fix: extract minimal meta into an endpoint (wip 1)

Author: danielroe

app/composables/npm/search-utils.ts

@@ -1,34 +1,25 @@
-import type { NpmSearchResponse, NpmSearchResult, MinimalPackument } from '#shared/types'
+import type { NpmSearchResponse, NpmSearchResult, PackageMetaResponse } from '#shared/types'
 
 /**
- * Convert packument to search result format for display
+ * Convert a lightweight package-meta API response to a search result for display.
  */
-export function packumentToSearchResult(
-  pkg: MinimalPackument,
-  weeklyDownloads?: number,
-): NpmSearchResult {
-  let latestVersion = ''
-  if (pkg['dist-tags']) {
-    latestVersion = pkg['dist-tags'].latest || Object.values(pkg['dist-tags'])[0] || ''
-  }
-  const modified = pkg.time.modified || pkg.time[latestVersion] || ''
-
+export function metaToSearchResult(meta: PackageMetaResponse): NpmSearchResult {
   return {
     package: {
-      name: pkg.name,
-      version: latestVersion,
-      description: pkg.description,
-      keywords: pkg.keywords,
-      date: pkg.time[latestVersion] || modified,
-      links: {
-        npm: `https://www.npmjs.com/package/${pkg.name}`,
-      },
-      maintainers: pkg.maintainers,
+      name: meta.name,
+      version: meta.version,
+      description: meta.description,
+      keywords: meta.keywords,
+      license: meta.license,
+      date: meta.date,
+      links: meta.links,
+      author: meta.author,
+      maintainers: meta.maintainers,
     },
     score: { final: 0, detail: { quality: 0, popularity: 0, maintenance: 0 } },
     searchScore: 0,
-    downloads: weeklyDownloads !== undefined ? { weekly: weeklyDownloads } : undefined,
-    updated: pkg.time[latestVersion] || modified,
+    downloads: meta.weeklyDownloads !== undefined ? { weekly: meta.weeklyDownloads } : undefined,
+    updated: meta.date,
   }
 }
 

app/composables/npm/useNpmSearch.ts

@@ -1,5 +1,5 @@
-import type { Packument, NpmSearchResponse, NpmDownloadCount } from '#shared/types'
-import { emptySearchResponse, packumentToSearchResult } from './search-utils'
+import type { NpmSearchResponse, PackageMetaResponse } from '#shared/types'
+import { emptySearchResponse, metaToSearchResult } from './search-utils'
 
 export interface NpmSearchOptions {
   /** Number of results */
@@ -19,42 +19,41 @@ export interface NpmSearchOptions {
  * to call at any time (event handlers, async callbacks, etc.).
  */
 export function useNpmSearch() {
-  const { $npmRegistry, $npmApi } = useNuxtApp()
+  const { $npmRegistry } = useNuxtApp()
 
   /**
    * Search npm packages via the npm registry API.
    * Returns results in the same `NpmSearchResponse` format as `useAlgoliaSearch`.
    *
-   * Single-character queries are handled specially: they do a direct packument
-   * + download count lookup instead of a search, because the search API returns
-   * poor results for single-char terms.
+   * Single-character queries are handled specially: they fetch lightweight
+   * metadata from a server-side proxy instead of a search, because the
+   * search API returns poor results for single-char terms. The proxy
+   * fetches the full packument + download counts server-side and returns
+   * only the fields needed for package cards.
    */
   async function search(
     query: string,
     options: NpmSearchOptions = {},
     signal?: AbortSignal,
   ): Promise<NpmSearchResponse> {
-    // Single-character: direct packument lookup
+    // Single-character: fetch lightweight metadata via server proxy
     if (query.length === 1) {
-      const encodedName = encodePackageName(query)
-      const [{ data: pkg, isStale }, { data: downloads }] = await Promise.all([
-        $npmRegistry<Packument>(`/${encodedName}`, { signal }),
-        $npmApi<NpmDownloadCount>(`/downloads/point/last-week/${encodedName}`, {
-          signal,
-        }),
-      ])
+      try {
+        const meta = await $fetch<PackageMetaResponse>(
+          `/api/registry/package-meta/${encodePackageName(query)}`,
+          { signal },
+        )
 
