@yawlabs/npmjs-mcp 0.9.0 → 0.10.0

package/dist/index.js

@@ -21011,12 +21011,39 @@ var StdioServerTransport = class {
 };
 
 // src/api.ts
-var REGISTRY_URL = "https://registry.npmjs.org";
+var DEFAULT_REGISTRY_URL = "https://registry.npmjs.org";
 var DOWNLOADS_URL = "https://api.npmjs.org";
 var REPLICATE_URL = "https://replicate.npmjs.com";
-var REQUEST_TIMEOUT_MS = 3e4;
+var DEFAULT_TIMEOUT_MS = 3e4;
+var DEFAULT_BACKOFF_MS = 500;
+var MAX_RETRIES = 2;
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
+function getRegistryUrl() {
+  return (process.env.NPM_REGISTRY || DEFAULT_REGISTRY_URL).replace(/\/+$/, "");
+}
+function getTimeoutMs() {
+  const raw = process.env.NPM_REQUEST_TIMEOUT_MS;
+  if (!raw) return DEFAULT_TIMEOUT_MS;
+  const parsed = Number(raw);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : DEFAULT_TIMEOUT_MS;
+}
+function getBackoffMs(attempt) {
+  const raw = process.env.NPM_RETRY_BACKOFF_MS;
+  const parsed = raw !== void 0 ? Number(raw) : Number.NaN;
+  const base = Number.isFinite(parsed) && parsed >= 0 ? parsed : DEFAULT_BACKOFF_MS;
+  return base * 2 ** attempt;
+}
+function debugEnabled() {
+  const v = process.env.DEBUG;
+  return v === "npmjs-mcp" || v === "*";
+}
+function debug(msg) {
+  if (debugEnabled()) console.error(`[npmjs-mcp] ${msg}`);
+}
 var PACKAGE_NAME_MAX_LENGTH = 214;
 var PACKAGE_NAME_PATTERN = /^(?:@[a-zA-Z0-9][a-zA-Z0-9\-_.]*\/)?[a-zA-Z0-9][a-zA-Z0-9\-_.]*$/;
+var IDENT_MAX_LENGTH = 214;
+var IDENT_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9\-_.]*$/;
 function validatePackageName(name) {
   if (typeof name !== "string" || name.length === 0) return "Package name is empty";
   if (name.length > PACKAGE_NAME_MAX_LENGTH) {
@@ -21027,11 +21054,43 @@ function validatePackageName(name) {
   }
   return null;
 }
+function validateIdent(value, label) {
+  if (typeof value !== "string" || value.length === 0) return `${label} is empty`;
+  if (value.length > IDENT_MAX_LENGTH) return `${label} exceeds ${IDENT_MAX_LENGTH} characters`;
+  if (!IDENT_PATTERN.test(value)) {
+    return `Invalid ${label.toLowerCase()} '${value}'. Must start alphanumeric and contain only [a-zA-Z0-9-_.].`;
+  }
+  return null;
+}
+function validateScope(scope) {
+  return validateIdent(scope.replace(/^@/, ""), "Scope");
+}
+function validateUsername(username) {
+  return validateIdent(username.replace(/^@/, ""), "Username");
+}
+function validateTeam(team) {
+  return validateIdent(team, "Team name");
+}
 function encPkg(name) {
   const err = validatePackageName(name);
   if (err) throw new Error(err);
   return name.startsWith("@") ? `@${encodeURIComponent(name.slice(1))}` : encodeURIComponent(name);
 }
+function encScope(scope) {
+  const err = validateScope(scope);
+  if (err) throw new Error(err);
+  return encodeURIComponent(scope.replace(/^@/, ""));
+}
+function encUser(username) {
+  const err = validateUsername(username);
+  if (err) throw new Error(err);
+  return encodeURIComponent(username.replace(/^@/, ""));
+}
+function encTeam(team) {
+  const err = validateTeam(team);
+  if (err) throw new Error(err);
+  return encodeURIComponent(team);
+}
 function isAuthenticated() {
   return !!process.env.NPM_TOKEN;
 }
@@ -21047,6 +21106,17 @@ function authHeaders() {
   const token = process.env.NPM_TOKEN;
   return token ? { Authorization: `Bearer ${token}` } : {};
 }
+function parseRetryAfter(header) {
+  if (!header) return null;
+  const seconds = Number(header);
+  if (Number.isFinite(seconds) && seconds >= 0) return seconds * 1e3;
+  const date3 = Date.parse(header);
+  if (!Number.isNaN(date3)) return Math.max(0, date3 - Date.now());
+  return null;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
 async function request(baseUrl, path, options) {
   const method = options?.method ?? "GET";
   const headers = {
@@ -21059,49 +21129,75 @@ async function request(baseUrl, path, options) {
