jsr-io · crowlKats · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/api/Cargo.toml b/api/Cargo.toml
@@ -74,14 +74,14 @@ opentelemetry = { version = "0.19", features = [
 ] }
 opentelemetry-otlp = "0.12"
 opentelemetry-gcloud-trace = "0.5.0"
-deno_semver = "0.8.0"
+deno_semver = "0.9.0"
 flate2 = "1"
 thiserror = "2"
 async-tar = "0.4.2"
-deno_graph = "0.97.0"
-deno_ast = { version = "0.48.0", features = ["view"] }
-deno_doc = { version = "=0.180.0", features = ["comrak"] }
-deno_error = "0.6.1"
+deno_graph = "=0.100.1"
+deno_ast = { version = "0.50.2", features = ["view"] }
+deno_doc = { version = "=0.183.0", features = ["comrak"] }
+deno_error = "0.7.0"
 comrak = { version = "0.29.0", default-features = false }
 ammonia = "4.0.0"
 async-trait = "0.1.73"

diff --git a/api/src/analysis.rs b/api/src/analysis.rs
@@ -165,6 +165,7 @@ async fn analyze_package_inner(
         module_info_cacher: Default::default(),
         unstable_bytes_imports: false,
         unstable_text_imports: false,
+        jsr_metadata_store: None,
       },
     )
     .await;
@@ -427,26 +428,25 @@ impl deno_graph::source::Resolver for JsrResolver {
     referrer_range: &deno_graph::Range,
     _kind: deno_graph::source::ResolutionKind,
   ) -> Result<ModuleSpecifier, deno_graph::source::ResolveError> {
-    if let Ok(package_ref) = JsrPackageReqReference::from_str(specifier_text) {
-      if self.member.name == package_ref.req().name
-        && self
-          .member
-          .version
-          .as_ref()
-          .map(|v| package_ref.req().version_req.matches(v))
-          .unwrap_or(true)
-      {
-        let export_name = package_ref.sub_path().unwrap_or(".");
-        let Some(export) = self.member.exports.get(export_name) else {
-          return Err(deno_graph::source::ResolveError::Other(
-            JsErrorBox::generic(format!(
-              "export '{}' not found in jsr:{}",
-              export_name, self.member.name
-            )),
-          ));
-        };
-        return Ok(self.member.base.join(export).unwrap());
-      }
+    if let Ok(package_ref) = JsrPackageReqReference::from_str(specifier_text)
+      && self.member.name == package_ref.req().name
+      && self
+        .member
+        .version
+        .as_ref()
+        .map(|v| package_ref.req().version_req.matches(v))
+        .unwrap_or(true)
+    {
+      let export_name = package_ref.sub_path().unwrap_or(".");
+      let Some(export) = self.member.exports.get(export_name) else {
+        return Err(deno_graph::source::ResolveError::Other(
+          JsErrorBox::generic(format!(
+            "export '{}' not found in jsr:{}",
+            export_name, self.member.name
+          )),
+        ));
+      };
+      return Ok(self.member.base.join(export).unwrap());
     }
 
     Ok(deno_graph::resolve_import(
@@ -598,6 +598,7 @@ async fn rebuild_npm_tarball_inner(
         module_info_cacher: Default::default(),
         unstable_bytes_imports: false,
         unstable_text_imports: false,
+        jsr_metadata_store: None,
       },
     )
     .await;

diff --git a/api/src/api/errors.rs b/api/src/api/errors.rs
@@ -256,13 +256,13 @@ errors!(
 );
 
 pub fn map_unique_violation(err: sqlx::Error, new_err: ApiError) -> ApiError {
-  if let Some(db_err) = err.as_database_error() {
-    if let Some(code) = db_err.code() {
-      // Code 23505 is unique_violation.
-      // See https://www.postgresql.org/docs/13/errcodes-appendix.html
-      if code == "23505" {
-        return new_err;
-      }
+  if let Some(db_err) = err.as_database_error()
+    && let Some(code) = db_err.code()
+  {
+    // Code 23505 is unique_violation.
+    // See https://www.postgresql.org/docs/13/errcodes-appendix.html
+    if code == "23505" {
+      return new_err;
     }
   }
   err.into()

diff --git a/api/src/api/package.rs b/api/src/api/package.rs
@@ -775,13 +775,13 @@ pub async fn version_publish_handler(
 
