feat: minimum age

src/services/dependencyAnalyzerService.ts

@@ -6,7 +6,7 @@
 
 import { Logger } from "@nhcarrigan/logger";
 import semver from "semver";
-import type { NpmService } from "./npmService.js";
+import { NpmService } from "./npmService.js";
 import type {
   DependencyType,
   DependencyUpdate,
@@ -151,7 +151,15 @@ class DependencyAnalyzerService {
         return null;
       }
 
-      const latestVersion = packageInfo["dist-tags"].latest;
+      // Use mature version (at least 10 days old) instead of dist-tags.latest
+      const latestVersion = NpmService.getLatestMatureVersion(
+        packageInfo,
+        10,
+      );
+      if (latestVersion === null) {
+        return null;
+      }
+
       const cleanCurrentVersion = cleanVersion(currentVersion);
 
       if (shouldUpdate(cleanCurrentVersion, latestVersion)) {

src/services/npmService.ts

@@ -148,6 +148,44 @@ class NpmService {
     });
   }
 
+  /**
+   * Gets the latest version that is at least minimumAgeDays old.
+   * @param packageInfo - The package information from npm.
+   * @param minimumAgeDays - Minimum days since publication (default 10).
+   * @returns The latest mature version, or null if none found.
+   */
+  public static getLatestMatureVersion(
+    packageInfo: NpmPackageInfo,
+    minimumAgeDays = 10,
+  ): string | null {
+    const now = Date.now();
+    const minimumAgeMs = minimumAgeDays * 24 * 60 * 60 * 1000;
+    const cutoffDate = now - minimumAgeMs;
+
+    const versions = Object.keys(packageInfo.versions);
+    const matureVersions = versions.filter((version) => {
+      const publishedAt = packageInfo.time[version];
+      if (publishedAt === undefined) {
+        return false;
+      }
+      const publishedDate = new Date(publishedAt).getTime();
+      return publishedDate <= cutoffDate;
+    });
+
+    if (matureVersions.length === 0) {
+      return null;
+    }
+
+    // Sort by semver (descending) to get the latest mature version
+    matureVersions.sort((version1, version2) => {
+      return version2.localeCompare(version1, undefined, { numeric: true });
+    });
+
+    // eslint-disable-next-line capitalized-comments -- v8 coverage ignore directive must be lowercase
+    /* v8 ignore next -- @preserve */
+    return matureVersions[0] ?? null;
+  }
+
   /**
    * Fetches changelog information for a package update.
    * @param options - The changelog fetch options.

src/types/package.types.ts

@@ -33,6 +33,7 @@ interface NpmPackageInfo {
     latest:        string;
   };
   "name":     string;
+  "time":     Record<string, string>;
   "versions": Record<
     string,
     {

test/services/dependencyAnalyzerService.spec.ts

@@ -8,9 +8,14 @@
 /* eslint-disable max-lines-per-function -- Test suites require many test cases */
 /* eslint-disable @typescript-eslint/naming-convention -- Test data uses npm package names and destructured imports */
 /* eslint-disable @typescript-eslint/consistent-type-assertions -- Required for mocking */
-
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
+const getDaysAgoIso = (days: number): string => {
+  const msPerDay = 24 * 60 * 60 * 1000;
+  const ageMs = days * msPerDay;
+  return new Date(Date.now() - ageMs).toISOString();
+};
+
 vi.mock("@nhcarrigan/logger", () => {
   return {
 
