depguard.ai 1.0.0

package/dist/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AASA,MAAM,YAAY,GAAG,4BAA4B,CAAA;AACjD,MAAM,aAAa,GAAG,iDAAiD,CAAA;AACvE,MAAM,UAAU,GAAG,wCAAwC,CAAA;AAC3D,MAAM,cAAc,GAAG,8DAA8D,CAAA;AAErF,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,YAAY;AAE9C,MAAM,KAAK,GAAG,IAAI,GAAG,EAA+B,CAAA;AAEpD,SAAS,SAAS,CAAI,GAAW;IAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAA8B,CAAA;IACzD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACjB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAA;AACnB,CAAC;AAED,SAAS,QAAQ,CAAI,GAAW,EAAE,IAAO,EAAE,GAAG,GAAG,WAAW;IAC1D,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAA;AACvD,CAAC;AAED,gCAAgC;AAChC,MAAM,UAAU,UAAU;IACxB,KAAK,CAAC,KAAK,EAAE,CAAA;AACf,CAAC;AAED,+CAA+C;AAC/C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,OAAO,IAAI,EAAE,CAAA;IACzB,MAAM,MAAM,GAAG,SAAS,CAAiB,GAAG,CAAC,CAAA;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,YAAY,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACvE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAA;QACxB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAA;QACjD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,kCAAkC;AAClC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,IAAY,EACZ,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,MAAM,IAAI,EAAE,CAAA;IACxB,MAAM,MAAM,GAAG,SAAS,CAAS,GAAG,CAAC,CAAA;IACrC,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,MAAM,CAAA;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,aAAa,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACxE,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,CAAC,CAAA;QACrB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAA;QACvD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAC7B,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAA;IACV,CAAC;AACH,CAAC;AAED,0BAA0B;AAC1B,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,KAAK,GAAG,EAAE,EACV,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,UAAU,QAAQ,IAAI,KAAK,EAAE,CAAA;IACzC,MAAM,MAAM,GAAG,SAAS,CAAkB,GAAG,CAAC,CAAA;IAC9C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,MAAM,KAAK,GAAoB,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAA;IAExD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;QAC3E,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,UAAU,IAAI,MAAM,EAAE,EAAE;YACnD,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,KAAK,CAAA;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAoB,CAAA;QAClD,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,OAAe,EACf,UAAmB,UAAU,CAAC,KAAK;IAEnC,MAAM,GAAG,GAAG,OAAO,IAAI,IAAI,OAAO,EAAE,CAAA;IACpC,MAAM,MAAM,GAAG,SAAS,CAAgB,GAAG,CAAC,CAAA;IAC5C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IAEzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,cAAc,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;SAC5C,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkC,CAAA;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;QACnC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QACzB,OAAO,UAAU,CAAA;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC"}

package/dist/scorer.d.ts

@@ -0,0 +1,11 @@
+import type { FetchFn, ScoreResult, ScoreWeights } from './types.js';
+/**
+ * Score a package from 0-100 based on security, maintenance, popularity,
+ * license compatibility, and dependency health.
+ */
+export declare function score(name: string, options?: {
+    targetLicense?: string;
+    weights?: Partial<ScoreWeights>;
+    fetcher?: FetchFn;
+}): Promise<ScoreResult>;
+//# sourceMappingURL=scorer.d.ts.map

package/dist/scorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scorer.d.ts","sourceRoot":"","sources":["../src/scorer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAe,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAWjF;;;GAGG;AACH,wBAAsB,KAAK,CACzB,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IACP,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,CAAA;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAA;CACb,GACL,OAAO,CAAC,WAAW,CAAC,CAmCtB"}

