metascope 0.2.2 → 0.2.3

package/dist/lib/package.js

@@ -1,5 +1,5 @@
 //#region package.json
 var name = "metascope";
-var version = "0.2.2";
+var version = "0.2.3";
 //#endregion
 export { name, version };

package/dist/lib/sources/github.js

@@ -360,6 +360,10 @@ function mapRepoData(data, extras) {
 }
 const githubSource = defineSource({
 	async discover(context) {
+		if (context.options.offline) {
+			log.warn("Skipping GitHub data source since we're in offline mode");
+			return [];
+		}
 		let gitRemotes = ensureArray(context.metadata?.gitConfig).map((config) => config.data.remote).filter((remote) => remote !== void 0);
 		if (gitRemotes.length === 0 && !context.completedSources?.has("gitConfig")) {
 			log.warn(`Missing gitConfig in source context metadata for ${context.options.path}, extracting it now...`);

package/dist/lib/sources/processing-library-properties.d.ts

@@ -8,13 +8,13 @@ declare const processingLibraryPropertiesSchema: z.ZodObject<{
     url: z.ZodOptional<z.ZodString>;
   }, z.core.$strip>>;
   categories: z.ZodArray<z.ZodEnum<{
+    GUI: "GUI";
     "3D": "3D";
     Animation: "Animation";
     Compilations: "Compilations";
     Data: "Data";
     Fabrication: "Fabrication";
     Geometry: "Geometry";
-    GUI: "GUI";
     Hardware: "Hardware";
     "I/O": "I/O";
     Language: "Language";

package/dist/lib/sources/python-pypi-registry.js

@@ -31,11 +31,15 @@ const pypistatsOverallSchema = z.object({ data: z.array(z.object({
 })) });
 const pythonPypiRegistrySource = defineSource({
 	async discover(context) {
+		if (context.options.offline) {
+			log.warn("Skipping Python PyPI registry data source since we're in offline mode");
+			return [];
+		}
 		let packageNames = [];
-		packageNames = ensureArray(context.metadata?.pythonPyprojectToml).map((value) => value.data.project?.name).filter((value) => value !== void 0);
-		if (packageNames.length === 0) packageNames = ensureArray(context.metadata?.pythonSetupCfg).map((value) => value.data.name).filter((value) => value !== void 0);
-		if (packageNames.length === 0) packageNames = ensureArray(context.metadata?.pythonSetupPy).map((value) => value.data.name).filter((value) => value !== void 0);
-		if (packageNames.length === 0) packageNames = ensureArray(context.metadata?.pythonPkgInfo).map((value) => value.data.name).filter((value) => value !== void 0);
+		packageNames = ensureArray(context.metadata?.pythonPyprojectToml).filter((value) => !hasPrivateClassifier(value.data.project?.classifiers, value.data.project?.name, context.options.path)).map((value) => value.data.project?.name).filter((value) => value !== void 0);
+		if (packageNames.length === 0) packageNames = ensureArray(context.metadata?.pythonSetupCfg).filter((value) => !hasPrivateClassifier(value.data.classifiers, value.data.name, context.options.path)).map((value) => value.data.name).filter((value) => value !== void 0);
+		if (packageNames.length === 0) packageNames = ensureArray(context.metadata?.pythonSetupPy).filter((value) => !hasPrivateClassifier(value.data.classifiers, value.data.name, context.options.path)).map((value) => value.data.name).filter((value) => value !== void 0);