@@ -57,10 +62,13 @@ describe("dependencyAnalyzerService", () => {
   it("should find updates for dependencies", async() => {
     expect.assertions(2);
     const mockNpmService = createMockNpmService();
+    // Include time field with a date >10 days ago for the mature version check
+    const oldDate = getDaysAgoIso(15);
     mockNpmService.getPackageInfo.mockResolvedValue({
       "dist-tags": { latest: "2.0.0" },
       "name":      "test-package",
-      "versions":  {},
+      "time":      { "2.0.0": oldDate },
+      "versions":  { "2.0.0": { version: "2.0.0" } },
     });
     const { DependencyAnalyzerService }
       = await import("../../src/services/dependencyAnalyzerService.js");
@@ -197,10 +205,12 @@ describe("dependencyAnalyzerService", () => {
   it("should not include packages that are already up-to-date", async() => {
     expect.assertions(1);
     const mockNpmService = createMockNpmService();
+    const oldDate = getDaysAgoIso(15);
     mockNpmService.getPackageInfo.mockResolvedValue({
       "dist-tags": { latest: "1.0.0" },
       "name":      "test-package",
-      "versions":  {},
+      "time":      { "1.0.0": oldDate },
+      "versions":  { "1.0.0": { version: "1.0.0" } },
     });
     const { DependencyAnalyzerService }
       = await import("../../src/services/dependencyAnalyzerService.js");
@@ -235,10 +245,12 @@ describe("dependencyAnalyzerService", () => {
   it("should handle version prefixes like ^", async() => {
     expect.assertions(2);
     const mockNpmService = createMockNpmService();
+    const oldDate = getDaysAgoIso(15);
     mockNpmService.getPackageInfo.mockResolvedValue({
       "dist-tags": { latest: "2.0.0" },
       "name":      "test-package",
-      "versions":  {},
+      "time":      { "2.0.0": oldDate },
+      "versions":  { "2.0.0": { version: "2.0.0" } },
     });
     const { DependencyAnalyzerService }
       = await import("../../src/services/dependencyAnalyzerService.js");
@@ -274,10 +286,12 @@ describe("dependencyAnalyzerService", () => {
   it("should handle semver comparison errors", async() => {
     expect.assertions(1);
     const mockNpmService = createMockNpmService();
+    const oldDate = getDaysAgoIso(15);
     mockNpmService.getPackageInfo.mockResolvedValue({
       "dist-tags": { latest: "invalid-version" },
       "name":      "test-package",
-      "versions":  {},
+      "time":      { "invalid-version": oldDate },
+      "versions":  { "invalid-version": { version: "invalid-version" } },
     });
     const { DependencyAnalyzerService }
       = await import("../../src/services/dependencyAnalyzerService.js");
@@ -291,4 +305,28 @@ describe("dependencyAnalyzerService", () => {
     });
     expect(result).toStrictEqual([]);
   });
+
+  it("should return null when no mature version exists", async() => {
+    expect.assertions(1);
+    const mockNpmService = createMockNpmService();
+    // Use a very recent date (2 days ago) so getLatestMatureVersion returns null
+    const recentDate = getDaysAgoIso(2);
+    mockNpmService.getPackageInfo.mockResolvedValue({
+      "dist-tags": { latest: "2.0.0" },
+      "name":      "test-package",
+      "time":      { "2.0.0": recentDate },
+      "versions":  { "2.0.0": { version: "2.0.0" } },
+    });
+    const { DependencyAnalyzerService }
+      = await import("../../src/services/dependencyAnalyzerService.js");
+    const analyzerService = new DependencyAnalyzerService(
+      mockNpmService as Parameters<typeof DependencyAnalyzerService>[0],
+    );
+    const result = await analyzerService.analyzePackageJson({
+      dependencies: {
+        "test-package": "1.0.0",
+      },
+    });
+    expect(result).toStrictEqual([]);
+  });
 });

test/services/npmService.spec.ts

@@ -11,11 +11,19 @@
 /* eslint-disable @typescript-eslint/consistent-type-imports -- Dynamic imports */
 /* eslint-disable vitest/require-to-throw-message -- Generic throw assertion */
 /* eslint-disable stylistic/max-len -- Test files have long URLs */
+/* eslint-disable max-lines -- Test files have many test cases */
+/* eslint-disable max-statements -- Test describe blocks have many statements */
 
 import axios, { AxiosError, type AxiosResponse } from "axios";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { NpmService } from "../../src/services/npmService.js";
 
