
|
|
22192
|
-
if (!res.ok) return res;
|
|
22210
|
+
if (!res.ok) return translateError(res, { op: `org_packages ${input.org}` });
|
|
22193
22211
|
const packages = Object.entries(res.data).map(([name, access]) => ({ name, access }));
|
|
22194
22212
|
return {
|
|
22195
22213
|
ok: true,
|
|
@@ -22219,7 +22237,7 @@ var orgTools = [
|
|
|
22219
22237
|
const authErr = requireAuth();
|
|
22220
22238
|
if (authErr) return authErr;
|
|
22221
22239
|
const res = await registryGetAuth(`/-/org/${encodeURIComponent(input.org)}/team`);
|
|
22222
|
-
if (!res.ok) return res;
|
|
22240
|
+
if (!res.ok) return translateError(res, { op: `org_teams ${input.org}` });
|
|
22223
22241
|
return {
|
|
22224
22242
|
ok: true,
|
|
22225
22243
|
status: 200,
|
|
@@ -22251,7 +22269,7 @@ var orgTools = [
|
|
|
22251
22269
|
const res = await registryGetAuth(
|
|
22252
22270
|
`/-/team/${encodeURIComponent(input.org)}/${encodeURIComponent(input.team)}/package`
|
|
22253
22271
|
);
|
|
22254
|
-
if (!res.ok) return res;
|
|
22272
|
+
if (!res.ok) return translateError(res, { op: `team_packages ${input.org}:${input.team}` });
|
|
22255
22273
|
const packages = Object.entries(res.data).map(([name, permissions]) => ({ name, permissions }));
|
|
22256
22274
|
return {
|
|
22257
22275
|
ok: true,
|
|
@@ -22284,7 +22302,7 @@ var packageTools = [
|
|
|
22284
22302
|
}),
|
|
22285
22303
|
handler: async (input) => {
|
|
22286
22304
|
const res = await registryGet(`/${encPkg(input.name)}`);
|
|
22287
|
-
if (!res.ok) return res;
|
|
22305
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "package" });
|
|
22288
22306
|
const pkg = res.data;
|
|
22289
22307
|
const latest = pkg["dist-tags"]?.latest;
|
|
22290
22308
|
const latestVersion = latest ? pkg.versions[latest] : void 0;
|
|
@@ -22328,7 +22346,7 @@ var packageTools = [
|
|
|
22328
22346
|
handler: async (input) => {
|
|
22329
22347
|
const ver = input.version ?? "latest";
|
|
22330
22348
|
const res = await registryGet(`/${encPkg(input.name)}/${ver}`);
|
|
22331
|
-
if (!res.ok) return res;
|
|
22349
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: `version ${ver}` });
|
|
22332
22350
|
const v = res.data;
|
|
22333
22351
|
return {
|
|
22334
22352
|
ok: true,
|
|
@@ -22378,7 +22396,7 @@ var packageTools = [
|
|
|
22378
22396
|
}),
|
|
22379
22397
|
handler: async (input) => {
|
|
22380
22398
|
const res = await registryGet(`/${encPkg(input.name)}`);
|
|
22381
|
-
if (!res.ok) return res;
|
|
22399
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "versions" });
|
|
22382
22400
|
const pkg = res.data;
|
|
22383
22401
|
const limit = input.limit ?? 50;
|
|
22384
22402
|
const allVersions = Object.keys(pkg.versions).map((v) => ({
|
|
@@ -22416,7 +22434,7 @@ var packageTools = [
|
|
|
22416
22434
|
}),
|
|
22417
22435
|
handler: async (input) => {
|
|
22418
22436
|
const res = await registryGet(`/${encPkg(input.name)}`);
|
|
22419
|
-
if (!res.ok) return res;
|
|
22437
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "readme" });
|
|
22420
22438
|
const readme = res.data.readme;
|
|
22421
22439
|
if (!readme) {
|
|
22422
22440
|
return { ok: true, status: 200, data: { name: input.name, readme: "(no readme available)" } };
