dependencyiq 2.0.0 → 2.1.0

package/src/httpRetry.js

@@ -1,48 +1,48 @@
-/**
- * Shared retry/backoff helper for the HTTP calls this project makes to
- * GitLab Orbit and package registries (npm, PyPI, Go proxy, Maven
- * Central). A flaky network hiccup during a live demo or a CI run
- * shouldn't read as "Orbit unavailable" / "registry lookup failed" when
- * a second attempt would have succeeded — but a real rejection (a 404 for
- * "this package doesn't exist," a 400 for a malformed query) must never
- * be retried, since retrying a deterministic rejection just wastes time
- * and risks masking a real bug as a transient one.
- *
- * Transient = no HTTP response at all (DNS failure, connection reset,
- * timeout) or a 5xx from the server. Anything else (4xx, or a 2xx that
- * the caller itself decides is wrong) is final on the first attempt.
- */
-
-function isTransientError(error) {
-  const transientCodes = new Set(['ECONNABORTED', 'ETIMEDOUT', 'ECONNRESET', 'ENOTFOUND', 'EAI_AGAIN']);
-  if (error.code && transientCodes.has(error.code)) return true;
-  const status = error.response?.status;
-  // No response at all (network-level failure axios didn't tag with a
-  // known code) is treated the same as a 5xx: worth one retry.
-  return status === undefined || status >= 500;
-}
-
-/**
- * @param {() => Promise<any>} fn - the call to attempt
- * @param {Object} [options]
- * @param {number} [options.retries=2] - additional attempts after the first
- * @param {number} [options.baseDelayMs=300] - delay before the first retry; doubles each subsequent attempt
- * @returns {Promise<any>}
- */
-async function withRetry(fn, { retries = 2, baseDelayMs = 300 } = {}) {
-  let lastError;
-  for (let attempt = 0; attempt <= retries; attempt += 1) {
-    try {
-      return await fn();
-    } catch (error) {
-      lastError = error;
-      const isFinalAttempt = attempt === retries;
-      if (isFinalAttempt || !isTransientError(error)) throw error;
-      const delayMs = baseDelayMs * 2 ** attempt;
-      await new Promise(resolve => { setTimeout(resolve, delayMs); });
-    }
-  }
-  throw lastError;
-}
-
-module.exports = { withRetry, isTransientError };
+/**
+ * Shared retry/backoff helper for the HTTP calls this project makes to
+ * GitLab Orbit and package registries (npm, PyPI, Go proxy, Maven
+ * Central). A flaky network hiccup during a live demo or a CI run
+ * shouldn't read as "Orbit unavailable" / "registry lookup failed" when
+ * a second attempt would have succeeded — but a real rejection (a 404 for
+ * "this package doesn't exist," a 400 for a malformed query) must never
+ * be retried, since retrying a deterministic rejection just wastes time
+ * and risks masking a real bug as a transient one.
+ *
+ * Transient = no HTTP response at all (DNS failure, connection reset,
+ * timeout) or a 5xx from the server. Anything else (4xx, or a 2xx that
+ * the caller itself decides is wrong) is final on the first attempt.
+ */
+
+function isTransientError(error) {
+  const transientCodes = new Set(['ECONNABORTED', 'ETIMEDOUT', 'ECONNRESET', 'ENOTFOUND', 'EAI_AGAIN']);
+  if (error.code && transientCodes.has(error.code)) return true;
+  const status = error.response?.status;
+  // No response at all (network-level failure axios didn't tag with a
+  // known code) is treated the same as a 5xx: worth one retry.
+  return status === undefined || status >= 500;
+}
+
+/**
+ * @param {() => Promise<any>} fn - the call to attempt
+ * @param {Object} [options]
+ * @param {number} [options.retries=2] - additional attempts after the first
+ * @param {number} [options.baseDelayMs=300] - delay before the first retry; doubles each subsequent attempt
+ * @returns {Promise<any>}
+ */
+async function withRetry(fn, { retries = 2, baseDelayMs = 300 } = {}) {
+  let lastError;
+  for (let attempt = 0; attempt <= retries; attempt += 1) {
+    try {
+      return await fn();
+    } catch (error) {
+      lastError = error;
+      const isFinalAttempt = attempt === retries;
+      if (isFinalAttempt || !isTransientError(error)) throw error;
+      const delayMs = baseDelayMs * 2 ** attempt;
+      await new Promise(resolve => { setTimeout(resolve, delayMs); });
+    }
+  }
+  throw lastError;
+}
+
+module.exports = { withRetry, isTransientError };

package/src/orbitClient.js

@@ -204,6 +204,45 @@ async function findProjectsImportingPackage(groupId, packageName) {
   return Array.from(byProject.values());
 }
 
+/**
+ * Does Orbit have indexed source for this project in the given language?
+ * Orbit indexes the DEFAULT branch only. A project whose default branch is,
+ * say, JavaScript will have File nodes — but scanning that project's Python
+ * feature branch must NOT be treated as "indexed", or a zero-importer Python
+ * package looks falsely "unused". So we ask specifically: does Orbit have any
+ * File of `language` for this project? If `language` is omitted we fall back
+ * to "any File at all". Returns false on any query error — the safe
+ * direction, since this only ever suppresses a removal recommendation, never
+ * invents one.
+ */
+async function isProjectIndexed(projectId, language) {
+  try {
+    const fileToProjectEdges = await relationshipCandidates('File', 'Project', FILE_TO_PROJECT_EDGE_CANDIDATES);
+    const result = await queryWithRelationshipFallback(
+      (fileToProjectEdge) => ({
+        query_type: 'traversal',
+        nodes: [
+          { id: 'p', entity: 'Project', node_ids: [Number(projectId)] },
+          {
+            id: 'f',
+            entity: 'File',
+            columns: ['path', 'language'],
+            ...(language ? { filters: { language: { contains: language } } } : {}),
+          },
+        ],
+        relationships: [
+          { type: fileToProjectEdge, from: 'f', to: 'p' },
+        ],
+        limit: 1,
+      }),
+      [fileToProjectEdges]
+    );
+    return (result.result || []).length > 0;
+  } catch {
+    return false;
+  }
+}
+
 module.exports = {
   getStatus,
   getSchema,
@@ -211,4 +250,5 @@ module.exports = {
   query,
   findPackageImporters,
   findProjectsImportingPackage,
+  isProjectIndexed,
 };