feat: resolveOnNpmRegistry option

README.md

@@ -47,7 +47,7 @@ const data = await scorecard.result("NodeSecure/scanner");
 console.log(data);
 ```
 
-You can also provide a custom `platform` with the **options** payload:
+You can provide a custom `platform` with the **options** payload:
 
 ```ts
 const data = await scorecard.result("NodeSecure/scanner", {
@@ -56,6 +56,14 @@ const data = await scorecard.result("NodeSecure/scanner", {
 console.log(data);
 ```
 
+You can disable `resolveOnNpmRegistry` option which is `true` by default.
+
+```ts
+const data = await scorecard.result("NodeSecure/scanner", {
+  resolveOnNpmRegistry: false, // default to true
+});
+console.log(data);
+```
 Options are described with the following TypeScript interface:
 
 ```ts
@@ -65,6 +73,11 @@ export interface IResultOptions {
    * @default github.com
    */
   platform?: string;
+  /**
+   * @description Try to resolve the given repository on the NPM registry if its not found on the given platform.
+   * @default true
+   */
+  resolveOnNpmRegistry?: boolean;
 }
 ```
 

src/index.ts

@@ -42,6 +42,11 @@ export interface IResultOptions {
    * @default github.com
    */
   platform?: string;
+  /**
+   * @description Try to resolve the given repository on the NPM registry if its not found on the given platform.
+   * @default true
+   */
+  resolveOnNpmRegistry?: boolean;
 }
 
 async function getNpmRepository(repository: string): Promise<string> {
@@ -67,7 +72,10 @@ export async function result(
   options: IResultOptions = {}
 ): Promise<ScorecardResult> {
   let formattedRepository = repository;
-  const { platform = kDefaultPlatform } = options;
+  const {
+    platform = kDefaultPlatform,
+    resolveOnNpmRegistry = true
+  } = options;
   const [owner, repo] = repository.replace("@", "").split("/");
 
   try {
@@ -83,14 +91,20 @@ export async function result(
     const data = await response.json() as any;
     formattedRepository = data.full_name;
   }
-  catch {
-    // If the repository is not found, we try to retrieve it from the NPM registry
-    // i.e: if given repository is "@nodesecure/cli"
+  catch (error) {
+    if (!resolveOnNpmRegistry) {
+      throw new Error("Invalid repository, cannot find it on GitHub", {
+        cause: error
+      });
+    }
+
     try {
       formattedRepository = await getNpmRepository(repository);
     }
-    catch {
-      throw new Error("Invalid repository, cannot find it on GitHub or NPM registry");
+    catch (error) {
+      throw new Error("Invalid repository, cannot find it on GitHub or NPM registry", {
+        cause: error
+      });
     }
   }
 

test/result.spec.ts

@@ -128,6 +128,20 @@ describe("#result() FT", () => {
       ["date", "repo", "scorecard", "score", "checks"].sort()
     );
   });
+
+  it("should throw when given a package and npm resolve is falsy", async() => {
+    assert.rejects(async() => scorecard.result("@unknown-package/for-sure", { resolveOnNpmRegistry: false }), {
+      name: "Error",
+      message: "Invalid repository, cannot find it on GitHub"
+    });
+  });
+
+  it("should throw when given an unknown npm package", async() => {
+    assert.rejects(async() => await scorecard.result("@unknown-package/for-sure", { resolveOnNpmRegistry: true }), {
+      name: "Error",
+      message: "Invalid repository, cannot find it on GitHub or NPM registry"
+    });
+  });
 });
 
 function getPath(repository: string): string {

tsconfig.json

@@ -2,9 +2,9 @@
   "compilerOptions": {
     "declaration": true,
     "strictNullChecks": true,
-    "target": "ES2020",
+    "target": "ES2022",
     "outDir": "dist",
-    "module": "ES2020",
+    "module": "ES2022",
     "moduleResolution": "node",
     "esModuleInterop": true,
     "resolveJsonModule": true,