     fetchBody = JSON.stringify(options.body);
   }
   const url = `${baseUrl}${path}`;
-  try {
-    const res = await fetch(url, {
-      method,
-      headers,
-      body: fetchBody,
-      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
-    });
-    if (!res.ok) {
-      const errorBody = await res.text();
-      return { ok: false, status: res.status, error: errorBody };
-    }
-    if (res.status === 204 || res.headers.get("content-length") === "0") {
-      return { ok: true, status: res.status };
+  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+    const started = Date.now();
+    try {
+      const res = await fetch(url, {
+        method,
+        headers,
+        body: fetchBody,
+        signal: AbortSignal.timeout(getTimeoutMs())
+      });
+      if (RETRYABLE_STATUSES.has(res.status) && attempt < MAX_RETRIES) {
+        const retryAfter = parseRetryAfter(res.headers.get("Retry-After"));
+        const waitMs = retryAfter ?? getBackoffMs(attempt);
+        debug(`${method} ${url} -> ${res.status} retry in ${waitMs}ms (attempt ${attempt + 1}/${MAX_RETRIES + 1})`);
+        try {
+          await res.text();
+        } catch {
+        }
+        await sleep(waitMs);
+        continue;
+      }
+      const elapsed = Date.now() - started;
+      if (!res.ok) {
+        const errorBody = await res.text();
+        debug(`${method} ${url} -> ${res.status} ${elapsed}ms`);
+        return { ok: false, status: res.status, error: errorBody };
+      }
+      if (res.status === 204 || res.headers.get("content-length") === "0") {
+        debug(`${method} ${url} -> ${res.status} ${elapsed}ms`);
+        return { ok: true, status: res.status };
+      }
+      const data = await res.json();
+      debug(`${method} ${url} -> ${res.status} ${elapsed}ms`);
+      return { ok: true, status: res.status, data };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      if (attempt < MAX_RETRIES) {
+        const waitMs = getBackoffMs(attempt);
+        debug(`${method} ${url} -> network error retry in ${waitMs}ms (${message})`);
+        await sleep(waitMs);
+        continue;
+      }
+      debug(`${method} ${url} -> network error: ${message}`);
+      return { ok: false, status: 0, error: message };
     }
-    const data = await res.json();
-    return { ok: true, status: res.status, data };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { ok: false, status: 0, error: message };
   }
+  return { ok: false, status: 0, error: "unreachable" };
 }
 function registryGet(path) {
-  return request(REGISTRY_URL, path);
+  return request(getRegistryUrl(), path);
 }
 function registryGetAbbreviated(path) {
-  return request(REGISTRY_URL, path, {
+  return request(getRegistryUrl(), path, {
     headers: { Accept: "application/vnd.npm.install-v1+json" }
   });
 }
 function registryPost(path, body) {
-  return request(REGISTRY_URL, path, { method: "POST", body });
+  return request(getRegistryUrl(), path, { method: "POST", body });
 }
 function registryGetAuth(path) {
-  return request(REGISTRY_URL, path, { headers: authHeaders() });
+  return request(getRegistryUrl(), path, { headers: authHeaders() });
 }
 function registryPostAuth(path, body) {
-  return request(REGISTRY_URL, path, { method: "POST", body, headers: authHeaders() });
+  return request(getRegistryUrl(), path, { method: "POST", body, headers: authHeaders() });
 }
 function registryPutAuth(path, body) {
-  return request(REGISTRY_URL, path, { method: "PUT", body, headers: authHeaders() });
+  return request(getRegistryUrl(), path, { method: "PUT", body, headers: authHeaders() });
 }
 function registryDeleteAuth(path, body) {
-  return request(REGISTRY_URL, path, { method: "DELETE", body, headers: authHeaders() });
+  return request(getRegistryUrl(), path, { method: "DELETE", body, headers: authHeaders() });
 }
 function downloadsGet(path) {