-      if (!pkg) {
-        return emptySearchResponse()
-      }
+        const result = metaToSearchResult(meta)
 
-      const result = packumentToSearchResult(pkg, downloads?.downloads)
-
-      return {
-        objects: [result],
-        total: 1,
-        isStale,
-        time: new Date().toISOString(),
+        return {
+          objects: [result],
+          total: 1,
+          isStale: false,
+          time: new Date().toISOString(),
+        }
+      } catch {
+        return emptySearchResponse()
       }
     }
 

app/composables/npm/useOrgPackages.ts

@@ -1,5 +1,5 @@
-import type { NpmSearchResponse, NpmSearchResult, MinimalPackument } from '#shared/types'
-import { emptySearchResponse, packumentToSearchResult } from './search-utils'
+import type { NpmSearchResponse, NpmSearchResult, PackageMetaResponse } from '#shared/types'
+import { emptySearchResponse, metaToSearchResult } from './search-utils'
 import { mapWithConcurrency } from '#shared/utils/async'
 
 /**
@@ -15,7 +15,7 @@ export function useOrgPackages(orgName: MaybeRefOrGetter<string>) {
 
   const asyncData = useLazyAsyncData(
     () => `org-packages:${searchProvider.value}:${toValue(orgName)}`,
-    async ({ $npmRegistry, ssrContext }, { signal }) => {
+    async ({ ssrContext }, { signal }) => {
       const org = toValue(orgName)
       if (!org) {
         return emptySearchResponse()
@@ -62,28 +62,25 @@ export function useOrgPackages(orgName: MaybeRefOrGetter<string>) {
         }
       }
 
-      // npm fallback: fetch packuments individually
-      const packuments = await mapWithConcurrency(
+      // npm fallback: fetch lightweight metadata via server proxy
+      const metaResults = await mapWithConcurrency(
         packageNames,
         async name => {
           try {
-            const encoded = encodePackageName(name)
-            const { data: pkg } = await $npmRegistry<MinimalPackument>(`/${encoded}`, {
-              signal,
-            })
-            return pkg
+            return await $fetch<PackageMetaResponse>(
+              `/api/registry/package-meta/${encodePackageName(name)}`,
+              { signal },
+            )
           } catch {
             return null
           }
         },
         10,
       )
 
-      const validPackuments = packuments.filter(
-        (pkg): pkg is MinimalPackument => pkg !== null && !!pkg['dist-tags'],
-      )
-
-      const results: NpmSearchResult[] = validPackuments.map(pkg => packumentToSearchResult(pkg))
+      const results: NpmSearchResult[] = metaResults
+        .filter((meta): meta is PackageMetaResponse => meta !== null)
+        .map(metaToSearchResult)
 
