ncm-analyze-tree
Get certification data for a module's dependency tree, as it is on disk.
This process is optimized by trying to get all the necessary information from
a package-lock.json or yarn.lock file, and a full scan of node_modules/**
is only reverted to if no lock file exists.
Usage
Print certification data for this module's dependency tree:
console.log(`Analyzing ${pkgs.size} modules...`)
})
for (const pkg of data) {
console.log(`${pkg.name}@${pkg.version}`)
for (const path of pkg.paths) {
console.log(` ${path.map(pkg => `${pkg.data.name}@${pkg.data.version}`).join(' > ')}`)
}
}">const analyze = require('ncm-analyze-tree')
const data = await analyze({
dir: __dirname,
token: 'accounts token',
onPkgs: pkgs => console.log(`Analyzing ${pkgs.size} modules...`)
})
for (const pkg of data) {
console.log(`${pkg.name}@${pkg.version}`)
for (const path of pkg.paths) {
console.log(` ${path.map(pkg => `${pkg.data.name}@${pkg.data.version}`).join(' > ')}`)
}
}
const data = await analyze({
dir: __dirname,
token: 'accounts token',
onPkgs: pkgs => console.log(`Analyzing ${pkgs.size} modules...`)
})
for (const pkg of data) {
console.log(`${pkg.name}@${pkg.version}`)
for (const path of pkg.paths) {
console.log(` ${path.map(pkg => `${pkg.data.name}@${pkg.data.version}`).join(' > ')}`)
}
}
$ node example.js | head -n25
Analyzing 326 modules...
standard@11.0.1
eslint@4.18.2
standard@11.0.1
ajv@5.5.2
standard@11.0.1 > eslint@4.18.2
standard@11.0.1 > eslint@4.18.2 > table@4.0.2
co@4.6.0
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
fast-deep-equal@1.1.0
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
fast-json-stable-stringify@2.0.0
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
json-schema-traverse@0.3.1
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
babel-code-frame@6.26.0
standard@11.0.1 > eslint@4.18.2
chalk@1.1.3
standard@11.0.1 > eslint@4.18.2 > babel-code-frame@6.26.0
ansi-styles@2.2.1
standard@11.0.1 > eslint@4.18.2 > babel-code-frame@6.26.0 > chalk@1.1.3
escape-string-regexp@1.0.5
standard@11.0.1 > eslint@4.18.2 > babel-code-frame@6.26.0 > chalk@1.1.3
standard@11.0.1 > eslint@4.18.2 > chalk@2.4.1
Analyzing 326 modules...
standard@11.0.1
eslint@4.18.2
standard@11.0.1
ajv@5.5.2
standard@11.0.1 > eslint@4.18.2
standard@11.0.1 > eslint@4.18.2 > table@4.0.2
co@4.6.0
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
fast-deep-equal@1.1.0
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
fast-json-stable-stringify@2.0.0
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
json-schema-traverse@0.3.1
standard@11.0.1 > eslint@4.18.2 > ajv@5.5.2
babel-code-frame@6.26.0
standard@11.0.1 > eslint@4.18.2
chalk@1.1.3
standard@11.0.1 > eslint@4.18.2 > babel-code-frame@6.26.0
ansi-styles@2.2.1
standard@11.0.1 > eslint@4.18.2 > babel-code-frame@6.26.0 > chalk@1.1.3
escape-string-regexp@1.0.5
standard@11.0.1 > eslint@4.18.2 > babel-code-frame@6.26.0 > chalk@1.1.3
standard@11.0.1 > eslint@4.18.2 > chalk@2.4.1
The returned data is of this format:
{
name
version
score
paths[]
published
publishedAt
results {
severity
pass
name
test
value
}
vulnerabilities {
id,
title,
semver {
vulnerable
},
severity
}
}
Installation
$ npm install ncm-analyze-tree
API
analyze({ dir, token, onPkgs, filter, url })
dir: The node project's directorytoken: accounts tokenonPkgs: Called with aSetof package objects{ name, version }, once the tree has been readfilter: Called with everypkgobject, returnfalseto remove from analysisurl:ncm2-apiurl
License & copyright
Copyright (c) NodeSource.
Licensed under the MIT open source license, see the LICENSE file for details.