   // If there is a content-length header, check it isn't too big.
   // We don't rely on this, we will also check MAX_PAYLOAD_SIZE later.
-  if let Some(size) = req.body().size_hint().upper() {
-    if size > MAX_PUBLISH_TARBALL_SIZE {
-      return Err(ApiError::TarballSizeLimitExceeded {
-        size,
-        max_size: MAX_PUBLISH_TARBALL_SIZE,
-      });
-    }
+  if let Some(size) = req.body().size_hint().upper()
+    && size > MAX_PUBLISH_TARBALL_SIZE
+  {
+    return Err(ApiError::TarballSizeLimitExceeded {
+      size,
+      max_size: MAX_PUBLISH_TARBALL_SIZE,
+    });
   }
 
   // Ensure the upload is gzip encoded.
@@ -869,14 +869,14 @@ pub async fn version_publish_handler(
 
   let hash = hash.lock().unwrap().take().unwrap().finalize();
   let hash = format!("sha256-{:02x}", hash);
-  if let Some(tarball_hash) = access_restriction.tarball_hash {
-    if tarball_hash != hash {
-      error!(
-        "Tarball hash mismatch: expected {}, got {}",
-        tarball_hash, hash
-      );
-      return Err(ApiError::MissingPermission);
-    }
+  if let Some(tarball_hash) = access_restriction.tarball_hash
+    && tarball_hash != hash
+  {
+    error!(
+      "Tarball hash mismatch: expected {}, got {}",
+      tarball_hash, hash
+    );
+    return Err(ApiError::MissingPermission);
   }
 
   // If the upload failed due to the size limit, we can cancel the task.
@@ -1830,23 +1830,23 @@ impl DepTreeLoader {
             return Ok(None);
           };
 
-          if version.is_none() {
-            if let Some(captures) = JSR_DEP_META_RE.captures(path.as_str()) {
-              let version = captures.name("version").unwrap();
-              let meta =
-                serde_json::from_slice::<VersionMetadata>(&bytes).unwrap();
-
-              let mut lock = exports.lock().await;
-              lock.insert(
-                format!(
-                  "@{}/{}@{}",
-                  scope.as_str(),
-                  package.as_str(),
-                  version.as_str()
-                ),
-                meta.exports,
-              );
-            }
+          if version.is_none()
+            && let Some(captures) = JSR_DEP_META_RE.captures(path.as_str())
+          {
+            let version = captures.name("version").unwrap();
+            let meta =
+              serde_json::from_slice::<VersionMetadata>(&bytes).unwrap();
+
+            let mut lock = exports.lock().await;
+            lock.insert(
+              format!(
+                "@{}/{}@{}",
+                scope.as_str(),
+                package.as_str(),
+                version.as_str()
+              ),
+              meta.exports,
+            );
           }
 
           Ok(Some(deno_graph::source::LoadResponse::Module {
@@ -2005,6 +2005,7 @@ async fn analyze_deps_tree(
         module_info_cacher: Default::default(),
         unstable_bytes_imports: false,
         unstable_text_imports: false,
+        jsr_metadata_store: None,
       },
     )
     .await;
@@ -2158,22 +2159,21 @@ impl<'a> GraphDependencyCollector<'a> {
       let mut children = IndexSet::new();
       match module {
         Module::Js(module) => {
-          if let Some(types_dep) = &module.maybe_types_dependency {
-            if let Some(child) = self.build_resolved_info(&types_dep.dependency)
-            {
-              children.insert(child);
-            }
+          if let Some(types_dep) = &module.maybe_types_dependency
+            && let Some(child) = self.build_resolved_info(&types_dep.dependency)
+          {
+            children.insert(child);
           }
           for dep in module.dependencies.values() {
-            if !dep.maybe_code.is_none() {
-              if let Some(child) = self.build_resolved_info(&dep.maybe_code) {
-                children.insert(child);
-              }
+            if !dep.maybe_code.is_none()
+              && let Some(child) = self.build_resolved_info(&dep.maybe_code)
+            {
+              children.insert(child);
             }
-            if !dep.maybe_type.is_none() {
-              if let Some(child) = self.build_resolved_info(&dep.maybe_type) {
-                children.insert(child);
-              }
+            if !dep.maybe_type.is_none()
+              && let Some(child) = self.build_resolved_info(&dep.maybe_type)
+            {
+              children.insert(child);
             }
           }
         }

diff --git a/api/src/api/self_user.rs b/api/src/api/self_user.rs
@@ -209,12 +209,12 @@ async fn create_token(
     });
   }
 