       return {
         isStale: false,

server/api/registry/package-meta/[...pkg].get.ts

@@ -0,0 +1,118 @@
+import type { NpmDownloadCount } from '#shared/types'
+import {
+  CACHE_MAX_AGE_FIVE_MINUTES,
+  ERROR_NPM_FETCH_FAILED,
+  NPM_API,
+} from '#shared/utils/constants'
+import { encodePackageName } from '#shared/utils/npm'
+
+/**
+ * Returns lightweight package metadata for search results.
+ *
+ * Fetches the full packument + weekly downloads server-side, extracts only
+ * the fields needed for package cards, and returns a small JSON payload.
+ * This avoids sending the full packument (which can be MBs) to the client.
+ *
+ * URL patterns:
+ * - /api/registry/package-meta/packageName
+ * - /api/registry/package-meta/@scope/packageName
+ */
+export default defineCachedEventHandler(
+  async event => {
+    const pkgParam = getRouterParam(event, 'pkg')
+    if (!pkgParam) {
+      throw createError({ statusCode: 404, message: 'Package name is required' })
+    }
+
+    const packageName = decodeURIComponent(pkgParam)
+    const encodedName = encodePackageName(packageName)
+
+    try {
+      const [packument, downloads] = await Promise.all([
+        fetchNpmPackage(packageName),
+        $fetch<NpmDownloadCount>(`${NPM_API}/downloads/point/last-week/${encodedName}`).catch(
+          () => null,
+        ),
+      ])
+
+      const latestVersion =
+        packument['dist-tags']?.latest || Object.values(packument['dist-tags'] ?? {})[0] || ''
+      const modified = packument.time?.modified || packument.time?.[latestVersion] || ''
+      const date = packument.time?.[latestVersion] || modified
+
+      // Extract repository URL from the packument's repository field
+      // TODO: @npm/types says repository is always an object, but some old
+      // packages have a bare string in the registry JSON
+      let repositoryUrl: string | undefined
+      if (packument.repository) {
+        const repo = packument.repository as { url?: string } | string
+        const rawUrl = typeof repo === 'string' ? repo : repo.url
+        if (rawUrl) {
+          // Normalize git+https:// and git:// URLs to https://
+          repositoryUrl = rawUrl
+            .replace(/^git\+/, '')
+            .replace(/^git:\/\//, 'https://')
+            .replace(/\.git$/, '')
+        }
+      }
+
+      // Extract bugs URL
+      // TODO: @npm/types types bugs as { email?: string; url?: string } on
+      // packuments, but some old packages store it as a plain URL string
+      let bugsUrl: string | undefined
+      if (packument.bugs) {
+        const bugs = packument.bugs as { url?: string } | string
+        bugsUrl = typeof bugs === 'string' ? bugs : bugs.url
+      }
+
+      // Normalize author field to NpmPerson shape
+      // TODO: @npm/types types author as Contact (object), but some old
+      // packages store it as a plain string (e.g. "Name <email>")
+      let author: { name?: string; email?: string; url?: string } | undefined
+      if (packument.author) {
+        const a = packument.author as { name?: string; email?: string; url?: string } | string
+        author = typeof a === 'string' ? { name: a } : { name: a.name, email: a.email, url: a.url }
+      }
+
+      // Normalize license to a string
+      // TODO: @npm/types types license as string, but some old packages use
+      // the deprecated { type, url } object format
+      const license = packument.license
+        ? typeof packument.license === 'string'
+          ? packument.license
+          : (packument.license as { type: string }).type
+        : undefined
+
+      return {
+        name: packument.name,
+        version: latestVersion,
+        description: packument.description,
+        keywords: packument.keywords,
+        license,
+        date,
+        links: {
+          npm: `https://www.npmjs.com/package/${packument.name}`,
+          homepage: packument.homepage,
+          repository: repositoryUrl,
+          bugs: bugsUrl,
+        },
+        author,
+        maintainers: packument.maintainers,
+        weeklyDownloads: downloads?.downloads,
+      }
+    } catch (error: unknown) {
+      handleApiError(error, {
+        statusCode: 502,
+        message: ERROR_NPM_FETCH_FAILED,
+      })
+    }
+  },
+  {
+    maxAge: CACHE_MAX_AGE_FIVE_MINUTES,
+    swr: true,
+    getKey: event => {
+      const pkg = getRouterParam(event, 'pkg') ?? ''
+      return `package-meta:v1:${pkg}`
+    },
+  },
+)

shared/types/npm-registry.ts

@@ -379,3 +379,26 @@ export interface MinimalPackument {
   'time': Record<string, string>
   'maintainers'?: NpmPerson[]
 }
+
+/**
+ * Lightweight package metadata returned by /api/registry/package-meta/.
+ * Contains only the fields needed for search result cards, extracted
+ * server-side from the full packument + downloads API.
+ */
+export interface PackageMetaResponse {
+  name: string
+  version: string
+  description?: string
+  keywords?: string[]
+  license?: string
+  date: string
+  links: {
+    npm: string
+    homepage?: string
+    repository?: string
+    bugs?: string
+  }
+  author?: NpmPerson
+  maintainers?: NpmPerson[]
+  weeklyDownloads?: number
+}