package/dist/scorer.js

@@ -0,0 +1,92 @@
+import { audit } from './audit.js';
+const DEFAULT_WEIGHTS = {
+    security: 30,
+    maintenance: 25,
+    popularity: 20,
+    license: 15,
+    dependencies: 10,
+};
+/**
+ * Score a package from 0-100 based on security, maintenance, popularity,
+ * license compatibility, and dependency health.
+ */
+export async function score(name, options = {}) {
+    const { targetLicense = 'MIT', weights: customWeights, fetcher = globalThis.fetch, } = options;
+    const weights = { ...DEFAULT_WEIGHTS, ...customWeights };
+    const report = await audit(name, targetLicense, fetcher);
+    const breakdown = {
+        security: computeSecurityScore(report),
+        maintenance: computeMaintenanceScore(report),
+        popularity: computePopularityScore(report),
+        license: computeLicenseScore(report),
+        dependencies: computeDependencyScore(report),
+    };
+    const totalWeight = weights.security + weights.maintenance + weights.popularity +
+        weights.license + weights.dependencies;
+    const total = Math.round((breakdown.security * weights.security +
+        breakdown.maintenance * weights.maintenance +
+        breakdown.popularity * weights.popularity +
+        breakdown.license * weights.license +
+        breakdown.dependencies * weights.dependencies) / totalWeight);
+    return {
+        name,
+        total,
+        breakdown,
+        warnings: report.warnings,
+    };
+}
+/** Security: 100 = no vulns, deduct for each severity level */
+function computeSecurityScore(report) {
+    const v = report.vulnerabilities;
+    let s = 100;
+    s -= v.critical * 40;
+    s -= v.high * 20;
+    s -= v.moderate * 10;
+    s -= v.low * 5;
+    return Math.max(0, s);
+}
+/** Maintenance: based on recency of last publish and version count */
+function computeMaintenanceScore(report) {
+    if (!report.lastPublish)
+        return 0;
+    const daysSincePublish = Math.floor((Date.now() - new Date(report.lastPublish).getTime()) / (1000 * 60 * 60 * 24));
+    // Recency score: 100 if published today, 0 if >2 years ago
+    let recency = 100 - Math.min(100, Math.floor(daysSincePublish / 7.3));
+    // Bonus for having multiple versions (active development)
+    if (report.versionCount >= 10)
+        recency = Math.min(100, recency + 10);
+    if (report.versionCount >= 50)
+        recency = Math.min(100, recency + 10);
+    // Penalty for deprecation
+    if (report.deprecated)
+        recency = Math.floor(recency * 0.3);
+    return Math.max(0, recency);
+}
+/** Popularity: logarithmic scale based on weekly downloads */
+function computePopularityScore(report) {
+    if (report.weeklyDownloads <= 0)
+        return 0;
+    // log10 scale: 100 downloads = ~20, 10k = ~40, 1M = ~60, 100M = ~80, 1B = ~100
+    const logDownloads = Math.log10(report.weeklyDownloads);
+    return Math.min(100, Math.round(logDownloads * 10));
+}
+/** License: 100 if compatible, 0 if not */
+function computeLicenseScore(report) {
+    return report.licenseCompatibility.compatible ? 100 : 0;
+}
+/** Dependencies: fewer deps = better, install scripts are a big red flag */
+function computeDependencyScore(report) {
+    let s = 100;
+    // Deduct for dependency count
+    if (report.dependencyCount > 5)
+        s -= 10;
+    if (report.dependencyCount > 15)
+        s -= 15;
+    if (report.dependencyCount > 30)
+        s -= 25;
+    // Major penalty for install scripts
+    if (report.hasInstallScripts)
+        s -= 30;
+    return Math.max(0, s);
+}
+//# sourceMappingURL=scorer.js.map