+const getDaysAgoIso = (days: number): string => {
+  const msPerDay = 24 * 60 * 60 * 1000;
+  const ageMs = days * msPerDay;
+  return new Date(Date.now() - ageMs).toISOString();
+};
+
 vi.mock("axios", async() => {
   const actualAxios = await vi.importActual<typeof import("axios")>("axios");
   return {
@@ -331,4 +339,94 @@ describe("npmService", () => {
     });
     expect(result).toBe("Updated from 1.0.0 to 2.0.0");
   });
+
+  it("should return latest mature version when versions are old enough", () => {
+    expect.assertions(1);
+    const oldDate = getDaysAgoIso(15);
+    const packageInfo = {
+      "dist-tags": { latest: "2.0.0" },
+      "name":      "test-package",
+      "time":      { "1.0.0": oldDate, "2.0.0": oldDate },
+      "versions":  {
+        "1.0.0": { version: "1.0.0" },
+        "2.0.0": { version: "2.0.0" },
+      },
+    };
+    const result = NpmService.getLatestMatureVersion(packageInfo);
+    expect(result).toBe("2.0.0");
+  });
+
+  it("should return null when no mature versions exist", () => {
+    expect.assertions(1);
+    const recentDate = getDaysAgoIso(2);
+    const packageInfo = {
+      "dist-tags": { latest: "2.0.0" },
+      "name":      "test-package",
+      "time":      { "2.0.0": recentDate },
+      "versions":  { "2.0.0": { version: "2.0.0" } },
+    };
+    const result = NpmService.getLatestMatureVersion(packageInfo);
+    expect(result).toBeNull();
+  });
+
+  it("should skip versions without time data", () => {
+    expect.assertions(1);
+    const oldDate = getDaysAgoIso(15);
+    const packageInfo = {
+      "dist-tags": { latest: "2.0.0" },
+      "name":      "test-package",
+      "time":      { "1.0.0": oldDate },
+      "versions":  {
+        "1.0.0": { version: "1.0.0" },
+        "2.0.0": { version: "2.0.0" },
+      },
+    };
+    const result = NpmService.getLatestMatureVersion(packageInfo);
+    expect(result).toBe("1.0.0");
+  });
+
+  it("should sort versions correctly and return the latest", () => {
+    expect.assertions(1);
+    const oldDate = getDaysAgoIso(15);
+    const packageInfo = {
+      "dist-tags": { latest: "3.0.0" },
+      "name":      "test-package",
+      "time":      { "1.0.0": oldDate, "2.0.0": oldDate, "3.0.0": oldDate },
+      "versions":  {
+        "1.0.0": { version: "1.0.0" },
+        "2.0.0": { version: "2.0.0" },
+        "3.0.0": { version: "3.0.0" },
+      },
+    };
+    const result = NpmService.getLatestMatureVersion(packageInfo);
+    expect(result).toBe("3.0.0");
+  });
+
+  it("should use custom minimumAgeDays parameter", () => {
+    expect.assertions(1);
+    const fiveDaysAgo = getDaysAgoIso(5);
+    const packageInfo = {
+      "dist-tags": { latest: "2.0.0" },
+      "name":      "test-package",
+      "time":      { "2.0.0": fiveDaysAgo },
+      "versions":  { "2.0.0": { version: "2.0.0" } },
+    };
+    // Default is 10 days, so 5 days old should be null
+    const resultDefault = NpmService.getLatestMatureVersion(packageInfo);
+    expect(resultDefault).toBeNull();
+  });
+
+  it("should return mature version with custom minimumAgeDays", () => {
+    expect.assertions(1);
+    const fiveDaysAgo = getDaysAgoIso(5);
+    const packageInfo = {
+      "dist-tags": { latest: "2.0.0" },
+      "name":      "test-package",
+      "time":      { "2.0.0": fiveDaysAgo },
+      "versions":  { "2.0.0": { version: "2.0.0" } },
+    };
+    // With 3 days minimum, 5 days old should be valid
+    const resultCustom = NpmService.getLatestMatureVersion(packageInfo, 3);
+    expect(resultCustom).toBe("2.0.0");
+  });
 });