feat: author track record signal

[huang-benny]

This PR adds a new quality signal that tracks the number of packages published by a package's primary maintainer on NPM.

Changes

• Fetches the total number of packages maintained by the first listed maintainer
• Uses NPM search API with maintainer: filter for results
• Returns undefined if maintainer information is unavailable
• Added fetchAuthorPackageCount() method to NpmCollector class

Scoring

• 20+ libraries: 5 stars
• 11+ libraries: 4 stars
• 5+ libraries: 3 stars
• 2+ libraries: 2 stars
• 1 library: 1 star

Example CLI Input and Output:

./bin/cdk-construct-analyzer cdktf --verbose                

LIBRARY: cdktf
VERSION: 0.21.0

OVERALL SCORE: 79/100

---

SUBSCORES
  MAINTENANCE :           45/100
  QUALITY     :           91/100
  POPULARITY  :          100/100

---

=== MAINTENANCE ===                                   SCORE  WEIGHT
— Time To First Response ............................ ★★★★☆    3
— Release Frequency ................................. ★★☆☆☆    3
— Provenance Verification ........................... ★☆☆☆☆    3
— Number Of Contributors (Maintenance) .............. ★★★★★    2

=== QUALITY ===                                       SCORE  WEIGHT
— Documentation Completeness ........................ ★★★★★    3
— Tests Checklist ................................... ★★★★★    3
— Author Track Record ............................... ★★★★★    3
— Stable Versioning ................................. ★★★☆☆    2

=== POPULARITY ===                                    SCORE  WEIGHT
— Weekly Downloads .................................. ★★★★★    3
— Github Stars ...................................... ★★★★★    2
— Number Of Contributors (Popularity) ............... ★★★★★    1

[kaizencc]

nit: its confusing why you are adding more than 'author track record' to the readme. i assume this is because you forgot to for some other signals and now are reading, but its not good to force the reviewer to make assumption

[huang-benny]

Do you want me to remove this and make a separate PR for this or write about why I added this in the PR description?

[kaizencc]

why first? is it guaranteed that npm returns the same order each time? how do they order it?

i would expect something like this is more robust:

• pick the "best" maintainer for the score.
• pick the "average" score of all maintainers.
• accumulate the package count for each maintainer

[huang-benny]

picked best maintainer

[kaizencc]

this (and your other fetch calls) are ugly. in a separate PR, see if you can refactor and "build" these endpoints in a helper function so you don't have string concatenation as part of the main fetchAuthorPackageCount function

[kaizencc]

track record doesn't make sense to me. the number you are returning is package count, not track record. i can see how it would correlate, but calling the number track record is confusing.

[huang-benny]

updated to package count