   return request(DOWNLOADS_URL, path);
@@ -21269,12 +21365,12 @@ function translateError(res, context) {
     case 422:
       return {
         ...res,
-        error: `Registry rejected the request payload${pkgPart}${opPart} (422 Unprocessable Entity). Most common causes: (1) invalid semver range \u2014 validate with npm_package versions first; (2) deprecation message format \u2014 em-dash form works, period-capital form sometimes 422s; (3) account-level 2FA policy requires interactive CLI session. If #3, CLI fallback: \`npm login --auth-type=web\` followed by the npm CLI command. Raw: ${res.error}`
+        error: `Registry rejected the request payload${pkgPart}${opPart} (422 Unprocessable Entity). Most common causes: (1) semver range matches no published versions \u2014 validate with npm_versions first; (2) deprecation message exceeds 1024 characters; (3) account-level 2FA policy requires an interactive CLI session. If #3, CLI fallback: \`npm login --auth-type=web\` followed by the equivalent npm CLI command. Raw: ${res.error}`
       };
     case 429:
       return {
         ...res,
-        error: `Rate limited${opPart}. Wait 60 seconds and retry. Raw: ${res.error}`
+        error: `Rate limited${opPart}. Retried automatically and still failed \u2014 wait longer and retry, or contact npm support if this persists. Raw: ${res.error}`
       };
     case 0:
       return {
@@ -21289,10 +21385,6 @@ function validateDeprecationMessage(msg) {
   if (msg.length > 1024) {
     return "Deprecation message exceeds 1024 characters (registry limit).";
   }
-  if (msg.length === 0) return null;
-  if (/\.\s+[A-Z]/.test(msg)) {
-    return `Deprecation message contains the "period + space + capital letter" pattern that has triggered 422 Unprocessable Entity on at least one scoped package. The working form uses em-dash and lowercase continuation: e.g. "Renamed to @yawlabs/spend \u2014 install that instead". Pass force: true to bypass this validation.`;
-  }
   return null;
 }
 function versionsMatchingRange(versions, range, maxSatisfying2) {
@@ -22030,10 +22122,24 @@ function classifyHookTarget(target) {
   if (/^@[^/]+$/.test(target)) return { type: "scope", name: target };
   return { type: "package", name: target };
 }
+function stripSecrets(data) {
+  if (Array.isArray(data)) {
+    return data.map((item) => stripSecrets(item));
+  }
+  if (data !== null && typeof data === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(data)) {
+      if (k === "secret") continue;
+      out[k] = stripSecrets(v);
+    }
+    return out;
+  }
+  return data;
+}
 var hookTools = [
   {
     name: "npm_hook_add",
-    description: "Create a registry webhook. Target is 'pkg' or '@scope/pkg' for a package, '@scope' for a scope, or '~user' for a user's packages. Endpoint is the HTTPS URL to POST events to; secret is used to HMAC-sign payloads.",
+    description: "Create a registry webhook. Target is 'pkg' or '@scope/pkg' for a package, '@scope' for a scope, or '~user' for a user's packages. Endpoint is the HTTPS URL to POST events to; secret is used to HMAC-sign payloads. The secret is never echoed back in tool responses.",
     annotations: {
       title: "Add webhook",
       readOnlyHint: false,
@@ -22057,12 +22163,12 @@ var hookTools = [
         secret: input.secret
       });
       if (!res.ok) return translateError(res, { op: `hook_add ${input.target}` });
-      return { ok: true, status: 200, data: res.data };
+      return { ok: true, status: 200, data: stripSecrets(res.data) };
     }
   },
   {
     name: "npm_hook_list",
-    description: "List webhooks. Optionally filter by package name.",
+    description: "List webhooks. Optionally filter by package name. Secrets are redacted from responses.",
     annotations: {
       title: "List webhooks",
       readOnlyHint: true,
@@ -22085,12 +22191,12 @@ var hookTools = [
       const q = qs.toString();
