Gathering detailed insights and metrics for docker-compose
Gathering detailed insights and metrics for docker-compose
Installations
npm install docker-composeReleases
Unable to fetch releases
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 6.0.0
Typescript Support
Yes
Node Version
22.3.0
NPM Version
10.8.1
Statistics
199 Stars
442 Commits
78 Forks
6 Watching
6 Branches
39 Contributors
Updated on 18 Nov 2024
Bundle Size
115.11 kB
Minified
33.91 kB
Minified + Gzipped
Languages
TypeScript (99.03%)
JavaScript (0.89%)
Dockerfile (0.08%)
Total Downloads
Cumulative downloads
Total Downloads
56,819,499
Last day
5.6%
155,900
Compared to previous day
Last week
7.7%
877,969
Compared to previous week
Last month
8.6%
3,561,446
Compared to previous month
Last year
141.1%
33,682,368
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
19
Versions
Manage Docker-Compose via Node.js
docker-compose is a small library that allows you to run docker-compose (which is still required) via Node.js. This is useful to bootstrap test environments.
As of version 1.0, this library only supports docker compose (v2, the docker "compose" plugin). The docker-compose (v1) has been removed from recent releases of Docker Desktop and is no longer supported. Use the 0.x versions of this library if you still need to use the old docker-compose (v1).
Installation
1yarn add --dev docker-compose
Documentation
The documentation can be found here.
Example
Import for docker-compose
1import * as compose from 'docker-compose'
You can also import only the required commands:
1import { run, upAll } from 'docker-compose'
Usage
To start service containers based on the docker-compose.yml file in your current directory, just call compose.upAll like this:
1compose.upAll({ cwd: path.join(__dirname), log: true }).then( 2 () => { 3 console.log('done') 4 }, 5 (err) => { 6 console.log('something went wrong:', err.message) 7 } 8)
Start specific services using compose.upMany:
1const services = ['serviceA', 'serviceB'] 2compose.upMany(services, { cwd: path.join(__dirname), log: true })
Or start a single service with compose.upOne:
1const service = 'serviceA' 2compose.upOne(service, { cwd: path.join(__dirname), log: true })
To execute command inside a running container
1compose.exec('node', 'npm install', { cwd: path.join(__dirname) })
To list the containers for a compose project
1const result = await compose.ps({ cwd: path.join(__dirname) }) 2result.data.services.forEach((service) => { 3 console.log(service.name, service.command, service.state, service.ports) 4 // state is e.g. 'Up 2 hours' 5})
The --format json command option can be used to get a better state support:
1const result = await compose.ps({ cwd: path.join(__dirname), commandOptions: [["--format", "json"]] }) 2result.data.services.forEach((service) => { 3 console.log(service.name, service.command, service.state, service.ports) 4 // state is one of the defined states: paused | restarting | removing | running | dead | created | exited 5})
Known issues
- During testing we noticed that
docker composeseems to send its exit code also commands don't seem to have finished. This doesn't occur for all commands, but for example withstopordown. We had the option to wait for stopped / removed containers using third party libraries but this would make bootstrappingdocker-composemuch more complicated for the users. So we decided to use asetTimeout(500)workaround. We're aware this is not perfect, but it seems to be the most appropriate solution for now. Details can be found in the v2 PR discussion (we're happy to get help here).
Running the tests
While docker-compose runs on Node.js 6+, running the tests requires you to use Node.js 8+ as they make use of async/await.
1yarn test
Want to help?
This project is just getting off the ground and could use some help with cleaning things up and refactoring.
If you want to contribute - we'd love it! Just open an issue to work against so you get full credit for your fork. You can open the issue first so we can discuss and you can work your fork as we go along.
If you see a bug, please be so kind as to show how it's failing, and we'll do our best to get it fixed quickly.
Before sending a PR, please create an issue to introduce your idea and have a reference for your PR.
We're using conventional commits, so please use it for your commits as well.
Also please add tests and make sure to run yarn lint.
Discussions
If you want to discuss an docker-compose issue or PR in more detail, feel free to start a discussion.
License
MIT License
Copyright (c) 2017 - 2021 PDMLab
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
No vulnerabilities found.
Reason
16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 4/12 approved changesets -- score normalized to 3
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-652h-xwhf-q4h6
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/deploy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/PDMLab/docker-compose/deploy.yml/master?enable=pin
- Warn: containerImage not pinned by hash: test/build-test.Dockerfile:1: pin your Docker image by updating alpine:3.7.3 to alpine:3.7.3@sha256:8421d9a84432575381bfabd248f1eb56f3aa21d9d7cd2511583c68c9b7511d10
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 containerImage dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
4.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More