+		if (packageNames.length === 0) packageNames = ensureArray(context.metadata?.pythonPkgInfo).filter((value) => !hasPrivateClassifier(value.data.classifiers, value.data.name, context.options.path)).map((value) => value.data.name).filter((value) => value !== void 0);
 		if (packageNames.length === 0) {
 			if (![
 				"pythonPyprojectToml",
@@ -44,10 +48,10 @@ const pythonPypiRegistrySource = defineSource({
 				"pythonPkgInfo"
 			].some((key) => context.completedSources?.has(key))) {
 				log.warn(`Missing python package names in source context metadata for ${context.options.path}, extracting them now...`);
-				packageNames = ensureArray(await pythonPyprojectTomlSource.extract(context)).map((value) => value.data.project?.name).filter((value) => value !== void 0);
-				if (packageNames.length === 0) packageNames = ensureArray(await pythonSetupCfgSource.extract(context)).map((value) => value.data.name).filter((value) => value !== void 0);
-				if (packageNames.length === 0) packageNames = ensureArray(await pythonSetupPySource.extract(context)).map((value) => value.data.name).filter((value) => value !== void 0);
-				if (packageNames.length === 0) packageNames = ensureArray(await pythonPkgInfoSource.extract(context)).map((value) => value.data.name).filter((value) => value !== void 0);
+				packageNames = ensureArray(await pythonPyprojectTomlSource.extract(context)).filter((value) => !hasPrivateClassifier(value.data.project?.classifiers, value.data.project?.name, context.options.path)).map((value) => value.data.project?.name).filter((value) => value !== void 0);
+				if (packageNames.length === 0) packageNames = ensureArray(await pythonSetupCfgSource.extract(context)).filter((value) => !hasPrivateClassifier(value.data.classifiers, value.data.name, context.options.path)).map((value) => value.data.name).filter((value) => value !== void 0);
+				if (packageNames.length === 0) packageNames = ensureArray(await pythonSetupPySource.extract(context)).filter((value) => !hasPrivateClassifier(value.data.classifiers, value.data.name, context.options.path)).map((value) => value.data.name).filter((value) => value !== void 0);
+				if (packageNames.length === 0) packageNames = ensureArray(await pythonPkgInfoSource.extract(context)).filter((value) => !hasPrivateClassifier(value.data.classifiers, value.data.name, context.options.path)).map((value) => value.data.name).filter((value) => value !== void 0);
 			}
 		}
 		return packageNames;
@@ -97,5 +101,15 @@ const pythonPypiRegistrySource = defineSource({
 	},
 	phase: 2
 });
+/**
+* Check if classifiers contain a "Private ::" prefix, which signals that the
+* package is not intended for publication on PyPI. PyPI itself rejects uploads
+* with this classifier.
+*/
+function hasPrivateClassifier(classifiers, packageName, path) {
+	const isPrivate = classifiers?.some((c) => c.startsWith("Private :: ")) ?? false;
+	if (isPrivate) log.debug(`Skipping PyPI registry lookup for "${packageName}" in "${path}" because it has a "Private ::" classifier`);
+	return isPrivate;
+}
 //#endregion
 export { pythonPypiRegistrySource };