       const res = await registryGetAuth(`/-/npm/v1/hooks${q ? `?${q}` : ""}`);
       if (!res.ok) return translateError(res, { op: "hook_list" });
-      return { ok: true, status: 200, data: res.data };
+      return { ok: true, status: 200, data: stripSecrets(res.data) };
     }
   },
   {
     name: "npm_hook_get",
-    description: "Get a single webhook by its ID.",
+    description: "Get a single webhook by its ID. The stored secret is redacted from the response.",
     annotations: {
       title: "Get webhook",
       readOnlyHint: true,
@@ -22106,12 +22212,12 @@ var hookTools = [
       if (authErr) return authErr;
       const res = await registryGetAuth(`/-/npm/v1/hooks/hook/${encodeURIComponent(input.id)}`);
       if (!res.ok) return translateError(res, { op: `hook_get ${input.id}` });
-      return { ok: true, status: 200, data: res.data };
+      return { ok: true, status: 200, data: stripSecrets(res.data) };
     }
   },
   {
     name: "npm_hook_update",
-    description: "Update a webhook's endpoint and/or secret.",
+    description: "Update a webhook's endpoint and/or secret. The returned hook object has the secret redacted.",
     annotations: {
       title: "Update webhook",
       readOnlyHint: false,
@@ -22132,7 +22238,7 @@ var hookTools = [
         secret: input.secret
       });
       if (!res.ok) return translateError(res, { op: `hook_update ${input.id}` });
-      return { ok: true, status: 200, data: res.data };
+      return { ok: true, status: 200, data: stripSecrets(res.data) };
     }
   },
   {
@@ -23151,7 +23257,16 @@ async function fetchPackument(pkg) {
 }
 function parseTeamTarget(target) {
   const m = target.match(/^@?([^:]+):(.+)$/);
-  return m ? { scope: m[1], team: m[2] } : null;
+  if (!m) {
+    return { error: `Team must be in the form '@scope:team' (got '${target}').` };
+  }
+  const scope = m[1];
+  const team = m[2];
+  const scopeErr = validateScope(scope);
+  if (scopeErr) return { error: scopeErr };
+  const teamErr = validateTeam(team);
+  if (teamErr) return { error: teamErr };
+  return { scope, team };
 }
 function highestVersion(versions) {
   const parsed = [];
@@ -23169,7 +23284,7 @@ var writeTools = [
   // ───────────────────────────────────────────────────────
   {
     name: "npm_deprecate",
-    description: "Deprecate a package or specific versions. Shows a warning message on install. Uses the HTTP API with NPM_TOKEN, bypassing the CLI auth friction that causes 422 errors on accounts with 2FA. Message format tip: the period-then-capital pattern ('... install that instead. Thanks.') has 422'd on at least one scoped package; em-dash form is the known-good workaround. Pass force: true to skip the preflight check if you want the exact message as-is.",
+    description: "Deprecate a package or specific versions. Shows a warning message on install. Uses the HTTP API with NPM_TOKEN, bypassing the CLI auth friction that causes 422 errors on accounts with 2FA. Registry hard limit: deprecation messages must be <= 1024 characters. If the registry 422s, first verify the semver range matches at least one published version (npm_versions) \u2014 range/version mismatches are the most common cause, not message format.",
     annotations: {
       title: "Deprecate package",
       readOnlyHint: false,
@@ -23180,16 +23295,13 @@ var writeTools = [
     inputSchema: external_exports.object({
       name: external_exports.string().describe("Package name (e.g. '@yawlabs/spend')"),
       message: external_exports.string().describe("Deprecation message. Empty string to clear deprecation (use npm_undeprecate instead)."),
-      versionRange: external_exports.string().optional().describe("Semver range. Omit to deprecate ALL versions. Example: '<1.0.0' or '0.3.x'."),
-      force: external_exports.boolean().optional().describe("Bypass message format validation (default: false).")
