Gathering detailed insights and metrics for fuzz-run
Gathering detailed insights and metrics for fuzz-run
:runner: Run all your NPM scripts more easily with fuzzy matching Run all your NPM scripts more easily with fuzzy matching
Installations
npm install fuzz-runDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=18
Node Version
18.19.0
NPM Version
10.2.5
Releases
4
Languages
1
JavaScript
JavaScript (100%)
Developer
sinedied
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
3 Stars
52 Commits
2 Watchers
1 Branches
2 Contributors
Updated on Jan 23, 2025
Maintainers
1
Package Meta Information
Latest Version
3.0.0
Package Id
fuzz-run@3.0.0
Unpacked Size
13.54 kB
Size
5.27 kB
File Count
5
NPM Version
10.2.5
Node Version
18.19.0
Published on
Jan 11, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
4
:runner: fuzz-run
Run all your NPM scripts more easily with fuzzy matching.
Features:
- Fuzzy matching of NPM script name, optimized for commands (see alternatives)
- Yarn and PNPM support: automatically detect the package manager used and adapt commands accordingly
- No need for
--to pass extra options when using NPM - Extra actions for common recurrent tasks
Installation
1npm install -g fuzz-run
CLI Usage
1Usage: fr <fuzzy_script_name>|<action> [script_options] 2Actions: 3 -u, --update Show outdated packages and run an interactive update 4 -r, --refresh Delete node_modules and lockfile, and reinstall packages
If no arguments are provided, it will list all available scripts.
As the name of the script to run is fuzzy matched, you can try:
- typing only some letters of the script name, regardless of their position (first letters weights more), like
tfortestscript - typing first letter of compound script names like
tcfortest:ciscript - making some typos, like
etsfortestscript
Note that you can use the alias nr (for npm run) instead of fr (fuzz run) if you prefer :wink:
You can pass any arguments to your script if needed, like fr t --coverage. You don't need to use -- to pass extra options to your script like when using npm directly.
Actions
There are a few scripted actions you can use for common day-to-day tasks in your projects:
-uor--update: It will show outdated packages, then ask if you want to update. If you accept, it will first update all package within their allowed range according to yourpackage.jsonusingnpm update,pnpm updateoryarn upgrade. Then it will run an interactive update, using under the hoodnpx npm-check -uif NPM or PNPM is your package manager oryarn upgrade-interactiveif you use Yarn.-ror--refresh: It will deletenode_modulesfolder and lockfile, and reinstall all your packages. I probably use that more than I should, but it's always a handy fix.
Package manager
Supported package managers are NPM, Yarn and PNPM.
By default, your package manager will be autodetected based on your project's lockfile format, and corresponding commands will be used.
You can also force a package manager by setting the NODE_PACKAGE_MANAGER environment variable.
API
You can also integrate this script runner in your own CLI by using the function fuzzyRun(args, packageManager):
args: array of arguments, the same you would use for the CLI usagepackageManager: optional, can be'npm','yarn'or'pnpm'to force a specific command to run the scripts. Ifnullorundefined, it will be autodetected based on your project's lockfile format.
Example:
1const fuzzyRun = require('fuzzy-run'); 2fuzzyRun(process.argv.slice(2));
Alternatives
Why making a new tool when some other exists, you might ask?
Both are based on fuse.js for the fuzzy matching, which is not great for matching commands, as it doesn't weight properly specific features like subcommands separation (using characters like -, _, :) or first character of words :disappointed:
Some examples:
- if you have 2 scripts
testandtest:ci, typingtcmatchestestinstead oftest:ci - if you have 2 scripts
test:ciandother, typingtmatchesother
So I benchmarked many fuzzy matching libraries, and kept the best one I found suited for the job, fuzzysort, that solves these issues.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sinedied/fuzz-run/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sinedied/fuzz-run/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sinedied/fuzz-run/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/sinedied/fuzz-run/release.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:33
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 3 npmCommand dependencies pinned
Reason
Found 0/20 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 3.0.0 not signed: https://api.github.com/repos/sinedied/fuzz-run/releases/136701912
- Warn: release artifact 2.2.0 not signed: https://api.github.com/repos/sinedied/fuzz-run/releases/61895293
- Warn: release artifact 2.1.0 not signed: https://api.github.com/repos/sinedied/fuzz-run/releases/60716031
- Warn: release artifact 2.0.0 not signed: https://api.github.com/repos/sinedied/fuzz-run/releases/60698255
- Warn: release artifact 3.0.0 does not have provenance: https://api.github.com/repos/sinedied/fuzz-run/releases/136701912
- Warn: release artifact 2.2.0 does not have provenance: https://api.github.com/repos/sinedied/fuzz-run/releases/61895293
- Warn: release artifact 2.1.0 does not have provenance: https://api.github.com/repos/sinedied/fuzz-run/releases/60716031
- Warn: release artifact 2.0.0 does not have provenance: https://api.github.com/repos/sinedied/fuzz-run/releases/60698255
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Score
2.4
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More