Gathering detailed insights and metrics for realize-package-specifier
Gathering detailed insights and metrics for realize-package-specifier
Like npm-package-arg, but more so, producing full file paths and differentiating local tar and directory sources.
Installations
npm install realize-package-specifierDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
4.4.0
NPM Version
3.8.7
Score
94
Supply Chain
90.2
Quality
81.5
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
106
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
Developer
npm
Download Statistics
Total Downloads
15,528,451
Last Day
1,428
Last Week
13,561
Last Month
82,316
Last Year
1,152,226
GitHub Statistics
5 Stars
41 Commits
7 Forks
26 Watching
2 Branches
106 Contributors
Bundle Size
27.88 kB
Minified
8.59 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
3.0.3
Package Id
realize-package-specifier@3.0.3
Size
4.95 kB
NPM Version
3.8.7
Node Version
4.4.0
Publised On
21 Apr 2016
Total Downloads
Cumulative downloads
Total Downloads
15,528,451
Last day
-63.5%
1,428
Compared to previous day
Last week
-33.2%
13,561
Compared to previous week
Last month
-13.8%
82,316
Compared to previous month
Last year
-8.2%
1,152,226
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
2
Versions
realize-package-specifier
Parse a package specifier, peeking at the disk to differentiate between
local tarballs, directories and named modules. This implements the logic
used by npm install and npm cache to determine where to get packages
from.
1var realizePackageSpecifier = require("realize-package-specifier") 2realizePackageSpecifier("foo.tar.gz", ".", function (err, package) { 3 … 4})
Using
- realizePackageSpecifier(spec, [where,] callback)
Parses spec using npm-package-arg and then uses stat to check to see if
it refers to a local tarball or package directory. Stats are done relative
to where. If it does then the local module is loaded. If it doesn't then
target is left as a remote package specifier. Package directories are
recognized by the presence of a package.json in them.
spec -- a package specifier, like: foo@1.2, or foo@user/foo, or
http://x.com/foo.tgz, or git+https://github.com/user/foo
where (optional, default: .) -- The directory in which we should look for local tarballs or package directories.
callback function(err, result) -- Called once we've determined what
kind of specifier this is. The result object will be very like the one
returned by npm-package-arg except with three differences: 1) There's a
new type of directory. 2) The local type only refers to tarballs. 2)
For all local and directory type results spec will contain the full path of
the local package.
Result Object
The full definition of the result object is:
name- If known, thenamefield expected in the resulting pkg.type- One of the following strings:git- A git repohosted- A hosted project, from github, bitbucket or gitlab. Originally either a full url pointing at one of these services or a shorthand likeuser/projectorgithub:user/projectfor github orbitbucket:user/projectfor bitbucket.tag- A tagged version, like"foo@latest"version- A specific version number, like"foo@1.2.3"range- A version range, like"foo@2.x"local- A local file pathdirectory- A local package directoryremote- An http url (presumably to a tgz)
spec- The "thing". URL, the range, git repo, etc.hosted- If type=hosted this will be an object with the following keys:type- github, bitbucket or gitlabssh- The ssh path for this git reposshurl- The ssh URL for this git repohttps- The HTTPS URL for this git repodirectUrl- The URL for the package.json in this git repo
raw- The original un-modified string that was provided.rawSpec- The part after thename@..., as it was originally provided.scope- If a name is something like@org/modulethen thescopefield will be set toorg. If it doesn't have a scoped name, then scope isnull.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: ISC License: LICENSE:0
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
Found 0/29 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
3
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More