+      versionRange: external_exports.string().optional().describe("Semver range. Omit to deprecate ALL versions. Example: '<1.0.0' or '0.3.x'.")
     }),
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
-      if (!input.force) {
-        const problem = validateDeprecationMessage(input.message);
-        if (problem) return { ok: false, status: 400, error: problem };
-      }
+      const problem = validateDeprecationMessage(input.message);
+      if (problem) return { ok: false, status: 400, error: problem };
       const pRes = await fetchPackument(input.name);
       if (!pRes.ok) return translateError(pRes, { pkg: input.name, op: "deprecate (fetch)" });
       const packument = pRes.data;
@@ -23518,8 +23630,10 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const userErr = validateUsername(input.username);
+      if (userErr) return { ok: false, status: 400, error: userErr };
       const uRes = await registryGetAuth(
-        `/-/user/org.couchdb.user:${encodeURIComponent(input.username)}`
+        `/-/user/org.couchdb.user:${encUser(input.username)}`
       );
       if (!uRes.ok) return translateError(uRes, { pkg: input.name, op: `owner_add (resolve user ${input.username})` });
       const userRecord = { name: uRes.data.name, email: uRes.data.email ?? "" };
@@ -23584,6 +23698,8 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const userErr = validateUsername(input.username);
+      if (userErr) return { ok: false, status: 400, error: userErr };
       const pRes = await fetchPackument(input.name);
       if (!pRes.ok) return translateError(pRes, { pkg: input.name, op: "owner_remove (fetch)" });
       const packument = pRes.data;
@@ -23715,15 +23831,11 @@ var writeTools = [
       const authErr = requireAuth();
       if (authErr) return authErr;
       const parsed = parseTeamTarget(input.team);
-      if (!parsed) {
-        return {
-          ok: false,
-          status: 400,
-          error: `Team must be in the form '@scope:team' (got '${input.team}').`
-        };
+      if ("error" in parsed) {
+        return { ok: false, status: 400, error: parsed.error };
       }
       const { scope, team } = parsed;
-      const res = await registryPutAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/package`, {
+      const res = await registryPutAuth(`/-/team/${encScope(scope)}/${encTeam(team)}/package`, {
         package: input.package,
         permissions: input.permissions
       });
@@ -23756,15 +23868,11 @@ var writeTools = [
       const authErr = requireAuth();
       if (authErr) return authErr;
       const parsed = parseTeamTarget(input.team);
-      if (!parsed) {
-        return {
-          ok: false,
-          status: 400,
-          error: `Team must be in the form '@scope:team' (got '${input.team}').`
-        };
+      if ("error" in parsed) {
+        return { ok: false, status: 400, error: parsed.error };
       }
       const { scope, team } = parsed;
-      const res = await registryDeleteAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/package`, {
+      const res = await registryDeleteAuth(`/-/team/${encScope(scope)}/${encTeam(team)}/package`, {
         package: input.package
       });
       if (!res.ok) return translateError(res, { pkg: input.package, op: `team_revoke ${input.team}` });
@@ -23796,11 +23904,11 @@ var writeTools = [
       const authErr = requireAuth();
       if (authErr) return authErr;
       const parsed = parseTeamTarget(input.team);
-      if (!parsed) {
-        return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
+      if ("error" in parsed) {
+        return { ok: false, status: 400, error: parsed.error };
       }
       const { scope, team } = parsed;
-      const res = await registryPutAuth(`/-/org/${encodeURIComponent(scope)}/team`, {
+      const res = await registryPutAuth(`/-/org/${encScope(scope)}/team`, {
         name: team,
         description: input.description
       });
@@ -23813,7 +23921,7 @@ var writeTools = [
   // ───────────────────────────────────────────────────────
   {
     name: "npm_team_delete",
-    description: "Delete a team. Team is passed as '@scope:team'. Revokes all package permissions that team held.",
+    description: "Delete a team. Team is passed as '@scope:team'. Revokes all package permissions that team held. Requires confirm: true \u2014 this removes the team and all its package grants in one call.",
     annotations: {
       title: "Delete team",
       readOnlyHint: false,
@@ -23822,17 +23930,25 @@ var writeTools = [
       openWorldHint: true
     },
     inputSchema: external_exports.object({
-      team: external_exports.string().describe("Team in the form '@scope:team'")
+      team: external_exports.string().describe("Team in the form '@scope:team'"),
+      confirm: external_exports.literal(true).describe("Must be literally true. Guards against accidental team deletion.")