package/dist/scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scorer.js","sourceRoot":"","sources":["../src/scorer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAElC,MAAM,eAAe,GAAiB;IACpC,QAAQ,EAAE,EAAE;IACZ,WAAW,EAAE,EAAE;IACf,UAAU,EAAE,EAAE;IACd,OAAO,EAAE,EAAE;IACX,YAAY,EAAE,EAAE;CACjB,CAAA;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,IAAY,EACZ,UAII,EAAE;IAEN,MAAM,EACJ,aAAa,GAAG,KAAK,EACrB,OAAO,EAAE,aAAa,EACtB,OAAO,GAAG,UAAU,CAAC,KAAK,GAC3B,GAAG,OAAO,CAAA;IAEX,MAAM,OAAO,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,aAAa,EAAE,CAAA;IACxD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAExD,MAAM,SAAS,GAAG;QAChB,QAAQ,EAAE,oBAAoB,CAAC,MAAM,CAAC;QACtC,WAAW,EAAE,uBAAuB,CAAC,MAAM,CAAC;QAC5C,UAAU,EAAE,sBAAsB,CAAC,MAAM,CAAC;QAC1C,OAAO,EAAE,mBAAmB,CAAC,MAAM,CAAC;QACpC,YAAY,EAAE,sBAAsB,CAAC,MAAM,CAAC;KAC7C,CAAA;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU;QAC7E,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,YAAY,CAAA;IAExC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CACtB,CAAC,SAAS,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ;QACpC,SAAS,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW;QAC3C,SAAS,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU;QACzC,SAAS,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;QACnC,SAAS,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,WAAW,CAC/D,CAAA;IAED,OAAO;QACL,IAAI;QACJ,KAAK;QACL,SAAS;QACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAA;AACH,CAAC;AAED,+DAA+D;AAC/D,SAAS,oBAAoB,CAAC,MAAmB;IAC/C,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAA;IAChC,IAAI,CAAC,GAAG,GAAG,CAAA;IACX,CAAC,IAAI,CAAC,CAAC,QAAQ,GAAG,EAAE,CAAA;IACpB,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,EAAE,CAAA;IAChB,CAAC,IAAI,CAAC,CAAC,QAAQ,GAAG,EAAE,CAAA;IACpB,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAA;IACd,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AACvB,CAAC;AAED,sEAAsE;AACtE,SAAS,uBAAuB,CAAC,MAAmB;IAClD,IAAI,CAAC,MAAM,CAAC,WAAW;QAAE,OAAO,CAAC,CAAA;IAEjC,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CACjC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC9E,CAAA;IAED,2DAA2D;IAC3D,IAAI,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,GAAG,CAAC,CAAC,CAAA;IAErE,0DAA0D;IAC1D,IAAI,MAAM,CAAC,YAAY,IAAI,EAAE;QAAE,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,GAAG,EAAE,CAAC,CAAA;IACpE,IAAI,MAAM,CAAC,YAAY,IAAI,EAAE;QAAE,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,GAAG,EAAE,CAAC,CAAA;IAEpE,0BAA0B;IAC1B,IAAI,MAAM,CAAC,UAAU;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,GAAG,CAAC,CAAA;IAE1D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAA;AAC7B,CAAC;AAED,8DAA8D;AAC9D,SAAS,sBAAsB,CAAC,MAAmB;IACjD,IAAI,MAAM,CAAC,eAAe,IAAI,CAAC;QAAE,OAAO,CAAC,CAAA;IAEzC,+EAA+E;IAC/E,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACvD,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,EAAE,CAAC,CAAC,CAAA;AACrD,CAAC;AAED,2CAA2C;AAC3C,SAAS,mBAAmB,CAAC,MAAmB;IAC9C,OAAO,MAAM,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;AACzD,CAAC;AAED,4EAA4E;AAC5E,SAAS,sBAAsB,CAAC,MAAmB;IACjD,IAAI,CAAC,GAAG,GAAG,CAAA;IAEX,8BAA8B;IAC9B,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC;QAAE,CAAC,IAAI,EAAE,CAAA;IACvC,IAAI,MAAM,CAAC,eAAe,GAAG,EAAE;QAAE,CAAC,IAAI,EAAE,CAAA;IACxC,IAAI,MAAM,CAAC,eAAe,GAAG,EAAE;QAAE,CAAC,IAAI,EAAE,CAAA;IAExC,oCAAoC;IACpC,IAAI,MAAM,CAAC,iBAAiB;QAAE,CAAC,IAAI,EAAE,CAAA;IAErC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AACvB,CAAC"}

package/dist/search.d.ts

@@ -0,0 +1,7 @@
+import type { SearchEntry, SearchOptions } from './types.js';
+/**
+ * Search npm for packages matching keywords, sorted by quality score.
+ * Results can be filtered by minimum score and license compatibility.
+ */
+export declare function search(keywords: string, options?: SearchOptions): Promise<SearchEntry[]>;
+//# sourceMappingURL=search.d.ts.map

package/dist/search.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.d.ts","sourceRoot":"","sources":["../src/search.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAG5D;;;GAGG;AACH,wBAAsB,MAAM,CAC1B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,WAAW,EAAE,CAAC,CAsBxB"}

