install-guard 1.1.1 → 1.1.2

package/src/utils/github.js

@@ -0,0 +1,64 @@
+import { getCached, setCache } from "./cache.js";
+
+/**
+ * Extracts owner/repo from a repository URL.
+ */
+function parseRepoUrl(url) {
+  if (!url) return null;
+  // Handles: git+https://github.com/owner/repo.git, https://github.com/owner/repo, etc.
+  const match = url.match(
+    /github\.com[/:]([^/]+)\/([^/.#]+)/
+  );
+  if (!match) return null;
+  return { owner: match[1], repo: match[2] };
+}
+
+async function ghFetch(path) {
+  const headers = { "User-Agent": "install-guard-cli" };
+  // Use token if available to avoid rate limits
+  if (process.env.GITHUB_TOKEN) {
+    headers.Authorization = `token ${process.env.GITHUB_TOKEN}`;
+  }
+  const res = await fetch(`https://api.github.com${path}`, { headers });
+  if (!res.ok) return null;
+  return res.json();
+}
+
+/**
+ * Checks if a given version tag exists on GitHub.
+ * Tries both `v1.2.3` and `1.2.3` tag formats.
+ */
+export async function checkGitHubTag(repoUrl, version) {
+  const repo = parseRepoUrl(repoUrl);
+  if (!repo) return { hasRepo: false, tagFound: false, recentCommits: false };
+
+  const key = `gh-tag:${repo.owner}/${repo.repo}:${version}`;
+  const cached = getCached(key);
+  if (cached) return cached;
+
+  // Try v-prefixed and plain tag
+  const tags = await ghFetch(`/repos/${repo.owner}/${repo.repo}/tags?per_page=100`);
+  if (!tags) {
+    const result = { hasRepo: true, tagFound: false, recentCommits: false, error: "rate-limited or private" };
+    setCache(key, result);
+    return result;
+  }
+
+  const tagNames = tags.map((t) => t.name);
+  const tagFound = tagNames.includes(`v${version}`) || tagNames.includes(version);
+
+  // Check recent commits
+  const commits = await ghFetch(
+    `/repos/${repo.owner}/${repo.repo}/commits?per_page=1`
+  );
+  let recentCommits = false;
+  if (commits && commits.length > 0) {
+    const lastCommitDate = new Date(commits[0].commit?.committer?.date || 0);
+    const daysSinceCommit = (Date.now() - lastCommitDate.getTime()) / (1000 * 60 * 60 * 24);
+    recentCommits = daysSinceCommit < 90;
+  }
+
+  const result = { hasRepo: true, tagFound, recentCommits };
+  setCache(key, result);
+  return result;
+}

package/src/utils/registry.js

@@ -0,0 +1,99 @@
+import { getCached, setCache } from "./cache.js";
+
+function encodePkg(pkg) {
+  return encodeURIComponent(pkg).replace("%40", "@");
+}
+
+async function fetchJSON(url) {
+  const res = await fetch(url);
+  if (!res.ok) throw new Error(`HTTP ${res.status} for ${url}`);
+  return res.json();
+}
+
+/**
+ * Fetches full registry metadata for a package.
+ * Returns the raw document from registry.npmjs.org/<pkg>
+ */
+export async function getRegistryData(pkg) {
+  const key = `registry:${pkg}`;
+  const cached = getCached(key);
+  if (cached) return cached;
+
+  const data = await fetchJSON(`https://registry.npmjs.org/${encodePkg(pkg)}`);
+  setCache(key, data);
+  return data;
+}
+
+/**
+ * Fetches weekly download count.
+ */
+export async function getDownloads(pkg) {
+  const key = `downloads:${pkg}`;
+  const cached = getCached(key);
+  if (cached) return cached;
+
+  try {
+    const data = await fetchJSON(
+      `https://api.npmjs.org/downloads/point/last-week/${encodePkg(pkg)}`
+    );
+    setCache(key, data);
+    return data;
+  } catch {
+    return { downloads: 0 };
+  }
+}
+
+/**
+ * Resolves version, fetches metadata + downloads, returns a normalized context
+ * that every check module can consume.
+ */
+export async function buildContext(pkg, requestedVersion) {
+  const registry = await getRegistryData(pkg);
+  const latest = registry["dist-tags"]?.latest;
+  if (!latest) throw new Error(`No published version found for "${pkg}"`);
+
+  const version = requestedVersion || latest;
+  const versionData = registry.versions?.[version];
+  if (!versionData) throw new Error(`Version "${version}" not found for "${pkg}"`);
+
+  const timeData = registry.time || {};
+  const allVersions = Object.keys(registry.versions || {});
+  const versionIndex = allVersions.indexOf(version);
+  const previousVersion = versionIndex > 0 ? allVersions[versionIndex - 1] : null;
+  const previousVersionData = previousVersion
+    ? registry.versions[previousVersion]
+    : null;
+
+  const downloads = await getDownloads(pkg);
+
+  return {
+    name: registry.name,
+    version,
+    previousVersion,
+    description: registry.description || "",
+    downloads: downloads.downloads || 0,
+    maintainers: registry.maintainers || [],
+    license: versionData.license || registry.license || "Unknown",
+    publishedAt: timeData[version],
+    previousPublishedAt: previousVersion ? timeData[previousVersion] : null,
+    firstPublished: timeData.created,
+    repository: registry.repository?.url || versionData.repository?.url || null,
+    deprecated: versionData.deprecated || false,
+    totalVersions: allVersions.length,
+    allVersions,
+
+    // Script data
+    scripts: versionData.scripts || {},
+
+    // Dependency data
+    dependencies: versionData.dependencies || {},
+    previousDependencies: previousVersionData?.dependencies || {},
+
+    // Maintainer history — registry only exposes current maintainers
+    currentMaintainers: registry.maintainers || [],
+
+    // Raw registry for advanced checks
+    _registry: registry,
+    _versionData: versionData,
+  };
+}