Gathering detailed insights and metrics for npmvet
Gathering detailed insights and metrics for npmvet
Installations
npm install npmvetDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
16.14.2
NPM Version
8.5.0
Statistics
205 Stars
85 Commits
10 Forks
8 Watching
3 Branches
5 Contributors
Updated on 30 Apr 2024
Bundle Size
491.71 kB
Minified
144.34 kB
Minified + Gzipped
Languages
TypeScript (68.48%)
JavaScript (31.52%)
Total Downloads
Cumulative downloads
Total Downloads
238,540
Last day
4.2%
123
Compared to previous day
Last week
53%
693
Compared to previous week
Last month
1.9%
2,305
Compared to previous month
Last year
-25.3%
31,265
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
6
Versions
NPM Vet is a simple CLI tool to help vet your npm package versions. NPM Vet can be used locally, or as a CI build-step to prevent builds passing with mismatched package versions. To read more about NPM Vet, visit the Hark website.
Installation
$ npm install npmvet -g
Usage
Usage: npmvet [options]
Options:
-h, --help output usage information
-V, --version output the version number
-p, --package <package> package.json file location (Default: .)
-m, --modules <modules> node_modules folder location (Default: .)
-r, --renderer <renderer> Renderer to use (Default: inlinetable)
-s, --strict Using the CI renderer, fail build if any packages unlocked (Default: false, flag)
Strict Mode
If you're using the CI renderer (see below) the -s flag will enable strict mode. In which builds will fail if versions are unlocked, not just unmatching.
Renderers
Renderers are used to dictate how to output the data NPM Vet collects. The default is inlinetable.
Inline Table
$ npmvet -r inlinetable
The default renderer, inlinetable will print a table inline with your current process. You can use this locally to visualise package differences.
CI
$ npmvet -r ci
To prevent your CI builds passing with mismatched package versions, use the CI renderer. If any package version mismatches are found, the build will fail:
Or if there are no mismatching package versions, your build will continue (and hopefully pass!):
Blessed
The blessed renderer will render a table inside a screen, that has be exited by the user to escape.
$ npmvet -r blessed
JSON
The JSON renderer will print a JSON array with match information for each package.
$ npmvet -r json
1[ 2 { 3 "name": "blessed", 4 "packageVersion": "0.1.81", 5 "installedVersion": "0.1.81", 6 "matches": true, 7 "locked": false 8 }, 9 { 10 "name": "chalk", 11 "packageVersion": "1.1.3", 12 "installedVersion": "1.1.3", 13 "matches": true, 14 "locked": false 15 }, 16 { 17 "name": "jest", 18 "packageVersion": "18.1.0", 19 "installedVersion": "18.1.0", 20 "matches": true, 21 "locked": false 22 } 23]
Contributing
For information regarding contributing to this project, please read the Contributing document.
License
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
Found 5/11 approved changesets -- score normalized to 4
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Score
2.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More