npmpackage.info

Gathering detailed insights and metrics for @techor/read-workspace-packages

@techor/read-workspace-packages - 2.4.6 | npmpackage.info

@techor/read-workspace-packages

A monorepo framework integrating first-class packages and build systems

2.4.6

MIT

TypeScript

10.83 kB

3.1

Installations

npm install @techor/read-workspace-packages

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM

Node Version

18.16.1

NPM Version

8.19.4 Pull Requests

Open

0

Total

2

Closed

0

Merged

2

Issues

Open

0

Total

9

Closed

9

Releases

150

v3.2.5

Updated on May 13, 2025

v3.2.4

Updated on May 13, 2025

v3.2.3

Updated on May 08, 2025

v3.2.2

Updated on May 08, 2025

v3.2.1

Updated on May 08, 2025

v3.2.0

Updated on Mar 20, 2025

View All 150 releases

Languages

TypeScript

JavaScript

Handlebars

Shell

TypeScript (90.97%)

JavaScript (7.95%)

Handlebars (1.02%)

Shell (0.06%)

Developer

1aron

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

10 Stars

392 Commits

1 Forks

2 Watchers

1 Branches

3 Contributors

Updated on May 13, 2025

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

2.4.6

Package Id

@techor/read-workspace-packages@2.4.6

Unpacked Size

10.83 kB

Size

3.15 kB

File Count

NPM Version

8.19.4

Node Version

18.16.1

Published on

Jul 25, 2023

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

fast-glob @techor/query-workspaces @techor/fs

Read workspace package.json contents

By default, read workspace packages by package.json .workspaces in the current working directory
By default, workspace packages in node_modules are excluded

Getting Started

1npm install @techor/read-workspace-packages

Preparation

Your monorepo usually looks like this:

1.
2├── package.json
3└── packages
4    ├─── a
5    │    └─── package.json
6    ├─── b
7    │    ├─── node_modules
8    │    │    └─── fake-module
9    │    │         └─── package.json
10    │    ├─── bb
11    │    │    └─── package.json
12    │    └─── package.json
13    ├─── c
14    └─── d
15         └─── package.json

./package.json

1{
2    "workspaces": ["packages/**"]
3}

./packages/d/package.json

1{
2    "name": "d",
3    "private": true
4}

Usage

readWorkspacePackages(patterns?, options?): any[]

1import readWorkspacePackages from '@techor/read-workspace-packages'
2
3const packages = readWorkspacePackages()
4// [{ name: 'a' }, { name: 'b' }, { name: 'd', private: true }, { name: 'bb' }]
5
6const packages = readWorkspacePackages(['packages/*'])
7// [{ name: 'a' }, { name: 'b' }, { name: 'd', private: true }]
8
9const publicPackages = readWorkspacePackages()
10    .fiter((eachWorkspacePackage) => !eachWorkspacePackage.private)
11// [{ name: 'a' }, { name: 'b' }, { name: 'bb' }]

Options

Inherited from fast-glob options

1{
2    cwd: process.cwd(),
3    ignore: ['**/node_modules/**']
4}

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

5

Maintained

Determines if the project is "actively maintained".

1

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Security-Policy

Determines if the project has published a security policy.

0

SAST

Determines if the project uses static code analysis.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/commit-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/commit-check.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/commit-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commit-check.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/commit-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/lint.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request-title-check.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/pull-request-title-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-dev-branches.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/sync-dev-branches.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/type-check.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/type-check.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/type-check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/techor-dev/techor/type-check.yml/main?enable=pin
Warn: containerImage not pinned by hash: .github/actions/Dockerfile:1
Warn: npmCommand not pinned by hash: .github/actions/Dockerfile:4
Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 1 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

3.1

/10

Last Scanned on 2025-07-14

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More