package-json
Advanced tools
Comparing version 9.0.0 to 10.0.0
349
index.d.ts
@@ -1,5 +0,228 @@ | ||
import {Agent as HttpAgent} from 'node:http'; | ||
import {Agent as HttpsAgent} from 'node:https'; | ||
import {type Agents} from 'got'; | ||
import type {PackageJson} from 'type-fest'; | ||
type Person = Readonly<PackageJson.Person>; | ||
type PersonObject = Exclude<Person, string>; | ||
// eslint-disable-next-line unicorn/prevent-abbreviations | ||
type Dist = Readonly<{ | ||
/** | ||
The URL of the tarball containing the payload for the package. | ||
*/ | ||
tarball: string; | ||
/** | ||
The SHA-1 sum of the tarball. | ||
*/ | ||
shasum: string; | ||
/** | ||
A string in the format `<hashAlgorithm>-<base64-hash>`. Refer to the {@link https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity Subresource Integrity} docs on MDN and the {@link https://github.com/npm/cacache#integrity `cacache`} package for more information. | ||
@since April 2017 | ||
*/ | ||
integrity?: string; | ||
/** | ||
The number of files in the tarball, folder excluded. | ||
@since February 2018 | ||
*/ | ||
fileCount?: number; | ||
/** | ||
The total bytes of the unpacked files in the tarball. | ||
@since February 2018 | ||
*/ | ||
unpackedSize?: number; | ||
/** | ||
A PGP signature in the format `<package>@<version>:<integrity>`. | ||
@since April 2018 | ||
@deprecated April 2023, see https://docs.npmjs.com/about-registry-signatures | ||
*/ | ||
'npm-signature'?: string; | ||
/** | ||
ECDSA signature(s). | ||
@see https://docs.npmjs.com/about-registry-signatures | ||
@since April 2023 | ||
*/ | ||
signatures?: Array<{ | ||
/** | ||
A SHA-256 public key. | ||
*/ | ||
keyid: string; | ||
sig: string; | ||
}>; | ||
}>; | ||
type AbbreviatedVersionPackageJsonFields = ( | ||
| 'dependencies' | ||
| 'optionalDependencies' | ||
| 'devDependencies' | ||
| 'bundleDependencies' | ||
| 'peerDependencies' | ||
| 'peerDependenciesMeta' | ||
| 'bin' | ||
| 'directories' | ||
| 'engines' | ||
| 'cpu' | ||
| 'os' | ||
| 'funding' | ||
); | ||
type AbbreviatedVersion = Readonly<{ | ||
/** | ||
The name of the package. | ||
*/ | ||
name: string; | ||
/** | ||
Package version, parseable by [`node-semver`](https://github.com/npm/node-semver). | ||
*/ | ||
version: string; | ||
dist: Dist; | ||
/** | ||
The deprecation warnings message of this version. A version is deprecated if this field is set. | ||
*/ | ||
deprecated?: string; | ||
/** | ||
Whether or not this version has a shrinkwrap used to install it. If this field is `undefined`, the client must determine through other means if a shrinkwrap exists. | ||
*/ | ||
_hasShrinkwrap?: boolean; | ||
/** | ||
Whether or not this version has an `install` script. | ||
*/ | ||
hasInstallScript?: boolean; | ||
}> & Pick<Readonly<PackageJson>, AbbreviatedVersionPackageJsonFields>; | ||
// eslint-disable-next-line unicorn/prevent-abbreviations | ||
type DistTags = { | ||
[tagName: string]: string; | ||
latest: string; | ||
}; | ||
type AbbreviatedMetadata = Readonly<{ | ||
/** | ||
The name of the package. | ||
*/ | ||
name: string; | ||
/** | ||
An {@link https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations ISO timestamp} of the last time the package was modified. | ||
*/ | ||
modified: string; | ||
'dist-tags': DistTags; | ||
versions: Record<string, AbbreviatedVersion>; | ||
}>; | ||
type Repository = Readonly<Exclude<PackageJson['repository'], string>>; | ||
type HoistedPackageJsonFields = ( | ||
| 'author' | ||
| 'bugs' | ||
| 'contributors' | ||
| 'description' | ||
| 'homepage' | ||
| 'keywords' | ||
| 'license' | ||
); | ||
// Hoisted from latest version | ||
type HoistedData = Readonly<{ | ||
/** | ||
People with permission to publish the package. Not authoritative but informational. | ||
*/ | ||
maintainers?: PersonObject[]; | ||
/** | ||
The first 64K of the readme data for the most-recently published version of the package. | ||
*/ | ||
readme?: string; | ||
/** | ||
The name of the file from which the readme data was taken. | ||
*/ | ||
readmeFilename?: string; | ||
repository?: Repository; | ||
}> & Pick<Readonly<PackageJson>, HoistedPackageJsonFields>; | ||
type FullVersion = Readonly<{ | ||
