Fix silent truncation of large npm metadata responses

ReadMetadata used io.LimitReader which silently truncated responses at
the size limit. For packages like drizzle-orm (~92MB metadata), this
produced invalid JSON that was served to clients.

Now returns ErrMetadataTooLarge when the limit is exceeded, and bumps
the limit from 50MB to 100MB.

Fixes #78

Author: andrew

internal/handler/handler.go

@@ -4,6 +4,7 @@ package handler
 import (
 	"context"
 	"database/sql"
+	"errors"
 	"fmt"
 	"io"
 	"log/slog"
@@ -32,15 +33,26 @@ func containsPathTraversal(path string) bool {
 
 const defaultHTTPTimeout = 30 * time.Second
 
-// maxMetadataSize is the maximum size of upstream metadata responses (50 MB).
+// maxMetadataSize is the maximum size of upstream metadata responses (100 MB).
 // Package metadata (e.g. npm with many versions) can be large, but unbounded
 // reads risk OOM if an upstream misbehaves.
-const maxMetadataSize = 50 << 20
+const maxMetadataSize = 100 << 20
+
+// ErrMetadataTooLarge is returned when upstream metadata exceeds maxMetadataSize.
+var ErrMetadataTooLarge = errors.New("metadata response exceeds size limit")
 
 // ReadMetadata reads an upstream response body with a size limit to prevent OOM
-// from unexpectedly large responses.
+// from unexpectedly large responses. Returns ErrMetadataTooLarge if the response
+// is truncated by the limit.
 func ReadMetadata(r io.Reader) ([]byte, error) {
-	return io.ReadAll(io.LimitReader(r, maxMetadataSize))
+	data, err := io.ReadAll(io.LimitReader(r, maxMetadataSize+1))
+	if err != nil {
+		return nil, err
+	}
+	if int64(len(data)) > maxMetadataSize {
+		return nil, ErrMetadataTooLarge
+	}
+	return data, nil
 }
 
 // Proxy provides shared functionality for protocol handlers.

internal/handler/read_metadata_test.go

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"bytes"
+	"errors"
 	"testing"
 )
 
@@ -17,9 +18,8 @@ func TestReadMetadata(t *testing.T) {
 		}
 	})
 
-	t.Run("truncates at limit", func(t *testing.T) {
-		// Create a reader slightly larger than maxMetadataSize
-		data := make([]byte, maxMetadataSize+100)
+	t.Run("exactly at limit", func(t *testing.T) {
+		data := make([]byte, maxMetadataSize)
 		for i := range data {
 			data[i] = 'x'
 		}
@@ -31,4 +31,15 @@ func TestReadMetadata(t *testing.T) {
 			t.Errorf("got length %d, want %d", len(got), maxMetadataSize)
 		}
 	})
+
+	t.Run("over limit returns error", func(t *testing.T) {
+		data := make([]byte, maxMetadataSize+100)
+		for i := range data {
+			data[i] = 'x'
+		}
+		_, err := ReadMetadata(bytes.NewReader(data))
+		if !errors.Is(err, ErrMetadataTooLarge) {
+			t.Errorf("got error %v, want ErrMetadataTooLarge", err)
+		}
+	})
 }