ncm-analyze-tree
v4.0.0
Published
Get certification data for a module's dependency tree
Downloads
13
Readme
ncm-analyze-tree
Get certification data for a module's dependency tree, as it is on disk.
This process is optimized by trying to get all the necessary information from
a package-lock.json
or yarn.lock
file, and a full scan of node_modules/**
is only reverted to if no lock file exists.
Usage
Print certification data for this module's dependency tree:
const analyze = require('ncm-analyze-tree')
const data = await analyze({
dir: __dirname,
token: 'accounts token',
onPkgs: pkgs => console.log(`Analyzing ${pkgs.size} modules...`)
})
for (const pkg of data) {
console.log(`${pkg.name}@${pkg.version}`)
for (const path of pkg.paths) {
console.log(` ${path.map(pkg => `${pkg.data.name}@${pkg.data.version}`).join(' > ')}`)
}
}
$ node example.js | head -n25
Analyzing 326 modules...
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] > [email protected]
[email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected] > [email protected]
[email protected]
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected]
The returned data is of this format:
{
name
version
score
paths[]
published
publishedAt
results {
severity
pass
name
test
value
}
vulnerabilities {
id,
title,
semver {
vulnerable
},
severity
}
}
Installation
$ npm install ncm-analyze-tree
API
analyze({ dir, token, onPkgs, filter, url })
dir
: The node project's directorytoken
: accounts tokenonPkgs
: Called with aSet
of package objects{ name, version }
, once the tree has been readfilter
: Called with everypkg
object, returnfalse
to remove from analysisurl
:ncm2-api
url
License & copyright
Copyright © NodeSource.
Licensed under the MIT open source license, see the LICENSE file for details.