     }),
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      if (input.confirm !== true) {
+        return {
+          ok: false,
+          status: 400,
+          error: "team_delete requires confirm: true. This removes the team and all its package grants."
+        };
+      }
       const parsed = parseTeamTarget(input.team);
-      if (!parsed) {
-        return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
+      if ("error" in parsed) {
+        return { ok: false, status: 400, error: parsed.error };
       }
       const { scope, team } = parsed;
-      const res = await registryDeleteAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}`);
+      const res = await registryDeleteAuth(`/-/team/${encScope(scope)}/${encTeam(team)}`);
       if (!res.ok) return translateError(res, { op: `team_delete ${input.team}` });
       return { ok: true, status: 200, data: { team: `@${scope}:${team}`, deleted: true } };
     }
@@ -23857,12 +23973,14 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const userErr = validateUsername(input.user);
+      if (userErr) return { ok: false, status: 400, error: userErr };
       const parsed = parseTeamTarget(input.team);
-      if (!parsed) {
-        return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
+      if ("error" in parsed) {
+        return { ok: false, status: 400, error: parsed.error };
       }
       const { scope, team } = parsed;
-      const res = await registryPutAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/user`, {
+      const res = await registryPutAuth(`/-/team/${encScope(scope)}/${encTeam(team)}/user`, {
         user: input.user
       });
       if (!res.ok) return translateError(res, { op: `team_member_add ${input.team}` });
@@ -23889,12 +24007,14 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const userErr = validateUsername(input.user);
+      if (userErr) return { ok: false, status: 400, error: userErr };
       const parsed = parseTeamTarget(input.team);
-      if (!parsed) {
-        return { ok: false, status: 400, error: `Team must be in the form '@scope:team' (got '${input.team}').` };
+      if ("error" in parsed) {
+        return { ok: false, status: 400, error: parsed.error };
       }
       const { scope, team } = parsed;
-      const res = await registryDeleteAuth(`/-/team/${encodeURIComponent(scope)}/${encodeURIComponent(team)}/user`, {
+      const res = await registryDeleteAuth(`/-/team/${encScope(scope)}/${encTeam(team)}/user`, {
         user: input.user
       });
       if (!res.ok) return translateError(res, { op: `team_member_remove ${input.team}` });
@@ -23922,11 +24042,15 @@ var writeTools = [
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      const orgErr = validateScope(input.org);
+      if (orgErr) return { ok: false, status: 400, error: orgErr };
+      const userErr = validateUsername(input.user);
+      if (userErr) return { ok: false, status: 400, error: userErr };
       const org = input.org.replace(/^@/, "");
       const user = input.user.replace(/^@/, "");
       const body = { user };
       if (input.role) body.role = input.role;
-      const res = await registryPutAuth(`/-/org/${encodeURIComponent(org)}/user`, body);
+      const res = await registryPutAuth(`/-/org/${encScope(org)}/user`, body);
       if (!res.ok) return translateError(res, { op: `org_member_set ${org}/${user}` });
       return { ok: true, status: 200, data: { org, user, role: input.role } };
     }
@@ -23936,7 +24060,7 @@ var writeTools = [
   // ───────────────────────────────────────────────────────
   {
     name: "npm_org_member_remove",
-    description: "Remove a user from an org. Their team memberships in that org are also removed.",
+    description: "Remove a user from an org. Their team memberships in that org are also removed. Requires confirm: true \u2014 team memberships cascade and cannot be selectively preserved.",
     annotations: {
       title: "Remove org member",
       readOnlyHint: false,
@@ -23946,14 +24070,26 @@ var writeTools = [
     },
     inputSchema: external_exports.object({
       org: external_exports.string().describe("Organization name"),
-      user: external_exports.string().describe("npm username")
+      user: external_exports.string().describe("npm username"),
+      confirm: external_exports.literal(true).describe("Must be literally true. Guards against accidental member removal.")
