npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

winnow-test

v1.0.7

Published

CLI tool for wrangling hiring code tests and assessing candidates

Downloads

6

Readme

Coding aptitude tests done right

Winnow is small commandline utility that allows you to quickly send codetests and check the validity of the answers using only an applicants email address. It also keeps track of who you've sent tests to in a local database to help manage large numbers of tests and candidates so that you pick the programmer who is actually best suited for your job. It's all too easy to project personal bias into the tech hiring process, so why not try to go out of your way to be more fair from the get go and get your hands on some code before making a judgement call?

Programmers should be in charge of hiring programmers

If you automate the code testing process and make it painless for someone to track as part of their regular job, I genuinely believe it will be easier to hire a quality candidate who fits your organizations technical abilities.

Installation

git clone https://github.com/jabyrd3/winnow
cd winnow
npm install

THEN:

  • You'll need to edit config.js.sample.
  • You'll have to register a personal API access token with github in order to use it. Make sure to give that token permissions to modify/create/delete repos in the github UI.
  • In the google api credentials dashboard you'll need to follow the wizard to get a client_id.json file for winnow to authenticate to send mail on your behalf. copy that client_id.json into the winnow directory.

THEN:

node gmail_auth.js # follow the instructions after this command
node winnow

Tech

Vorpal is the main driver of the current interface. Internally it uses a single-table sqlite database to keep track of your issued tests. Git integration is a mix of https calls and Nodegit, tests are run with jsdom. Obfuscation is a simple uglify-js call.

Data

To export your data simply navigate to the winnow directory on your machine and copy out winnow.data. It's a non-encrypted sqlite database built via sqlite3.

Usage

node winnow

The winnow command opens an interactive shell-like environment via vorpal. From there, you can send code tests, view your sent tests, and check results from individual candidates.

Writing your own tests

For your own tests to work, you need to add a couple pieces of boilerplate. You can see it in action here. There are a couple things to keep in mind when writing a code test for rover:

  • If you look at engine.js in that link, you can see the first 5 lines act as a stub to create a window object, if one doesn't exist. This is weird, but it was the only decent way for me to get a handle on the environment via jsdom.
  • To get the automatic correctness checking working, you need to call window.doneTrigger, which is a function bolts onto the global namespace when it's running the test. Right now, the only thing this does is check that the 2 values passed are equal. If the 2 values passed to doneTrigger are equal, winnow views it as a pass, otherwise it marks down that they failed.
  • Because the candidate gets a copy of the engine.js file, it'd be trivial to see the successWorld variable and work backwards to get that answer, or even hack around the test entirely. In sample.config.js, you'll notice there's an array called 'obfuscate'. This minifies any files provided to make reverse engineering the test a little bit more difficult (still not impossible, but i'd argue if if a candidate reverse engineers your code test you should probably hire them on the spot).

Available commands

(these are under heavy development; to see better documentation just type 'help' into the winnow shell)

send <email> <tag> - clones a repo from config.js, removes any git data, and pushes it up to a new repo using the credentials from config.js, sends an email to the <email> arg with a link to the codetest, and marks down the tag/email/github url of the testee in db.

list - lists all the testees in the db. tag: email @ https://github.com/yoururl/generated-test

check <tag> - downloads the test repo, runs the code, fires window.doneTrigger and checks for equality of end state an answer provided by the test.

check:pr <tag> - merges teh candidates PR into master, downloads the target repository, runs the users code, and fires a simple equality test (for now), against 2 objects to test if the testee solved the problem.

complexity <tag> - runs code complexity analysis (looking for cyclomatic complexity and maintainability) against the submission. This command kicks out the full output.

details:complexity <tag> - details about saved complexity report, formatted to be a bit nicer than the raw JSON.

clean <tag> - use this to remove a candidates repo (their fork persists) and record in the database

clean:tmp - removes the tmp directory in case something breaks. If you ever need to use this please file an issue

clean:repos - deletes all winnow repos from your github account, this is non-recoverable.

clean:db - clears entire testee db. this is non-recoverable.

Todo

  • [ ] fix callback hell in individual commands.
  • [ ] add more complicated testing capabilites.
  • [ ] fuzzy search list
  • [ ] filter / sort list
  • [ ] delete via regex/glob
  • [ ] package for npm
  • [ ] multiple code tests
  • [ ] named code tests (ie: send [email protected] )
  • [ ] fancier config?
  • [ ] interactive setup
  • [ ] interactive goog auth process
  • [ ] repo status per test, ie: # of commits since init, # of active pull requests.
  • [ ] auto run complexity after submission success
  • [x] enforce unique tagname, tagname is required.
  • [x] delete single items by tagname
  • [x] save test results
  • [x] tab complete (tags, specifically)
  • [x] table view for list
  • [x] keep user from breaking stuff too badly
  • [x] manage repos to keep from cluttering up the users github profile too badly
  • [x] tag repos in github for ease of deletion
  • [x] check out pr instead of actual HEAD on code check
  • [x] modularize code (commands dir)
  • [x] check current master branch (don't need a PR to run test)
  • [x] analyze complexity of submission