npm - auto-api-discovery - Versions diffs - 1.0.0 → 1.0.1 - Mend

auto-api-discovery 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/LICENSE CHANGED Viewed

@@ -1,21 +1,21 @@
-MIT License
-Copyright (c) 2026 Anooj Shete
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+Copyright (c) 2026 Anooj Shete
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,79 +1,52 @@
-# 🕸️ ApiGen
+# ApiGen (auto-api-discovery)
-> **Automated API Discovery System with HITL Authentication**
+[![NPM Version](https://img.shields.io/npm/v/auto-api-discovery)](https://www.npmjs.com/package/auto-api-discovery)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
-![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)
-![TypeScript](https://img.shields.io/badge/TypeScript-007ACC?logo=typescript&logoColor=white)
-![Node.js](https://img.shields.io/badge/Node.js-43853D?logo=node.js&logoColor=white)
-![Playwright](https://img.shields.io/badge/Playwright-2EAD33?logo=playwright&logoColor=white)
+A CLI tool for automated API discovery. ApiGen intercepts browser network traffic (XHR, Fetch, GraphQL) to automatically build OpenAPI 3.0 specifications.
----
+## Installation
-## 🚀 What is it?
+Install the package globally via npm:
-Modern web applications often rely on undocumented, "hidden" internal APIs. Reverse-engineering these endpoints manually by staring at the network tab in DevTools is a tedious, error-prone, and highly time-consuming process.
-**ApiGen** solves this pain point by automating the discovery and documentation of these hidden APIs. It seamlessly intercepts network traffic (XHR, Fetch, GraphQL), gracefully handles complex authentication barriers via a Human-in-the-Loop (HITL) system, recursively maps internal paths automatically via headless spidering, and outputs a strict, structurally sound OpenAPI 3.0 representation.
----
-## 🏗️ Architecture
-ApiGen utilizes a **Hybrid API Discovery Approach** consisting of:
-1. **Passive Recording (Capture Mode):** Uses a headful instance of Playwright. You navigate a target web application as a real user—bypassing CAPTCHAs, 2FA, and complex login flows. Under the hood, ApiGen intercepts all network requests/responses and logs them securely into a local SQLite database. Upon closing the browser, it actively exports your authenticated session state into `.apigen-session.json`.
-2. **Auto-Spidering (Crawl Mode):** Takes the previously captured authenticated session state and launches a headless Playwright Breadth-First-Search (BFS) spider. It organically navigates the application just like an authenticated user would, discovering and hitting protected routes, intelligently avoiding generic WAF traps using randomized latency offsets, and feeding new underlying API traffic deeply into the local SQLite store.
-3. **OpenAPI Generation (Export):** A local robust schema inference engine processes thousands of SQLite records. It aggressively deduplicates dynamic URLs (folding Object IDs and UUIDs into neat path parameters), accurately infers nested JSON payload structures recursively, and compiles them to a strict, standard OpenAPI 3.0 json specification document.
----
-## ⚙️ Tech Stack
-- **[Node.js](https://nodejs.org/en/) & [TypeScript](https://www.typescriptlang.org/)** - For robust type-safe runtime execution.
-- **[Playwright](https://playwright.dev/)** - For complete DOM navigation, session persistence, and native underlying browser CDP network interception workflows.
-- **[Better-SQLite3](https://github.com/WiseLibs/better-sqlite3)** - Highly scalable, local WAL-mode database used as the high-throughput primary storage layer.
-- **[Commander.js](https://github.com/tj/commander.js/)** - For building the intuitive Command Line Interface.
-- **[Chalk](https://github.com/chalk/chalk)** - For beautiful and clear terminal logging feedback.
----
-## 🛠️ Getting Started
+```bash
+npm install -g auto-api-discovery
+```
-### Installation
+*(Note: The `postinstall` script will automatically download the Chromium binaries required by Playwright.)*
-Clone the repository and install dependencies:
+Alternatively, you can run it directly via `npx`:
 ```bash
-git clone https://github.com/anoojshete/auto-api-discovery.git
-cd auto-api-discovery
-npm install
-npx playwright install chromium
-npm run build
+npx auto-api-discovery capture https://example.com
 ```
-*(Note: The project leverages `npm run apigen` as the execution entrypoint hooked to `ts-node src/index.ts`)*
+## Usage
-### Usage
+Once installed, the `apigen` CLI becomes available.
-#### 1. Capture Mode
-Boot into target application interactively, bypass authentications, and capture underlying APIs. When you close the browser, your cookies are saved securely to your local working directory.
+### 1. Capture API Traffic
+Launch an interactive browser. You can manually log in, navigate the app, and bypass captchas. ApiGen intercepts the underlying API requests and saves them to a local SQLite database.
 ```bash
-npm run apigen capture https://example.com
+apigen capture https://example.com
 ```
-#### 2. Crawl Mode
-Trigger the automated, authenticated headless spider to deeply map internal features and capture the underlying APIs organically mapping to those components.
+### 2. Crawl Connected Pages (Auto-Spidering)
+Use your previously captured authenticated session to automatically run a headless crawler. It discovers and logs additional API endpoints in the background.
 ```bash
-# Options: -d / --depth, -p / --pages
-npm run apigen crawl https://example.com --depth 3 --pages 50
+apigen crawl https://example.com --depth 3 --pages 50
 ```
-#### 3. Export OpenAPI Schema
-Transform your densely populated local SQLite database into a unified, natively grouped and inferred OpenAPI 3.0 Document.
+### 3. Export OpenAPI Schema
+Convert the recorded API traffic into a unified OpenAPI 3.0 specification document. Dynamic IDs and UUIDs are automatically folded into path parameters.
 ```bash
-# Options: -b / --base-url
-npm run apigen export ./openapi.json --base-url https://api.example.com
+apigen export ./openapi.json --base-url https://api.example.com
 ```
+## How It Works
+- Uses **Playwright** to proxy network requests and manage sessions.
+- Stores metadata and traffic locally using **Better-SQLite3**.
+- Automatically infers JSON payload structures and route schemas.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "auto-api-discovery",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "API discovery automation CLI",
   "main": "dist/index.js",
   "bin": {