Gathering detailed insights and metrics for @prototyp-stockholm/contentful-migrator-programme
Gathering detailed insights and metrics for @prototyp-stockholm/contentful-migrator-programme
Tool to manage and keep track of contentful migrations.
Installations
npm install @prototyp-stockholm/contentful-migrator-programmeDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
18.16.0
NPM Version
9.5.1
Releases
12
Languages
2
JavaScript
Mustache
JavaScript (99.75%)
Mustache (0.25%)
Developer
prototypsthlm
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
11 Stars
171 Commits
4 Watchers
12 Branches
27 Contributors
Updated on Apr 11, 2025
Maintainers
4
Package Meta Information
Latest Version
0.5.3
Package Id
@prototyp-stockholm/contentful-migrator-programme@0.5.3
Unpacked Size
58.38 kB
Size
16.22 kB
File Count
40
NPM Version
9.5.1
Node Version
18.16.0
Published on
Apr 11, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Contentful Migrator Programme
Tool to manage Contentful migrations
Setup
Install package
1npm i --save @prototyp-stockholm/contentful-migrator-programme
Prepare a Contentful space
Get an API Key for migrations (CTF_CMA_TOKEN) under Settings -> API Keys -> Content management tokens in your Contentful space.
Create an environment under Settings -> Environments.
Create a configuration file
Create a .env file in your project root and add these variables:
Required variables
1CTF_SPACE_ID=<SECRET> # The Contentful space id 2CTF_ENVIRONMENT_ID=<SECRET> # The name of the Contentful environment 3CTF_CMA_TOKEN=<SECRET> # The Content Management API token
Optional variables
1MIGRATIONS_DIR=migrations # A relative path to the directory where CMP will store migration script files 2APPLIED_MIGRATIONS_TYPE_ID=appliedMigrations # The content type id used to store applied migration entries 3MAX_NUMBER_OF_ALIASES=1 # The number of allowed aliases in this Contentful space 4MAX_NUMBER_OF_ENVIRONMENTS=4 # The number of allowed environments in this Contentful space 5NUMBER_OF_RETRIES_WHEN_CREATING_ENVIRONMENT=10 # Number of retries when creating an environment
Usage
An example migration with up and down functions:
1module.exports.up = (migration, context) => { 2 const dog = migration.createContentType('dog').name('Dog').displayField('name') 3 dog.createField('name').type('Symbol').name('Name') 4} 5 6module.exports.down = (migration, context) => { 7 // Note: If you already have content with type dog you'll have to remove all dog entries, before removing the dog type 8 migration.deleteContentType('dog') 9}
If you did not install the package globally you'll have to prepend node_modules/.bin/ to the cmp command.
Otherwise, you can add the cmp command in the scripts section of the project package.json.
Then you can use it like so: npm run cmp.
1{ 2 "scripts": { 3 "cmp": "cmp" 4 } 5}
Read more on migration syntax on https://github.com/contentful/contentful-migration
Available commands
cmp generate <migrationName>
Generates a migration with the given name and a timestamp prepended ex: YYYYMMDDhhmmssxxx-add-user-type.js.
cmp migrate
Applies all up operations of the non applied migrations to the CTF_ENVIRONMENT_ID set in the .env file
cmp rollback
Applies the down operations (i.e rolls back ) of the latest migration batch
cmp aux:create <name?>
Creates an aux environment based on CTF_ENVIRONMENT_ID. You can give it an optional name.
cmp aux:drop <name>
Drop the environment with the given name
cmp aux:test
Creates environment from CTF_ENVIRONMENT_ID, applies new migrations, and drops the environment
For development of the CMP tool
- Clone this project
npm inpm link- Create a test project in another folder and cd into it
npm initnpm i @prototyp-stockholm/contentful-migrator-programmenpm link @prototyp-stockholm/contentful-migrator-programme- create an .env file and set the required CTF credentials
Now anything you modify in the locally cloned package will be instantly available in the test project to test.
Testing
We use Jest for testing. Before the tests are run setup in jest.setupFiles.js and jestSetupFilesAfterEnv.js are being performed.
jest.setupFiles.js overrides the .env file with the .env.test file. It also creates a utility mock of console.log to capture all console output but without any encoding characters from picocolor.
jestSetupFilesAfterEnv.js creates a test migration directory before the test suite is executed. The directory is removed after the test suite is executed.
Before running the tests you need to create a .env.test file in the root of the project. Create a copy from .env.test.template
Since the codebase is integrated with the contenful-management package we use a mock their api by using mock service worker. The mocks can be found in mocks/contentful. The handlers directory contains response handlers corresponding for each command in cmd.js
Roadmap
- Track migrated migrations with a migration type
- Generate migration command.
- Apply migrations command.
- Reset current environment to master.
- Rollback the latest migration
- Apply migrations in batches and ability to rollback if something goes wrong (aux env).
- When migrating, all migrations will belong to a batch. When rolling back, the latest batch will be reverted.
- Improve migrations templates (add ability to use
npm run m:generate add-name-to-user-type --name=Symbol --age=Numberfor example and generate the needed code to add the fields. - Improve seeding or maybe rethink it or maybe remove it since it may be out of scope.
- Move to TypeScript.
- Document features.
Releasing and publishing on NPM
Release-please is utilized to simplify releases and to auto-publish on NPM. In short, release-please creates a release-PR that updates the version and edits the Changelog as soon as it detects new commits with messages starting with "fix" or "feat". This PR is maintained until it is merged. Upon merging, this packages is released and once done it auto-publishes on NPM.
Read more here https://github.com/google-github-actions/release-please-action#how-release-please-works
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-please.yml:7
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-pr-title.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/prototypsthlm/contentful-migrator-programme/lint-pr-title.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/prototypsthlm/contentful-migrator-programme/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prototypsthlm/contentful-migrator-programme/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/prototypsthlm/contentful-migrator-programme/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/prototypsthlm/contentful-migrator-programme/run-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/prototypsthlm/contentful-migrator-programme/run-tests.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yml:22
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 1 out of 2 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/18 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/lint-pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Warn: no topLevel permission defined: .github/workflows/run-tests.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
3.9
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More