     }),
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      if (input.confirm !== true) {
+        return {
+          ok: false,
+          status: 400,
+          error: "org_member_remove requires confirm: true. Team memberships in the org are also removed."
+        };
+      }
+      const orgErr = validateScope(input.org);
+      if (orgErr) return { ok: false, status: 400, error: orgErr };
+      const userErr = validateUsername(input.user);
+      if (userErr) return { ok: false, status: 400, error: userErr };
       const org = input.org.replace(/^@/, "");
       const user = input.user.replace(/^@/, "");
-      const res = await registryDeleteAuth(`/-/org/${encodeURIComponent(org)}/user`, { user });
+      const res = await registryDeleteAuth(`/-/org/${encScope(org)}/user`, { user });
       if (!res.ok) return translateError(res, { op: `org_member_remove ${org}/${user}` });
       return { ok: true, status: 200, data: { org, removedUser: user } };
     }
@@ -23965,7 +24101,7 @@ var writeTools = [
   // performed via NPM_TOKEN alone — we intentionally don't expose npm_token_create.
   {
     name: "npm_token_revoke",
-    description: "Revoke an access token by its key (UUID from npm_tokens). Creating tokens is NOT exposed because the endpoint requires the user password \u2014 create via https://www.npmjs.com/settings/~/tokens instead.",
+    description: "Revoke an access token by its key (UUID from npm_tokens). Requires confirm: true. Revoking the token currently in use by NPM_TOKEN will break the next call. Creating tokens is NOT exposed because the endpoint requires the user password \u2014 create via https://www.npmjs.com/settings/~/tokens instead.",
     annotations: {
       title: "Revoke access token",
       readOnlyHint: false,
@@ -23974,11 +24110,19 @@ var writeTools = [
       openWorldHint: true
     },
     inputSchema: external_exports.object({
-      tokenKey: external_exports.string().describe("Token key (UUID shown by npm_tokens)")
+      tokenKey: external_exports.string().describe("Token key (UUID shown by npm_tokens)"),
+      confirm: external_exports.literal(true).describe("Must be literally true. Guards against revoking the token you're authenticating with.")
     }),
     handler: async (input) => {
       const authErr = requireAuth();
       if (authErr) return authErr;
+      if (input.confirm !== true) {
+        return {
+          ok: false,
+          status: 400,
+          error: "token_revoke requires confirm: true. Revoking the token in NPM_TOKEN will break the next call."
+        };
+      }
       const res = await registryDeleteAuth(`/-/npm/v1/tokens/token/${encodeURIComponent(input.tokenKey)}`);
       if (!res.ok) return translateError(res, { op: "token_revoke" });
       return { ok: true, status: 200, data: { tokenKey: input.tokenKey, revoked: true } };
@@ -23987,7 +24131,7 @@ var writeTools = [
 ];
 
 // src/index.ts
-var version2 = true ? "0.9.0" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.10.0" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "version" || subcommand === "--version") {
   console.log(version2);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/npmjs-mcp",
-  "version": "0.9.0",
+  "version": "0.10.0",
   "description": "npm registry MCP server — package intelligence, security audits, and dependency analysis for AI assistants",
   "license": "MIT",
   "author": "YawLabs <contact@yaw.sh>",