-  if let Some(permissions) = permissions.as_ref() {
-    if permissions.0.len() != 1 {
-      return Err(ApiError::MalformedRequest {
-        msg: "permissions must contain exactly one element".into(),
-      });
-    }
+  if let Some(permissions) = permissions.as_ref()
+    && permissions.0.len() != 1
+  {
+    return Err(ApiError::MalformedRequest {
+      msg: "permissions must contain exactly one element".into(),
+    });
   }
 
   let iam = req.iam();

diff --git a/api/src/api/tickets.rs b/api/src/api/tickets.rs
@@ -126,27 +126,27 @@ pub async fn post_message_handler(
     .await?;
 
   // only send email to ticket creator if the message was not sent by ticket creator
-  if creator.id != message_author.id {
-    if let Some(email) = &creator.email {
-      let email_sender = req.data::<Option<EmailSender>>().unwrap();
-      let registry_url = req.data::<RegistryUrl>().unwrap();
-      if let Some(email_sender) = email_sender {
-        let email_args = EmailArgs::SupportTicketMessage {
-          ticket_id: Cow::Owned(ticket.id.to_string()),
-          name: Cow::Owned(creator.name),
-          content: Cow::Borrowed(&message.message),
-          registry_url: Cow::Borrowed(registry_url.0.as_str()),
-          registry_name: Cow::Borrowed(&email_sender.from_name),
-          support_email: Cow::Borrowed(&email_sender.from),
-        };
-        email_sender
-          .send(email.clone(), email_args)
-          .await
-          .map_err(|e| {
-            tracing::error!("failed to send email: {:?}", e);
-            ApiError::InternalServerError
-          })?;
-      }
+  if creator.id != message_author.id
+    && let Some(email) = &creator.email
+  {
+    let email_sender = req.data::<Option<EmailSender>>().unwrap();
+    let registry_url = req.data::<RegistryUrl>().unwrap();
+    if let Some(email_sender) = email_sender {
+      let email_args = EmailArgs::SupportTicketMessage {
+        ticket_id: Cow::Owned(ticket.id.to_string()),
+        name: Cow::Owned(creator.name),
+        content: Cow::Borrowed(&message.message),
+        registry_url: Cow::Borrowed(registry_url.0.as_str()),
+        registry_name: Cow::Borrowed(&email_sender.from_name),
+        support_email: Cow::Borrowed(&email_sender.from),
+      };
+      email_sender
+        .send(email.clone(), email_args)
+        .await
+        .map_err(|e| {
+          tracing::error!("failed to send email: {:?}", e);
+          ApiError::InternalServerError
+        })?;
     }
   }
 

diff --git a/api/src/db/database.rs b/api/src/db/database.rs
@@ -556,10 +556,10 @@ impl Database {
     let package = match res {
       Ok(package) => package,
       Err(err) => {
-        if let Some(dberr) = err.as_database_error() {
-          if dberr.is_unique_violation() {
-            return Ok(CreatePackageResult::AlreadyExists);
-          }
+        if let Some(dberr) = err.as_database_error()
+          && dberr.is_unique_violation()
+        {
+          return Ok(CreatePackageResult::AlreadyExists);
         }
         return Err(err);
       }
@@ -2722,10 +2722,10 @@ impl Database {
         Ok(success)
       }
       Err(err) => {
-        if let Some(dberr) = err.as_database_error() {
-          if dberr.is_foreign_key_violation() {
-            return Ok(false);
-          }
+        if let Some(dberr) = err.as_database_error()
+          && dberr.is_foreign_key_violation()
+        {
+          return Ok(false);
         }
         Err(err)
       }
@@ -2773,10 +2773,10 @@ impl Database {
         Ok(success)
       }
       Err(err) => {
-        if let Some(dberr) = err.as_database_error() {
-          if dberr.is_foreign_key_violation() {
-            return Ok(false);
-          }
+        if let Some(dberr) = err.as_database_error()
+          && dberr.is_foreign_key_violation()
+        {
+          return Ok(false);
         }
         Err(err)
       }
@@ -2887,12 +2887,11 @@ impl Database {
       return Ok(ScopeMemberUpdateResult::TargetNotMember);
     };
 
-    if !scope_member.is_admin {
-      if let Some(result) =
+    if !scope_member.is_admin
+      && let Some(result) =
         self.transfer_scope(scope, is_creator, &mut tx).await?
-      {
-        return Ok(result);
-      }
+    {
+      return Ok(result);
     }
 
     tx.commit().await?;
@@ -3592,10 +3591,10 @@ impl Database {
       .fetch_optional(&mut *tx)
       .await?;
 
-    if let Some(authorization) = &maybe_authorization {
-      if authorization.user_id.is_some() {
-        tx.commit().await?;
-      }
+    if let Some(authorization) = &maybe_authorization
+      && authorization.user_id.is_some()
+    {
+      tx.commit().await?;
     }
 
     Ok(maybe_authorization)