|
|
@@ -22438,7 +22456,8 @@ var packageTools = [
|
|
|
22438
22456
|
name: external_exports.string().describe("Package name")
|
|
22439
22457
|
}),
|
|
22440
22458
|
handler: async (input) => {
|
|
22441
|
-
|
|
22459
|
+
const res = await registryGet(`/-/package/${encPkg(input.name)}/dist-tags`);
|
|
22460
|
+
return res.ok ? res : translateError(res, { pkg: input.name, op: "dist_tags" });
|
|
22442
22461
|
}
|
|
22443
22462
|
},
|
|
22444
22463
|
{
|
|
@@ -22468,7 +22487,7 @@ var packageTools = [
|
|
|
22468
22487
|
registryGet(`/${encPkg(input.name)}/${ver}`),
|
|
22469
22488
|
registryGet(`/${encPkg(typesPackage)}`)
|
|
22470
22489
|
]);
|
|
22471
|
-
if (!versionRes.ok) return versionRes;
|
|
22490
|
+
if (!versionRes.ok) return translateError(versionRes, { pkg: input.name, op: `types ${ver}` });
|
|
22472
22491
|
const v = versionRes.data;
|
|
22473
22492
|
const hasBuiltinTypes = !!(v.types || v.typings);
|
|
22474
22493
|
const typesEntry = hasBuiltinTypes ? v.types ?? v.typings : void 0;
|
|
@@ -22516,9 +22535,9 @@ var provenanceTools = [
|
|
|
22516
22535
|
}),
|
|
22517
22536
|
handler: async (input) => {
|
|
22518
22537
|
const res = await registryGet(
|
|
22519
|
-
`/-/npm/v1/attestations/${encPkg(input.name)}@${input.version}`
|
|
22538
|
+
`/-/npm/v1/attestations/${encPkg(input.name)}@${encodeURIComponent(input.version)}`
|
|
22520
22539
|
);
|
|
22521
|
-
if (!res.ok) return res;
|
|
22540
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: `provenance ${input.version}` });
|
|
22522
22541
|
const attestations = (res.data.attestations ?? []).map((a) => ({
|
|
22523
22542
|
predicateType: a.predicateType,
|
|
22524
22543
|
bundle: a.bundle
|
|
@@ -22556,7 +22575,8 @@ var registryTools = [
|
|
|
22556
22575
|
}),
|
|
22557
22576
|
handler: async (input) => {
|
|
22558
22577
|
const period = input.period ?? "last-week";
|
|
22559
|
-
|
|
22578
|
+
const res = await downloadsGet(`/downloads/point/${period}`);
|
|
22579
|
+
return res.ok ? res : translateError(res, { op: `registry_stats ${period}` });
|
|
22560
22580
|
}
|
|
22561
22581
|
},
|
|
22562
22582
|
{
|
|
@@ -22578,7 +22598,7 @@ var registryTools = [
|
|
|
22578
22598
|
replicateGet("/"),
|
|
22579
22599
|
replicateGet(`/_changes?limit=${limit}&descending=true`)
|
|
22580
22600
|
]);
|
|
22581
|
-
if (!changesRes.ok) return changesRes;
|
|
22601
|
+
if (!changesRes.ok) return translateError(changesRes, { op: "recent_changes" });
|
|
22582
22602
|
const changes = changesRes.data.results.map((r) => ({
|
|
22583
22603
|
package: r.id,
|
|
22584
22604
|
rev: r.changes[0]?.rev
|
|
@@ -22689,7 +22709,7 @@ var searchTools = [
|
|
|
22689
22709
|
if (input.popularity !== void 0) params.set("popularity", String(input.popularity));
|
|
22690
22710
|
if (input.maintenance !== void 0) params.set("maintenance", String(input.maintenance));
|
|
22691
22711
|
const res = await registryGet(`/-/v1/search?${params}`);
|
|
22692
|
-
if (!res.ok) return res;
|
|
22712
|
+
if (!res.ok) return translateError(res, { op: `search "${input.query}"` });
|
|
22693
22713
|
const results = res.data.objects.map((obj) => ({
|
|
22694
22714
|
name: obj.package.name,
|
|
22695
22715
|
version: obj.package.version,
|
|