/** | ||
`package@version` | ||
*/ | ||
_id: string; | ||
_shasum: string; | ||
_from: string; | ||
/** | ||
The version of npm used to publish the package. | ||
*/ | ||
_npmVersion: string; | ||
/** | ||
The version of Node.js used to publish the package. | ||
*/ | ||
_nodeVersion: string; | ||
/** | ||
The npm user who published this version. | ||
*/ | ||
_npmUser: PersonObject; | ||
licenseText?: string; | ||
gitHead?: string; | ||
}> & Readonly<Omit<PackageJson, 'repository'>> & Omit<AbbreviatedVersion, 'hasInstallScript'> & HoistedData; | ||
type FullMetadata = Readonly<{ | ||
/** | ||
The name of the package, used as an ID in CouchDB. | ||
*/ | ||
_id: string; | ||
/** | ||
The revision number of this version of the document in CouchDB. | ||
*/ | ||
_rev: string; | ||
/** | ||
A mapping of versions to the time they were published. Each value is an {@link https://en.wikipedia.org/wiki/ISO_8601#Combined_date_and_time_representations ISO timestamp}. | ||
*/ | ||
time: { | ||
[version: string]: string; | ||
/** | ||
When the package was created. | ||
*/ | ||
created: string; | ||
/** | ||
When the package was last modified. | ||
*/ | ||
modified: string; | ||
}; | ||
/** | ||
NPM users who have starred the package. | ||
*/ | ||
users?: Readonly<Record<string, boolean>>; | ||
versions: Readonly<Record<string, FullVersion>>; | ||
}> & AbbreviatedMetadata & HoistedData; | ||
/** | ||
@@ -23,3 +246,3 @@ The error thrown when the given package version cannot be found. | ||
export type Options = { | ||
export type Options = Readonly<{ | ||
/** | ||
@@ -36,3 +259,3 @@ Package version such as `1.0.0` or a [dist tag](https://docs.npmjs.com/cli/dist-tag) such as `latest`. | ||
*/ | ||
readonly version?: string; | ||
version?: string; | ||
@@ -44,3 +267,3 @@ /** | ||
*/ | ||
readonly fullMetadata?: boolean; | ||
fullMetadata?: boolean; | ||
@@ -52,3 +275,3 @@ /** | ||
*/ | ||
readonly allVersions?: boolean; | ||
allVersions?: boolean; | ||
@@ -58,103 +281,14 @@ /** | ||
*/ | ||
readonly registryUrl?: string; | ||
registryUrl?: string; | ||
/** | ||
Overwrite the `agent` option that is passed down to [`got`](https://github.com/sindresorhus/got#agent). This might be useful to add [proxy support](https://github.com/sindresorhus/got#proxies). | ||
*/ | ||
readonly agent?: Agents; | ||
}; | ||
Whether or not to omit deprecated versions of a package. | ||
export type FullMetadataOptions = { | ||
/** | ||
By default, only an abbreviated metadata object is returned for performance reasons. [Read more.](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) | ||
If set, versions marked as deprecated on the registry are omitted from results. Providing a dist tag or a specific version will still return that version, even if it's deprecated. If no version can be found once deprecated versions are omitted, a `VersionNotFoundError` is thrown. | ||
@default false | ||
@default true | ||
*/ | ||
readonly fullMetadata: true; | ||
} & Options; | ||
omitDeprecated?: boolean; | ||
}>; | ||
type DistTags = { | ||
readonly [tagName: string]: string; | ||
readonly latest: string; | ||
}; | ||
type AbbreviatedVersion = { | ||
readonly [key: string]: unknown; | ||
readonly name: string; | ||
readonly version: string; | ||
readonly dist: { | ||
readonly shasum: string; | ||
readonly tarball: string; | ||
readonly integrity?: string; | ||
}; | ||
readonly deprecated?: string; | ||
readonly dependencies?: Readonly<Record<string, string>>; | ||
readonly optionalDependencies?: Readonly<Record<string, string>>; | ||
readonly devDependencies?: Readonly<Record<string, string>>; | ||
readonly bundleDependencies?: Readonly<Record<string, string>>; | ||
readonly peerDependencies?: Readonly<Record<string, string>>; | ||
readonly bin?: Readonly<Record<string, string>>; | ||
readonly directories?: readonly string[]; | ||
readonly engines?: Readonly<Record<string, string>>; | ||
readonly _hasShrinkwrap?: boolean; | ||
}; | ||
type Person = { | ||
readonly name?: string; | ||
readonly email?: string; | ||
readonly url?: string; | ||
}; | ||
type HoistedData = { | ||
readonly author?: Person; | ||
readonly bugs?: | ||
| {readonly url: string; readonly email?: string} | ||
