Thursday, 24 March 2016

Bash to audit your npm dependencies

With the issues surrounding npm today, I thought it would be interesting to write a bash one liner to see how many stars on github each dependency in my project's dependency tree has. The bash is below, it's only real dependencies are curl and npm. A word of warning, it does take quite sometime to run especially if you have lots of dependencies.


npm ls | grep -oP "\w[^@]+@" | sed s/@// | sort |uniq |  awk '{print "npm view " $1 " repository.url"}' | sh | grep -oP "github(\w|\W)+\.git" | sed 's/.git//g' | sed 's/.com/.com\/repos/g' | awk '{print "curl -s \"https://api."$1"\" | grep -P \"(stargazers_count|full_name)\" "}' | sh
 

Gist: https://gist.github.com/ShaneQful/aa265f9ef87449b945b1


In regards to my opinion on the situation, the behavior of some of the individuals was clearly childish at best and everyone who was stung by the situation should be a little more careful about their dependencies.

No comments:

Post a Comment