@@ -22722,7 +22742,34 @@ var securityTools = [
|
|
|
22722
22742
|
packages: external_exports.record(external_exports.array(external_exports.string())).describe('Object mapping package names to arrays of version strings, e.g. {"lodash": ["4.17.20"]}')
|
|
22723
22743
|
}),
|
|
22724
22744
|
handler: async (input) => {
|
|
22725
|
-
|
|
22745
|
+
const res = await registryPost("/-/npm/v1/security/advisories/bulk", input.packages);
|
|
22746
|
+
if (!res.ok) return translateError(res, { op: "audit" });
|
|
22747
|
+
const advisoriesByPackage = res.data ?? {};
|
|
22748
|
+
const summary = Object.entries(advisoriesByPackage).map(([name, advisories]) => {
|
|
22749
|
+
const list = Array.isArray(advisories) ? advisories : [];
|
|
22750
|
+
const severityCounts = {};
|
|
22751
|
+
for (const adv of list) {
|
|
22752
|
+
const severity = adv?.severity ?? "unknown";
|
|
22753
|
+
severityCounts[severity] = (severityCounts[severity] ?? 0) + 1;
|
|
22754
|
+
}
|
|
22755
|
+
return { name, advisoryCount: list.length, severityCounts };
|
|
22756
|
+
});
|
|
22757
|
+
const queried = Object.keys(input.packages);
|
|
22758
|
+
const vulnerable = summary.filter((s) => s.advisoryCount > 0).map((s) => s.name);
|
|
22759
|
+
const clean = queried.filter((n) => !vulnerable.includes(n));
|
|
22760
|
+
return {
|
|
22761
|
+
ok: true,
|
|
22762
|
+
status: 200,
|
|
22763
|
+
data: {
|
|
22764
|
+
queriedCount: queried.length,
|
|
22765
|
+
vulnerableCount: vulnerable.length,
|
|
22766
|
+
cleanCount: clean.length,
|
|
22767
|
+
vulnerable,
|
|
22768
|
+
clean,
|
|
22769
|
+
summary,
|
|
22770
|
+
advisories: advisoriesByPackage
|
|
22771
|
+
}
|
|
22772
|
+
};
|
|
22726
22773
|
}
|
|
22727
22774
|
},
|
|
22728
22775
|
{
|
|
@@ -22749,7 +22796,8 @@ var securityTools = [
|
|
|
22749
22796
|
Object.entries(input.dependencies).map(([pkg, ver]) => [pkg, { version: ver }])
|
|
22750
22797
|
)
|
|
22751
22798
|
};
|
|
22752
|
-
|
|
22799
|
+
const res = await registryPost("/-/npm/v1/security/audits", body);
|
|
22800
|
+
return res.ok ? res : translateError(res, { pkg: input.name, op: "audit_deep" });
|
|
22753
22801
|
}
|
|
22754
22802
|
},
|
|
22755
22803
|
{
|
|
@@ -22764,7 +22812,8 @@ var securityTools = [
|
|
|
22764
22812
|
},
|
|
22765
22813
|
inputSchema: external_exports.object({}),
|
|
22766
22814
|
handler: async () => {
|
|
22767
|
-
|
|
22815
|
+
const res = await registryGet("/-/npm/v1/keys");
|
|
22816
|
+
return res.ok ? res : translateError(res, { op: "signing_keys" });
|
|
22768
22817
|
}
|
|
22769
22818
|
}
|
|
22770
22819
|
];
|
|
@@ -22788,7 +22837,7 @@ var trustTools = [
|
|
|
22788
22837
|
const authErr = requireAuth();
|
|
22789
22838
|
if (authErr) return authErr;
|
|
22790
22839
|
const res = await registryGetAuth(`/-/package/${encPkg(input.name)}/trust`);
|
|
22791
|
-
if (!res.ok) return res;
|
|
22840
|
+
if (!res.ok) return translateError(res, { pkg: input.name, op: "trusted_publishers" });
|
|
22792
22841
|
const configs = (res.data ?? []).map((c) => {
|
|
22793
22842
|
const result = {
|
|
22794
22843
|
id: c.id,
|
|
@@ -23100,6 +23149,10 @@ var workflowTools = [
|
|
|
23100
23149
|
async function fetchPackument(pkg) {
|
|
23101
23150
|