package/package.json

@@ -1,11 +1,15 @@
 {
   "name": "metascope",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "A CLI tool and TypeScript library to easily extract metadata from all kinds of software repositories.",
   "keywords": [
     "metadata",
     "codemeta",
     "cli",
+    "git",
+    "repository",
+    "software-analytics",
+    "metrics",
     "npm-package"
   ],
   "homepage": "https://github.com/kitschpatrol/metascope",
@@ -42,19 +46,19 @@
     "@kitschpatrol/tokei": "^2.0.0",
     "@sindresorhus/is": "^7.2.0",
     "@types/mdast": "^4.0.4",
-    "@types/node": "~24.1.0",
+    "@types/node": "~22.17.2",
     "@types/plist": "^3.0.5",
     "@types/yargs": "^17.0.35",
     "case-police": "^2.2.0",
     "defu": "^6.1.4",
-    "fast-xml-parser": "^5.5.3",
+    "fast-xml-parser": "^5.5.9",
     "find-workspaces": "^0.3.1",
     "git-url-parse": "^16.1.0",
     "jiti": "^2.6.1",
     "lognow": "^0.5.2",
     "octokit": "^5.0.5",
     "package-json": "^10.0.1",
-    "picomatch": "^4.0.3",
+    "picomatch": "^4.0.4",
     "pkg-types": "^2.3.0",
     "plist": "^3.1.0",
     "pretty-ms": "^9.3.0",
@@ -64,34 +68,35 @@
     "scule": "^1.3.0",
     "semver": "^7.7.4",
     "simple-git": "^3.33.0",
-    "smol-toml": "^1.6.0",
+    "smol-toml": "^1.6.1",
     "spdx-license-list": "^6.11.0",
-    "tinyexec": "^1.0.2",
+    "tinyexec": "^1.0.4",
     "tinyglobby": "^0.2.15",
     "unified": "^11.0.5",
-    "updates": "^17.9.1",
-    "web-tree-sitter": "^0.26.6",
-    "yaml": "^2.8.2",
+    "updates": "^17.13.1",
+    "web-tree-sitter": "^0.26.7",
+    "yaml": "^2.8.3",
     "yargs": "^18.0.0",
     "zod": "^4.3.6"
   },
   "devDependencies": {
     "@arethetypeswrong/core": "^0.18.2",
     "@fast-csv/parse": "^5.0.5",
-    "@kitschpatrol/shared-config": "^6.0.3",
+    "@kitschpatrol/shared-config": "^6.1.0",
     "@types/jsonld": "^1.5.15",
     "@types/picomatch": "^4.0.2",
     "@types/semver": "^7.7.1",
-    "bumpp": "^10.4.1",
+    "bumpp": "^11.0.1",
     "jsonld": "^9.0.0",
     "mdat-plugin-cli-help": "^1.0.7",
+    "msw": "2.12.14",
     "publint": "^0.3.18",
     "tree-sitter-python": "^0.25.0",
     "tree-sitter-ruby": "^0.23.1",
-    "tsdown": "^0.21.2",
+    "tsdown": "^0.21.7",
     "tsx": "^4.21.0",
     "typescript": "~5.9.3",
-    "vitest": "^4.0.18"
+    "vitest": "^4.1.2"
   },
   "engines": {
     "node": ">=22.17.0"
@@ -104,6 +109,7 @@
     "lint": "ksc lint",
     "release": "bumpp --commit 'Release: %s' && pnpm run build && NPM_AUTH_TOKEN=$(op read 'op://Personal/npm/token') && pnpm publish",
     "pretest": "mkdir -p src/grammars && cp node_modules/tree-sitter-ruby/tree-sitter-ruby.wasm src/grammars/tree-sitter-ruby.wasm && cp node_modules/tree-sitter-python/tree-sitter-python.wasm src/grammars/tree-sitter-python.wasm",
-    "test": "vitest run"
+    "test": "vitest run",
+    "test:live": "METASCOPE_TEST_MOCK=false vitest run"
   }
 }

package/readme.md

@@ -6,10 +6,18 @@
 
 <!-- /title -->
 
-<!-- badges -->
+<!-- badges { custom: {
+    "CI": {
+      image: "https://github.com/kitschpatrol/metascope/actions/workflows/ci.yml/badge.svg",
+      link: "https://github.com/kitschpatrol/metascope/actions/workflows/ci.yml",
+    },
+  }
+}
+-->
 
 [![NPM Package metascope](https://img.shields.io/npm/v/metascope.svg)](https://npmjs.com/package/metascope)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![CI](https://github.com/kitschpatrol/metascope/actions/workflows/ci.yml/badge.svg)](https://github.com/kitschpatrol/metascope/actions/workflows/ci.yml)
 
 <!-- /badges -->
 
@@ -35,7 +43,7 @@ Highlights:
   Metascope pulls project metadata from many available sources: `package.json`, `pyproject.toml`, NPM, PyPI, GitHub, git, filesystem stats, and [more](#sources).
 
 - **Graceful degradation**\
-  Each source checks its own availability before extraction. Missing tools, unavailable APIs, or absent credentials are silently skipped — you always get back whatever data _is_ available.
+  Each source checks its own availability before extraction. Missing tools, unavailable APIs, or absent credentials are silently skipped — you always get back whatever data _is_ available within the constraints of the calling context.
 
 - **Parallel extraction**\
   After an initial codemeta pass for discovery hints (package name, repository URL, keywords), all remaining sources are checked and extracted concurrently.
@@ -561,6 +569,10 @@ Metascope was built to support automated generation of project dashboards, badge
   A suite of CLI tools to automate software compliance checks (Kotlin)
 - [Git Truck](https://github.com/git-truck/git-truck)\
   Repository visualization. (TypeScript)
+- [Onefetch](https://github.com/o2sh/onefetch)
+  Offline command-line Git information tool (Rust)
+- [Sokrates](https://www.sokrates.dev/)
+  Polyglot source code examination tool (Java)
 
 ## Slop factor