refactor!: migrate to TypeScript and enhance API

.github/workflows/codeql.yml

@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout repository
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+        uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+        uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+        uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/node.js.yml

@@ -17,13 +17,13 @@ jobs:
       fail-fast: false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies

.github/workflows/scorecard.yml

@@ -32,17 +32,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: "Checkout code"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,14 +64,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:
           sarif_file: results.sarif

.gitignore

@@ -58,3 +58,4 @@ typings/
 .env
 
 temp/
+dist/

README.md

@@ -5,8 +5,6 @@
 [![OpenSSF
 Scorecard](https://api.securityscorecards.dev/projects/github.com/NodeSecure/gitlab/badge?style=for-the-badge)](https://api.securityscorecards.dev/projects/github.com/NodeSecure/gitlab)
 ![MIT](https://img.shields.io/github/license/NodeSecure/gitlab.svg?style=for-the-badge)
-![size](https://img.shields.io/github/repo-size/NodeSecure/gitlab?style=for-the-badge)
-![known vulnerabilities](https://img.shields.io/snyk/vulnerabilities/github/NodeSecure/gitlab?style=for-the-badge)
 ![build](https://img.shields.io/github/actions/workflow/status/NodeSecure/gitlab/node.js.yml?style=for-the-badge)
 
 Download and (optionaly) extract gitlab repository archive.
@@ -58,16 +56,11 @@ export interface DownloadOptions {
    * @default process.env.GITLAB_TOKEN
    */
   token?: string;
-}
-
-export type ExtractOptions = DownloadOptions & {
   /**
-   * Remove the tar.gz archive after a succesfull extraction
-   *
-   * @default true
+   * @default https://gitlab.com/api/v4/projects/
    */
-  removeArchive?: boolean;
-};
+  gitlab?: string;
+}
 
 export interface DownloadResult {
   /** Archive or repository location on disk */
@@ -80,20 +73,24 @@ export interface DownloadResult {
   branch: string;
 }
 
-export function download(repo: string, options?: DownloadOptions): Promise<DownloadResult>;
-export function downloadAndExtract(repo: string, options?: ExtractOptions): Promise<DownloadResult>;
-export function setToken(gitlabToken: string): void;
-export function setUrl(gitlabUrl: string | URL): void;
-```
-
-### Private repositories
-
-To work with private repositories you can either setup a `GITLAB_TOKEN` system variable or use `setToken` method:
+export function download(
+  repo: string,
+  options?: DownloadOptions
+): Promise<DownloadResult>;
 
-```js
-import * as gitlab from "@nodesecure/gitlab";
+export interface DownloadExtractOptions extends DownloadOptions {
+  /**
+   * Remove the tar.gz archive after a succesfull extraction
+   *
+   * @default true
+   */
+  removeArchive?: boolean;
+}
 
-gitlab.setToken("...");
+export function downloadAndExtract(
+  repo: string,
+  options?: DownloadExtractOptions
+): Promise<DownloadResult>;
 ```
 
 ### Custom gitlab URL

eslint.config.mjs

@@ -0,0 +1,3 @@
+import { typescriptConfig } from "@openally/config.eslint";
+
+export default typescriptConfig();

package.json

@@ -2,11 +2,14 @@
   "name": "@nodesecure/gitlab",
   "version": "1.1.0",
   "description": "Download and extract gitlab repository",
-  "exports": "./index.js",
+  "exports": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "type": "module",
   "scripts": {
-    "prepublishOnly": "pkg-ok",
-    "test": "node -r dotenv --test",
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "lint": "eslint src",
+    "test": "glob -c \"tsx --test\" \"./test/**/*.spec.ts\"",
     "coverage": "c8 -r html npm test"
   },
   "repository": {
@@ -18,9 +21,7 @@
     "gitlab"
   ],
   "files": [
-    "index.js",
-    "index.d.ts",
-    "src"
+    "dist"
   ],
   "author": "GENTILHOMME Thomas <[email protected]>",
   "license": "MIT",
@@ -33,12 +34,14 @@
     "tar-fs": "^3.0.6"
   },
   "devDependencies": {
-    "@nodesecure/eslint-config": "^1.9.0",
+    "@openally/config.eslint": "^1.0.0",
+    "@openally/config.typescript": "^1.0.3",
     "@slimio/is": "^2.0.0",
+    "@types/node": "^22.3.0",
+    "@types/tar-fs": "^2.0.4",
     "c8": "^10.1.2",
-    "dotenv": "^16.4.5",
-    "eslint": "^9.2.0",
-    "pkg-ok": "^3.0.0"
+    "tsx": "^4.17.0",
+    "typescript": "^5.5.4"
   },
   "engines": {
     "node": ">=18"