| {readonly url?: string; readonly email: string}; | ||
readonly contributors?: readonly Person[]; | ||
readonly description?: string; | ||
readonly homepage?: string; | ||
readonly keywords?: readonly string[]; | ||
readonly license?: string; | ||
readonly maintainers?: readonly Person[]; | ||
readonly readme?: string; | ||
readonly readmeFilename?: string; | ||
readonly repository?: {readonly type: string; readonly url: string}; | ||
}; | ||
type FullVersion = { | ||
readonly [key: string]: unknown; | ||
readonly _id: string; | ||
readonly _nodeVersion: string; | ||
readonly _npmUser: string; | ||
readonly _npmVersion: string; | ||
readonly main?: string; | ||
readonly files?: readonly string[]; | ||
readonly man?: readonly string[]; | ||
readonly scripts?: Readonly<Record<string, string>>; | ||
readonly gitHead?: string; | ||
readonly types?: string; | ||
readonly typings?: string; | ||
} & AbbreviatedVersion & HoistedData; | ||
export type FullMetadata = { | ||
readonly [key: string]: unknown; | ||
readonly _id: string; | ||
readonly _rev: string; | ||
readonly time: { | ||
readonly [version: string]: string; | ||
readonly created: string; | ||
readonly modified: string; | ||
}; | ||
readonly users?: Readonly<Record<string, boolean>>; | ||
readonly versions: Readonly<Record<string, FullVersion>>; | ||
} & AbbreviatedMetadata & HoistedData; | ||
export type AbbreviatedMetadata = { | ||
readonly [key: string]: unknown; | ||
readonly 'dist-tags': DistTags; | ||
readonly modified: string; | ||
readonly name: string; | ||
readonly versions: Readonly<Record<string, AbbreviatedVersion>>; | ||
}; | ||
/** | ||
@@ -176,3 +310,10 @@ Get metadata of a package from the npm registry. | ||
*/ | ||
export default function packageJson(packageName: string, options: FullMetadataOptions): Promise<FullMetadata>; | ||
export default function packageJson(packageName: string, options?: Options): Promise<AbbreviatedMetadata>; | ||
export default function packageJson<ProvidedOptions extends Options>(packageName: string, options?: ProvidedOptions): Promise<( | ||
ProvidedOptions extends {fullMetadata: true} | ||
? ProvidedOptions extends {allVersions: true} | ||
? FullMetadata | ||
: FullVersion & Pick<FullMetadata, 'time'> | ||
: ProvidedOptions extends {allVersions: true} | ||
? AbbreviatedMetadata | ||
: AbbreviatedVersion | ||
)>; |
53
index.js
@@ -1,4 +0,2 @@ | ||
import {Agent as HttpAgent} from 'node:http'; | ||
import {Agent as HttpsAgent} from 'node:https'; | ||
import got from 'got'; | ||
import ky from 'ky'; | ||
import registryUrl from 'registry-url'; | ||
@@ -8,12 +6,2 @@ import registryAuthToken from 'registry-auth-token'; | ||
// These agent options are chosen to match the npm client defaults and help with performance | ||
// See: `npm config get maxsockets` and #50 | ||
const agentOptions = { | ||
keepAlive: true, | ||
maxSockets: 50, | ||
}; | ||
const httpAgent = new HttpAgent(agentOptions); | ||
const httpsAgent = new HttpsAgent(agentOptions); | ||
export class PackageNotFoundError extends Error { | ||
@@ -33,10 +21,8 @@ constructor(packageName) { | ||
export default async function packageJson(packageName, options) { | ||
options = { | ||
version: 'latest', | ||
...options, | ||
}; | ||
export default async function packageJson(packageName, options = {}) { | ||
let {version = 'latest'} = options; | ||
const {omitDeprecated = true} = options; | ||
const scope = packageName.split('/')[0]; | ||
const registryUrl_ = options.registryUrl || registryUrl(scope); | ||
const registryUrl_ = options.registryUrl ?? registryUrl(scope); | ||
const packageUrl = new URL(encodeURIComponent(packageName).replace(/^%40/, '@'), registryUrl_); | ||
@@ -57,19 +43,7 @@ const authInfo = registryAuthToken(registryUrl_.toString(), {recursive: true}); | ||
const gotOptions = { | ||
headers, | ||
agent: { | ||
http: httpAgent, | ||
https: httpsAgent, | ||
}, | ||
}; | ||
if (options.agent) { | ||
gotOptions.agent = options.agent; | ||
} | ||
let data; | ||
try { | ||
data = await got(packageUrl, gotOptions).json(); | ||
data = await ky(packageUrl, {headers, keepalive: true}).json(); | ||
} catch (error) { | ||
if (error?.response?.statusCode === 404) { | ||