package/dist/search.js

@@ -0,0 +1,22 @@
+import { searchPackages } from './registry.js';
+/**
+ * Search npm for packages matching keywords, sorted by quality score.
+ * Results can be filtered by minimum score and license compatibility.
+ */
+export async function search(keywords, options = {}) {
+    const { limit = 10, minScore = 0, fetcher = globalThis.fetch, } = options;
+    const result = await searchPackages(keywords, Math.min(limit * 2, 50), fetcher);
+    const entries = result.objects.map(obj => ({
+        name: obj.package.name,
+        version: obj.package.version,
+        description: obj.package.description ?? '',
+        score: Math.round(obj.score.final * 100),
+        keywords: obj.package.keywords ?? [],
+        date: obj.package.date,
+    }));
+    return entries
+        .filter(e => e.score >= minScore)
+        .sort((a, b) => b.score - a.score)
+        .slice(0, limit);
+}
+//# sourceMappingURL=search.js.map

package/dist/search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.js","sourceRoot":"","sources":["../src/search.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE9C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,QAAgB,EAChB,UAAyB,EAAE;IAE3B,MAAM,EACJ,KAAK,GAAG,EAAE,EACV,QAAQ,GAAG,CAAC,EACZ,OAAO,GAAG,UAAU,CAAC,KAAK,GAC3B,GAAG,OAAO,CAAA;IAEX,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAA;IAE/E,MAAM,OAAO,GAAkB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI;QACtB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;QAC5B,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE;QAC1C,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC;QACxC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE;QACpC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI;KACvB,CAAC,CAAC,CAAA;IAEH,OAAO,OAAO;SACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC;SAChC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;SACjC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;AACpB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,168 @@
+/** Fetch function signature, injectable for testing */
+export type FetchFn = typeof globalThis.fetch;
+/** npm registry package metadata (abbreviated) */
+export interface NpmPackageData {
+    name: string;
+    description: string;
+    'dist-tags': Record<string, string>;
+    time: Record<string, string>;
+    license?: string;
+    versions: Record<string, NpmVersionData>;
+    keywords?: string[];
+    homepage?: string;
+    repository?: {
+        type: string;
+        url: string;
+    };
+    maintainers?: Array<{
+        name: string;
+        email?: string;
+    }>;
+}
+export interface NpmVersionData {
+    name: string;
+    version: string;
+    license?: string;
+    dependencies?: Record<string, string>;
+    devDependencies?: Record<string, string>;
+    scripts?: Record<string, string>;
+    deprecated?: string;
+}
+/** npm registry search result */
+export interface NpmSearchResult {
+    objects: Array<{
+        package: {
+            name: string;
+            version: string;
+            description: string;
+            keywords?: string[];
+            date: string;
+            links: {
+                npm?: string;
+                homepage?: string;
+                repository?: string;
+            };
+            publisher: {
+                username: string;
+            };
+        };
+        score: {
+            final: number;
+            detail: {
+                quality: number;
+                popularity: number;
+                maintenance: number;
+            };
+        };
+    }>;
+    total: number;
+}
+/** npm audit advisory */
+export interface NpmAdvisory {
+    id: number;
+    title: string;
+    severity: 'info' | 'low' | 'moderate' | 'high' | 'critical';
+    url: string;
+    vulnerable_versions: string;
+    patched_versions: string | null;
+}
+/** npm downloads response */
+export interface NpmDownloadsResponse {
+    downloads: number;
+    package: string;
+    start: string;
+    end: string;
+}
+/** Audit report for a package */
+export interface AuditReport {
+    name: string;
+    version: string;
+    license: string | null;
+    description: string;
+    lastPublish: string | null;
+    weeklyDownloads: number;
+    versionCount: number;
+    dependencyCount: number;
+    hasInstallScripts: boolean;
+    deprecated: boolean;
+    vulnerabilities: VulnerabilitySummary;
+    licenseCompatibility: LicenseCompatibility;
+    warnings: string[];
+}
+export interface VulnerabilitySummary {
+    total: number;
+    critical: number;
+    high: number;
+    moderate: number;
+    low: number;
+    advisories: NpmAdvisory[];
+}
+export interface LicenseCompatibility {
+    compatible: boolean;
+    license: string | null;
+    targetLicense: string;
+    reason: string;
+}
+/** Score breakdown */
+export interface ScoreResult {
+    name: string;
+    total: number;
+    breakdown: {
+        security: number;
+        maintenance: number;
+        popularity: number;
+        license: number;