return registryGetAuth(`/${encPkg(pkg)}?write=true`);
|
|
23102
23151
|
}
|
|
23152
|
+
function parseTeamTarget(target) {
|
|
23153
|
+
const m = target.match(/^@?([^:]+):(.+)$/);
|
|
23154
|
+
return m ? { scope: m[1], team: m[2] } : null;
|
|
23155
|
+
}
|
|
23103
23156
|
function highestVersion(versions) {
|
|
23104
23157
|
const parsed = [];
|
|
23105
23158
|
for (const v of versions) {
|
|
@@ -23116,7 +23169,7 @@ var writeTools = [
|
|
|
23116
23169
|
// ───────────────────────────────────────────────────────
|
|
23117
23170
|
{
|
|
23118
23171
|
name: "npm_deprecate",
|
|
23119
|
-
description: "Deprecate a package or specific versions. Shows a warning message on install. Uses the HTTP API with NPM_TOKEN, bypassing the CLI auth friction that causes 422 errors on accounts with 2FA. Message format:
|
|
23172
|
+
description: "Deprecate a package or specific versions. Shows a warning message on install. Uses the HTTP API with NPM_TOKEN, bypassing the CLI auth friction that causes 422 errors on accounts with 2FA. Message format tip: the period-then-capital pattern ('... install that instead. Thanks.') has 422'd on at least one scoped package; em-dash form is the known-good workaround. Pass force: true to skip the preflight check if you want the exact message as-is.",
|
|
23120
23173
|
annotations: {
|
|
23121
23174
|
title: "Deprecate package",
|
|
23122
23175
|
readOnlyHint: false,
|
|
@@ -23661,15 +23714,15 @@ var writeTools = [
|
|
|
23661
23714
|
handler: async (input) => {
|
|
23662
23715
|
const authErr = requireAuth();
|
|
23663
23716
|
if (authErr) return authErr;
|
|
23664
|
-
const
|
|
23665
|
-
if (!
|
|
23717
|
+
const parsed = parseTeamTarget(input.team);
|
|
23718
|
+
if (!parsed) {
|
|
23666
23719
|
return {
|
|
23667
23720
|
ok: false,
|
|
23668
23721
|
status: 400,
|
|
23669
23722
|
error: `Team must be in the form '@scope:team' (got '${input.team}').`
|
|
23670
23723
|
};
|
|
23671
23724
|
}
|
|
23672
|
-
const
|
|
23725
|
+
const { scope, team } = parsed;
|
|
23673
23726
|
const res = await registryPutAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/package`, {
|
|
23674
23727
|
package: input.package,
|
|
23675
23728
|
permissions: input.permissions
|
|
@@ -23702,15 +23755,15 @@ var writeTools = [
|
|
|
23702
23755
|
handler: async (input) => {
|
|
23703
23756
|
const authErr = requireAuth();
|
|
23704
23757
|
if (authErr) return authErr;
|
|
23705
|
-
const
|
|
23706
|
-
if (!
|
|
23758
|
+
const parsed = parseTeamTarget(input.team);
|
|
23759
|
+
if (!parsed) {
|
|
23707
23760
|
return {
|
|
23708
23761
|
ok: false,
|
|
23709
23762
|
status: 400,
|
|
23710
23763
|
error: `Team must be in the form '@scope:team' (got '${input.team}').`
|
|
23711
23764
|
};
|
|
23712
23765
|
}
|
|
23713
|
-
const
|
|
23766
|
+
const { scope, team } = parsed;
|
|
23714
23767
|
const res = await registryDeleteAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/package`, {
|
|
23715
23768
|
package: input.package
|
|
23716
23769
|
});
|
|
@@ -23742,11 +23795,11 @@ var writeTools = [
|
|
|
23742
23795
|
handler: async (input) => {
|
|
23743
23796
|
const authErr = requireAuth();
|
|
23744
23797
|
if (authErr) return authErr;
|
|
23745
|
-
const
|
|
23746
|
-
if (!
