Gathering detailed insights and metrics for realize-package-specifier
Gathering detailed insights and metrics for realize-package-specifier
Like npm-package-arg, but more so, producing full file paths and differentiating local tar and directory sources.
Installations
npm install realize-package-specifierDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
4.4.0
NPM Version
3.8.7
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
npm
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
ISC License
5 Stars
41 Commits
7 Forks
24 Watchers
2 Branches
105 Contributors
Updated on Aug 25, 2023
Maintainers
2
Package Meta Information
Latest Version
3.0.3
Package Id
realize-package-specifier@3.0.3
Size
4.95 kB
NPM Version
3.8.7
Node Version
4.4.0
Published on
Apr 21, 2016
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
2
realize-package-specifier
Parse a package specifier, peeking at the disk to differentiate between
local tarballs, directories and named modules. This implements the logic
used by npm install and npm cache to determine where to get packages
from.
1var realizePackageSpecifier = require("realize-package-specifier") 2realizePackageSpecifier("foo.tar.gz", ".", function (err, package) { 3 … 4})
Using
- realizePackageSpecifier(spec, [where,] callback)
Parses spec using npm-package-arg and then uses stat to check to see if
it refers to a local tarball or package directory. Stats are done relative
to where. If it does then the local module is loaded. If it doesn't then
target is left as a remote package specifier. Package directories are
recognized by the presence of a package.json in them.
spec -- a package specifier, like: foo@1.2, or foo@user/foo, or
http://x.com/foo.tgz, or git+https://github.com/user/foo
where (optional, default: .) -- The directory in which we should look for local tarballs or package directories.
callback function(err, result) -- Called once we've determined what
kind of specifier this is. The result object will be very like the one
returned by npm-package-arg except with three differences: 1) There's a
new type of directory. 2) The local type only refers to tarballs. 2)
For all local and directory type results spec will contain the full path of
the local package.
Result Object
The full definition of the result object is:
name- If known, thenamefield expected in the resulting pkg.type- One of the following strings:git- A git repohosted- A hosted project, from github, bitbucket or gitlab. Originally either a full url pointing at one of these services or a shorthand likeuser/projectorgithub:user/projectfor github orbitbucket:user/projectfor bitbucket.tag- A tagged version, like"foo@latest"version- A specific version number, like"foo@1.2.3"range- A version range, like"foo@2.x"local- A local file pathdirectory- A local package directoryremote- An http url (presumably to a tgz)
spec- The "thing". URL, the range, git repo, etc.hosted- If type=hosted this will be an object with the following keys:type- github, bitbucket or gitlabssh- The ssh path for this git reposshurl- The ssh URL for this git repohttps- The HTTPS URL for this git repodirectUrl- The URL for the package.json in this git repo
raw- The original un-modified string that was provided.rawSpec- The part after thename@..., as it was originally provided.scope- If a name is something like@org/modulethen thescopefield will be set toorg. If it doesn't have a scoped name, then scope isnull.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: ISC License: LICENSE:0
Reason
Found 0/29 approved changesets -- score normalized to 0
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More