+        dependencies: number;
+    };
+    warnings: string[];
+}
+/** Weight configuration for scoring */
+export interface ScoreWeights {
+    security: number;
+    maintenance: number;
+    popularity: number;
+    license: number;
+    dependencies: number;
+}
+/** Search result entry */
+export interface SearchEntry {
+    name: string;
+    version: string;
+    description: string;
+    score: number;
+    keywords: string[];
+    date: string;
+}
+/** Search options */
+export interface SearchOptions {
+    limit?: number;
+    targetLicense?: string;
+    minScore?: number;
+    fetcher?: FetchFn;
+}
+/** Advisor recommendation */
+export interface Recommendation {
+    intent: string;
+    action: 'install' | 'caution' | 'write-from-scratch';
+    package: string | null;
+    score: number | null;
+    alternatives: Array<{
+        name: string;
+        score: number;
+    }>;
+    reasoning: string;
+    warnings: string[];
+}
+/** Advisor options */
+export interface AdvisorOptions {
+    threshold?: number;
+    targetLicense?: string;
+    limit?: number;
+    fetcher?: FetchFn;
+}
+/** Cache entry with TTL */
+export interface CacheEntry<T> {
+    data: T;
+    expiresAt: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,MAAM,MAAM,OAAO,GAAG,OAAO,UAAU,CAAC,KAAK,CAAA;AAE7C,kDAAkD;AAClD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACnC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACxC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IAC1C,WAAW,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACtD;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,iCAAiC;AACjC,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,KAAK,CAAC;QACb,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAA;YACZ,OAAO,EAAE,MAAM,CAAA;YACf,WAAW,EAAE,MAAM,CAAA;YACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;YACnB,IAAI,EAAE,MAAM,CAAA;YACZ,KAAK,EAAE;gBAAE,GAAG,CAAC,EAAE,MAAM,CAAC;gBAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAAC,UAAU,CAAC,EAAE,MAAM,CAAA;aAAE,CAAA;YAC/D,SAAS,EAAE;gBAAE,QAAQ,EAAE,MAAM,CAAA;aAAE,CAAA;SAChC,CAAA;QACD,KAAK,EAAE;YACL,KAAK,EAAE,MAAM,CAAA;YACb,MAAM,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,UAAU,EAAE,MAAM,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAA;SACrE,CAAA;KACF,CAAC,CAAA;IACF,KAAK,EAAE,MAAM,CAAA;CACd;AAED,yBAAyB;AACzB,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAA;IAC3D,GAAG,EAAE,MAAM,CAAA;IACX,mBAAmB,EAAE,MAAM,CAAA;IAC3B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;CAChC;AAED,6BAA6B;AAC7B,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,iCAAiC;AACjC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAA;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,iBAAiB,EAAE,OAAO,CAAA;IAC1B,UAAU,EAAE,OAAO,CAAA;IACnB,eAAe,EAAE,oBAAoB,CAAA;IACrC,oBAAoB,EAAE,oBAAoB,CAAA;IAC1C,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,WAAW,EAAE,CAAA;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,sBAAsB;AACtB,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE;QACT,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,EAAE,MAAM,CAAA;QACnB,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,MAAM,CAAA;QACf,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IACD,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,uCAAuC;AACvC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,0BAA0B;AAC1B,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,qBAAqB;AACrB,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,6BAA6B;AAC7B,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,oBAAoB,CAAA;IACpD,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACpD,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,sBAAsB;AACtB,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,2BAA2B;AAC3B,MAAM,WAAW,UAAU,CAAC,CAAC;IAC3B,IAAI,EAAE,CAAC,CAAA;IACP,SAAS,EAAE,MAAM,CAAA;CAClB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "depguard.ai",
+  "version": "1.0.0",
+  "description": "Audit npm packages for security, maintenance, licenses and dependencies. Recommends install or write-from-scratch.",
+  "author": "Jorge Morais",
+  "license": "Apache-2.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "depguard": "./dist/cli.js",
+    "depguard-mcp": "./dist/mcp.js"
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "node --import tsx --test tests/*.test.ts",
+    "lint": "eslint src/ tests/",
+    "audit:security": "npm audit --audit-level=high",
+    "check": "npm run build && npm run lint && npm test && npm run audit:security",
+    "prepublishOnly": "npm run check"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.4",
+    "@types/node": "^22.0.0",
+    "eslint": "^9.39.4",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0",
+    "typescript-eslint": "^8.57.0"
+  },
+  "keywords": [
+    "npm",
+    "audit",
+    "security",
+    "license",
+    "dependency",
+    "package",
+    "vulnerability",
+    "maintenance",
+    "advisor"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mopanc/depguard"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}