( pkg: Packument, requestedVersion?: string | null, )
| 12 | * - Stripping unnecessary fields from version objects |
| 13 | */ |
| 14 | export function transformPackument( |
| 15 | pkg: Packument, |
| 16 | requestedVersion?: string | null, |
| 17 | ): SlimPackument { |
| 18 | // Get versions pointed to by dist-tags |
| 19 | const distTagVersions = new Set(Object.values(pkg['dist-tags'] ?? {})) |
| 20 | |
| 21 | // Get 5 most recent versions by publish time |
| 22 | const recentVersions = Object.keys(pkg.versions) |
| 23 | .filter(v => pkg.time[v]) |
| 24 | .sort((a, b) => { |
| 25 | const timeA = pkg.time[a] |
| 26 | const timeB = pkg.time[b] |
| 27 | if (!timeA || !timeB) return 0 |
| 28 | return Date.parse(timeB) - Date.parse(timeA) |
| 29 | }) |
| 30 | .slice(0, RECENT_VERSIONS_COUNT) |
| 31 | |
| 32 | // Combine: recent versions + dist-tag versions + requested version (deduplicated) |
| 33 | const includedVersions = new Set([...recentVersions, ...distTagVersions]) |
| 34 | |
| 35 | // Add the requested version if it exists in the package |
| 36 | if (requestedVersion && pkg.versions[requestedVersion]) { |
| 37 | includedVersions.add(requestedVersion) |
| 38 | } |
| 39 | |
| 40 | // Build security metadata for all versions, but only include in payload |
| 41 | // when the package has mixed trust levels (i.e. a downgrade could exist) |
| 42 | const securityVersionEntries = Object.entries(pkg.versions).map(([version, metadata]) => { |
| 43 | const trustStatus = getTrustStatus(metadata) |
| 44 | return { |
| 45 | version, |
| 46 | time: pkg.time[version], |
| 47 | trustStatus, |
| 48 | deprecated: metadata.deprecated, |
| 49 | } |
| 50 | }) |
| 51 | |
| 52 | const trustLevels = new Set(securityVersionEntries.map(v => getTrustLevel(v.trustStatus))) |
| 53 | const hasMixedTrust = trustLevels.size > 1 |
| 54 | const securityVersions = hasMixedTrust ? securityVersionEntries : undefined |
| 55 | |
| 56 | // Build filtered versions object with install scripts info per version |
| 57 | const filteredVersions: Record<string, SlimVersion> = {} |
| 58 | let versionData: SlimPackumentVersion | null = null |
| 59 | for (const v of includedVersions) { |
| 60 | const version = pkg.versions[v] |
| 61 | if (version) { |
| 62 | const versionLicense = normalizeLicense(version.license) |
| 63 | if (version.version === requestedVersion) { |
| 64 | // Strip readme from each version, extract install scripts info |
| 65 | const { readme: _readme, scripts, ...slimVersion } = version |
| 66 | |
| 67 | // Extract install scripts info (which scripts exist + npx deps) |
| 68 | const installScripts = scripts ? extractInstallScriptsInfo(scripts) : null |
| 69 | versionData = { |
| 70 | ...slimVersion, |
| 71 | license: versionLicense, |
no test coverage detected