|
|
23798
|
+
const parsed = parseTeamTarget(input.team);
|
|
23799
|
+
if (!parsed) {
|
|
23747
23800
|
return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
|
|
23748
23801
|
}
|
|
23749
|
-
const
|
|
23802
|
+
const { scope, team } = parsed;
|
|
23750
23803
|
const res = await registryPutAuth(`/-/org/${encodeURIComponent(scope)}/team`, {
|
|
23751
23804
|
name: team,
|
|
23752
23805
|
description: input.description
|
|
@@ -23774,11 +23827,11 @@ var writeTools = [
|
|
|
23774
23827
|
handler: async (input) => {
|
|
23775
23828
|
const authErr = requireAuth();
|
|
23776
23829
|
if (authErr) return authErr;
|
|
23777
|
-
const
|
|
23778
|
-
if (!
|
|
23830
|
+
const parsed = parseTeamTarget(input.team);
|
|
23831
|
+
if (!parsed) {
|
|
23779
23832
|
return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
|
|
23780
23833
|
}
|
|
23781
|
-
const
|
|
23834
|
+
const { scope, team } = parsed;
|
|
23782
23835
|
const res = await registryDeleteAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}`);
|
|
23783
23836
|
if (!res.ok) return translateError(res, { op: `team_delete ${input.team}` });
|
|
23784
23837
|
return { ok: true, status: 200, data: { team: `@${scope}:${team}`, deleted: true } };
|
|
@@ -23804,11 +23857,11 @@ var writeTools = [
|
|
|
23804
23857
|
handler: async (input) => {
|
|
23805
23858
|
const authErr = requireAuth();
|
|
23806
23859
|
if (authErr) return authErr;
|
|
23807
|
-
const
|
|
23808
|
-
if (!
|
|
23860
|
+
const parsed = parseTeamTarget(input.team);
|
|
23861
|
+
if (!parsed) {
|
|
23809
23862
|
return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
|
|
23810
23863
|
}
|
|
23811
|
-
const
|
|
23864
|
+
const { scope, team } = parsed;
|
|
23812
23865
|
const res = await registryPutAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/user`, {
|
|
23813
23866
|
user: input.user
|
|
23814
23867
|
});
|
|
@@ -23836,11 +23889,11 @@ var writeTools = [
|
|
|
23836
23889
|
handler: async (input) => {
|
|
23837
23890
|
const authErr = requireAuth();
|
|
23838
23891
|
if (authErr) return authErr;
|
|
23839
|
-
const
|
|
23840
|
-
if (!
|
|
23892
|
+
const parsed = parseTeamTarget(input.team);
|
|
23893
|
+
if (!parsed) {
|
|
23841
23894
|
return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
|
|
23842
23895
|
}
|
|
23843
|
-
const
|
|
23896
|
+
const { scope, team } = parsed;
|
|
23844
23897
|
const res = await registryDeleteAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/user`, {
|
|
23845
23898
|
user: input.user
|
|
23846
23899
|
});
|
|
@@ -23934,7 +23987,7 @@ var writeTools = [
|
|
|
23934
23987
|
];
|
|
23935
23988
|
|
|
23936
23989
|
// src/index.ts
|
|
23937
|
-
var version2 = true ? "0.
|
|
23990
|
+
var version2 = true ? "0.8.0" : (await null).createRequire(import.meta.url)("../package.json").version;
|
|
23938
23991
|
var subcommand = process.argv[2];
|
|
23939
23992
|
if (subcommand === "version" || subcommand === "--version") {
|
|
23940
23993
|
console.log(version2);
|
package/package.json
CHANGED