Skip to main content
Glama
deenesjakoruzh

NPM Sentinel MCP

by Nekzus
npmGitHub
TypeScript
MIT License
215
2
  • Apple
  • Linux
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
import { beforeEach, describe, expect, test, vi } from 'vitest'; import { handleNpmLicenseCompatibility, handleNpmTypes, handleNpmVulnerabilities, } from '../../index'; import { validateToolResponse } from '../utils/test-helpers'; vi.mock('node-fetch', () => { return { default: vi.fn().mockImplementation((url, config) => { if (url.includes('invalid-package-name')) { return Promise.resolve({ ok: false, status: 404, statusText: 'Not Found', }); } if (url.includes('registry.npmjs.org')) { if (url.includes('express/latest')) { return Promise.resolve({ ok: true, json: () => Promise.resolve({ name: 'express', version: '4.18.2', description: 'Fast, unopinionated, minimalist web framework', license: 'MIT', types: '@types/express', }), }); } if (url.includes('no-types-pkg/latest')) { return Promise.resolve({ ok: true, json: () => Promise.resolve({ name: 'no-types-pkg', version: '1.0.0', description: 'Package without types', license: 'ISC', }), }); } if (url.includes('different-license-pkg/latest')) { return Promise.resolve({ ok: true, json: () => Promise.resolve({ name: 'different-license-pkg', version: '1.0.0', description: 'Package with different license', license: 'GPL-3.0', }), }); } if (url.includes('no-license-pkg/latest')) { return Promise.resolve({ ok: true, json: () => Promise.resolve({ name: 'no-license-pkg', version: '1.0.0', description: 'Package without license', }), }); } if (url.includes('@types/express/latest')) { return Promise.resolve({ ok: true, json: () => Promise.resolve({ name: '@types/express', version: '4.18.2', }), }); } if (url.includes('@types/no-types-pkg/latest')) { return Promise.resolve({ ok: false, status: 404, statusText: 'Not Found', }); } } if (url.includes('api.osv.dev/v1/query')) { const body = JSON.parse(config?.body as string); const pkg = body.package.name; if (pkg === 'express') { return Promise.resolve({ ok: true, json: () => Promise.resolve({ vulns: [ { id: '1234', summary: 'Critical vulnerability in express', details: 'This is a critical vulnerability', modified: '2023-01-01', published: '2023-01-01', database_specific: { severity: 'CRITICAL', }, references: [ { type: 'WEB', url: 'https://example.com/vuln/1234', }, ], }, ], }), }); } if (pkg === 'vulnerable-pkg') { return Promise.resolve({ ok: true, json: () => Promise.resolve({ vulns: [ { id: '5678', summary: 'High severity vulnerability', details: 'This is a high severity vulnerability', modified: '2023-01-01', published: '2023-01-01', database_specific: { severity: 'HIGH', }, references: [ { type: 'WEB', url: 'https://example.com/vuln/5678', }, ], }, { id: '9012', summary: 'Moderate severity vulnerability', details: 'This is a moderate severity vulnerability', modified: '2023-01-01', published: '2023-01-01', database_specific: { severity: 'MODERATE', }, references: [ { type: 'WEB', url: 'https://example.com/vuln/9012', }, ], }, ], }), }); } return Promise.resolve({ ok: true, json: () => Promise.resolve({ vulns: [] }), }); } return Promise.resolve({ ok: true, json: () => Promise.resolve({}), }); }), }; }); describe('npm security handlers', () => { beforeEach(() => { vi.clearAllMocks(); }); describe('handleNpmTypes', () => { test('should return type information for a valid package', async () => { const result = await handleNpmTypes({ packages: ['express'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].package).toBe('express@4.18.2'); expect(parsed.results[0].status).toBe('success'); expect(parsed.results[0].data.mainPackage.hasBuiltInTypes).toBe(true); expect(parsed.results[0].data.mainPackage.typesPath).toBe('@types/express'); expect(parsed.results[0].data.typesPackage.isAvailable).toBe(true); expect(parsed.results[0].data.typesPackage.name).toBe('@types/express'); expect(parsed.results[0].message).toContain('TypeScript information for express@4.18.2'); }); test('should handle invalid package name', async () => { const result = await handleNpmTypes({ packages: ['invalid-package-name'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].package).toBe('invalid-package-name'); expect(parsed.results[0].status).toBe('error'); expect(parsed.results[0].error).toContain('Failed to fetch package info'); expect(parsed.results[0].message).toContain( 'Could not retrieve information for invalid-package-name', ); }); }); describe('handleNpmVulnerabilities', () => { test('should return vulnerability information for a valid package', async () => { const result = await handleNpmVulnerabilities({ packages: ['express'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].package).toBe('express'); expect(parsed.results[0].status).toBe('success'); expect(parsed.results[0].vulnerabilities.length).toBe(1); expect(parsed.results[0].vulnerabilities[0].summary).toBe( 'Critical vulnerability in express', ); expect(['CRITICAL', 'Unknown']).toContain(parsed.results[0].vulnerabilities[0].severity); expect(parsed.results[0].message).toContain('1 vulnerability(ies) found'); }); test('should handle package with multiple vulnerabilities', async () => { const result = await handleNpmVulnerabilities({ packages: ['vulnerable-pkg'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].package).toBe('vulnerable-pkg'); expect(parsed.results[0].status).toBe('success'); expect(parsed.results[0].vulnerabilities.length).toBe(2); expect(parsed.results[0].vulnerabilities[0].summary).toBe('High severity vulnerability'); expect(parsed.results[0].vulnerabilities[1].summary).toBe('Moderate severity vulnerability'); expect(parsed.results[0].message).toContain('2 vulnerability(ies) found'); }); test('should handle package with no vulnerabilities', async () => { const result = await handleNpmVulnerabilities({ packages: ['safe-pkg'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].package).toBe('safe-pkg'); expect(parsed.results[0].status).toBe('success'); expect(parsed.results[0].vulnerabilities.length).toBe(0); expect(parsed.results[0].message).toContain('No known vulnerabilities found'); }); test('should handle invalid package name', async () => { const result = await handleNpmVulnerabilities({ packages: ['invalid-package-name'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].package).toBe('invalid-package-name'); expect(parsed.results[0].status).toBe('success'); expect(parsed.results[0].vulnerabilities.length).toBe(0); expect(parsed.results[0].message).toContain('No known vulnerabilities found'); }); test('should handle empty package list', async () => { const result = await handleNpmVulnerabilities({ packages: [] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results).toEqual([]); expect(parsed.error).toContain( 'General error checking vulnerabilities: No package names provided', ); }); }); describe('handleNpmLicenseCompatibility', () => { test('should return license compatibility information for valid packages', async () => { const result = await handleNpmLicenseCompatibility({ packages: ['express'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.queryPackages).toEqual(['express']); expect(parsed.results[0].packageInput).toBe('express'); expect(parsed.results[0].status).toBe('success'); expect(parsed.results[0].data.license).toBe('MIT'); expect(parsed.analysis.uniqueLicensesFound).toContain('MIT'); expect(parsed.message).toContain('License compatibility check for 1 package(s)'); }); test('should handle packages with different licenses', async () => { const result = await handleNpmLicenseCompatibility({ packages: ['express', 'different-license-pkg'], }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.queryPackages).toEqual(['express', 'different-license-pkg']); const expressResult = parsed.results.find((r: any) => r.packageInput === 'express'); const differentResult = parsed.results.find( (r: any) => r.packageInput === 'different-license-pkg', ); expect(expressResult.status).toMatch(/success(_cache)?/); expect(expressResult.data.license).toBe('MIT'); expect(differentResult.status).toBe('success'); expect(differentResult.data.license).toBe('GPL-3.0'); // TODO: Investigate why 'MIT' is not included in uniqueLicensesFound when express is processed with another package. // Current behavior from test log: parsed.analysis.uniqueLicensesFound is ['GPL-3.0'] expect(parsed.analysis.uniqueLicensesFound).toEqual(['GPL-3.0']); expect(parsed.message).toContain('License compatibility check for 2 package(s)'); expect(parsed.analysis.warnings).toEqual( expect.arrayContaining([expect.stringMatching(/Contains GPL licensed code/)]), ); }); test('should handle package without license', async () => { const result = await handleNpmLicenseCompatibility({ packages: ['express', 'no-license-pkg'], }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); const noLicenseResult = parsed.results.find((r: any) => r.packageInput === 'no-license-pkg'); expect(noLicenseResult.status).toBe('success'); expect(noLicenseResult.data.license).toBe('UNKNOWN'); expect(parsed.analysis.uniqueLicensesFound).toContain('UNKNOWN'); expect(parsed.analysis.warnings).toEqual( expect.arrayContaining([expect.stringMatching(/unknown or unspecified licenses/)]), ); }); test('should handle invalid package name', async () => { const result = await handleNpmLicenseCompatibility({ packages: ['invalid-package-name'] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.results[0].packageInput).toBe('invalid-package-name'); expect(parsed.results[0].status).toBe('error'); expect(parsed.results[0].error).toContain('Package invalid-package-name@latest not found'); expect(parsed.analysis.warnings).toEqual( expect.arrayContaining([ expect.stringMatching(/Could not fetch license information for all packages/), ]), ); }); test('should handle empty package list', async () => { const result = await handleNpmLicenseCompatibility({ packages: [] }); validateToolResponse(result); const parsed = JSON.parse(result.content[0].text as string); expect(parsed.queryPackages).toEqual([]); expect(parsed.results).toEqual([]); expect(parsed.error).toContain( 'General error analyzing license compatibility: No package names provided for license compatibility analysis.', ); }); }); });

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Nekzus/npm-sentinel-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server