npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

eslint-plugin-tech-radar

v2.0.0

Published

An eslint plugin to encourage adherence to an organisational tech radar

Downloads

35

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cressie176cressie176

Keywords

eslintplugindependenciesdependencylistradartech radartech-radarallowallowedwhitelistdisallowdisallowedforbidforbiddenblacklist

Readme

eslint-plugin-tech-radar

NPM version Node.js CI Code Climate Test Coverage Discover zUnit

A Tech Radar unfortunately doesn't prevent engineers installing modules they shouldn't. As Jeff Bezos says, "Good intentions don't work, good mechanisms do". One not very good mechanism is to use a private npm repository, but this blocks both direct and transitive dependencies, making it impractical. Another is to scan repositories looking for violations, but this is too late.

Instead, the approach taken by this module is to write a custom eslint plugin for validating the dependencies listed in package.json. The rules can be defined in a shared configuration, and just like eslint, run automatically on pre-commit/pre-push hooks and as part of a CI/CD pipeline. You also have a familiar escape hatch, should teams need to downgrade, ignore or reconfigure rules on a repository by repository basis. Better yet, changes to the rules can be accompanied by healthy and documentent discussion in the form of issues and/or pull requests.

A snag with this approach is that the local install of the shared configuration must always be up-to-date. For this reason, eslint-plugin-tech-radar also includes a latest rule for ensuring that the latest published version of a module is installed. Prime this with the name of your shared configuration module, and the linter will fail if a more recent version of the lint rules are available.

Another snag is that a pre-commit hook is still too late to prevent undesirable dependencies from being installed. You can work around this by running eslint from an npm dependencies script.

Instructions

  1. Build a Tech Radar for your node dependences. e.g.

    name,ring,quadrant,isNew,description
prisma,hold,backend,FALSE,Persistence
winston,hold,backend,FALSE,Logging
bunyan,hold,backend,FALSE,Logging
@pgtyped/query,assess,TRUE,Persistence
orchid-orm,trial,backend,FALSE,Persistence
pino,adopt,backend,FALSE,Logging
sequelize,adopt,backend,FALSE,Persistence

  2. Export the Tech Radar to JSON rule configuration.

    npx --package=eslint-plugin-tech-radar -- export-tech-radar \
  --input radar.csv \
  --documentation https://github.com/your-organisation/tech-radar \
  --output radar.json

  3. Create a shared configuration similar to this example. Export the Tech Radar json file and eslint configuration from the module to make it easier to ignore specific dependencies in the repositories that use it.

  4. Include the shared configuration in your application's eslint rules as per this example.

Rules

tech-radar/adherence

Reports packages that that do not adhere to the Tech Radar

"tech-radar/adherence": [
  "error",
  {
    "hold": [
      "prisma",
      "winston",
      "bunyan"
    ],
    "assess": [
      "@pgtyped/query"
    ],
    "trial": [
      "orchid-orm"
    ],
    "adopt": [
      "pino",
      "sequelize"
    ],
    "ignore": [
     ],
    "documentation": "https://github.com/your-organisation/tech-radar"
  }
]

The linter will fail if package.json includes a dependency that is on hold or under assessment. Use the ignore array to suppress errors about a dependency without removing it from hold or access. Works with production, development, peer and optional dependencies.

> eslint .

~/your-application/package.json
  1:1  error  Package 'slonik' is not on the tech radar. See https://github.com/your-organisation/tech-radar for more details  tech-radar/adherence
  1:1  error  Package 'prisma' is discouraged. See https://github.com/your-organisation/tech-radar for more details            tech-radar/adherence

✖ 2 problems (2 errors, 0 warnings)

tech-radar/latest

Reports packages that are behind the latest version.

"tech-radar/latest": [
  "error",
  {
    "packages": [
      "eslint-config-your-organisation"
    ]
  }
]

Works with production, development, peer and optional dependencies (if installed). Ignores dependencies that are specificed by url.

> eslint .

~/your-application/package.json
  1:1  error  Package 'eslint-config-your-organisation' must be version 1.0.2.  tech-radar/latest

✖ 1 problem (1 error, 0 warnings)

Exporting Tech Radars

As mentioned in the instructions, we provide a script for exporting Tech Radar csv files. This usage for this script is as follows...

Usage: npx --package eslint-plugin-tech-radar -- export-tech-radar [options]

Options:
  -i, --input <path>          Specify the path to the input file (optional)
  -d, --documentation <url>   Specify the documentation url (mandatory)
  -q, --quadrant <string>     Specify the quadrant used for dependencies (optional)
  -o, --output <path>         Specify the path to the output file (optional)

Examples:
  cat radar.csv | npx --package eslint-plugin-tech-radar -- export-tech-radar \
    --documentation https://github.com/your-organisation/tech-radar \
    --quadrant dependencies \
  > radar.json

  npx --package eslint-plugin-tech-radar -- export-tech-radar \
    --input radar.csv \
    --documentation https://github.com/your-organisation/tech-radar \
    --quadrant dependencies \
    --output radar.json

If an input file is not specified the script will read from stdin. If an output file is not specified the script will write to stdout. If a quadrant is specified, the script will only include entries for that quadrant.

Acknowledgements

eslint-plugin-tech-radar was inspired by eslint-plugin-package-json-dependencies