if (error?.response?.status === 404) { | ||
throw new PackageNotFoundError(packageName); | ||
@@ -85,3 +59,2 @@ } | ||
let {version} = options; | ||
const versionError = new VersionNotFoundError(packageName, version); | ||
@@ -94,3 +67,13 @@ | ||
} else if (version) { | ||
if (!data.versions[version]) { | ||
const versionExists = Boolean(data.versions[version]); | ||
if (omitDeprecated && !versionExists) { | ||
for (const [metadataVersion, metadata] of Object.entries(data.versions)) { | ||
if (metadata.deprecated) { | ||
delete data.versions[metadataVersion]; | ||
} | ||
} | ||
} | ||
if (!versionExists) { | ||
const versions = Object.keys(data.versions); | ||
@@ -97,0 +80,0 @@ version = semver.maxSatisfying(versions, version); |
{ | ||
"name": "package-json", | ||
"version": "9.0.0", | ||
"version": "10.0.0", | ||
"description": "Get metadata of a package from the npm registry", | ||
@@ -23,4 +23,3 @@ "license": "MIT", | ||
"scripts": { | ||
"//test": "xo && ava && tsd", | ||
"test": "xo && ava" | ||
"test": "xo && ava && tsd" | ||
}, | ||
@@ -43,14 +42,14 @@ "files": [ | ||
"dependencies": { | ||
"got": "^13.0.0", | ||
"ky": "^1.2.0", | ||
"registry-auth-token": "^5.0.2", | ||
"registry-url": "^6.0.1", | ||
"semver": "^7.5.4" | ||
"semver": "^7.6.0" | ||
}, | ||
"devDependencies": { | ||
"@types/node": "^20.11.5", | ||
"ava": "^6.1.0", | ||
"mock-private-registry": "^1.1.2", | ||
"tsd": "^0.30.4", | ||
"xo": "^0.56.0" | ||
"@types/node": "^18", | ||
"ava": "^6.1.1", | ||
"private-registry-mock": "^0.3.0", | ||
"tsd": "^0.30.7", | ||
"xo": "^0.57.0" | ||
} | ||
} |
@@ -56,3 +56,3 @@ # package-json | ||
By default, only an abbreviated metadata object is returned for performance reasons. [Read more.](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md) | ||
By default, only an abbreviated metadata object is returned for performance reasons. [Read more](https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md), or see the [type definitions](index.d.ts). | ||
@@ -73,8 +73,11 @@ ##### allVersions | ||
##### agent | ||
##### omitDeprecated | ||
Type: `object` | ||
Type: `boolean`\ | ||
Default: `true` | ||
Overwrite the `agent` option that is passed down to [`got`](https://github.com/sindresorhus/got#agent). This might be useful to add [proxy support](https://github.com/sindresorhus/got#proxies). | ||
Whether or not to omit deprecated versions of a package. | ||
If set, versions marked as deprecated on the registry are omitted from results. Providing a dist tag or a specific version will still return that version, even if it's deprecated. If no version can be found once deprecated versions are omitted, a [`VersionNotFoundError`](#versionnotfounderror) is thrown. | ||
### PackageNotFoundError | ||
@@ -92,2 +95,8 @@ | ||
## Proxies | ||
Proxy support is not implemented in this package. If necessary, use a global agent that modifies [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API), which this package uses internally. | ||
Support for this may come to [Node.js in the future](https://github.com/nodejs/undici/issues/1650). | ||
## Related | ||
@@ -94,0 +103,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
15271
321
107
1
+ Addedky@^1.2.0
+ Addedky@1.7.2(transitive)
- Removedgot@^13.0.0
- Removed@sindresorhus/is@5.6.0(transitive)
- Removed@szmarczak/http-timer@5.0.1(transitive)
- Removed@types/http-cache-semantics@4.0.4(transitive)
- Removedcacheable-lookup@7.0.0(transitive)
- Removedcacheable-request@10.2.14(transitive)
- Removeddecompress-response@6.0.0(transitive)
- Removeddefer-to-connect@2.0.1(transitive)
- Removedform-data-encoder@2.1.4(transitive)
- Removedget-stream@6.0.1(transitive)
- Removedgot@13.0.0(transitive)
- Removedhttp-cache-semantics@4.1.1(transitive)
- Removedhttp2-wrapper@2.2.1(transitive)
- Removedjson-buffer@3.0.1(transitive)
- Removedkeyv@4.5.4(transitive)
- Removedlowercase-keys@3.0.0(transitive)
- Removedmimic-response@3.1.04.0.0(transitive)
- Removednormalize-url@8.0.1(transitive)
- Removedp-cancelable@3.0.0(transitive)
- Removedquick-lru@5.1.1(transitive)
- Removedresolve-alpn@1.2.1(transitive)
- Removedresponselike@3.0.0(transitive)
Updatedsemver@^7.6.0