npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@shini4i/gitlab-token-scope-adjuster

v0.2.1

Published

CLI tool for automatically adjusting CI_JOB_TOKEN scope based on project dependencies in GitLab.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shini4ishini4i

Keywords

gitlabcigitlab-citoken

Readme

GitLab CI Job Token Scope Adjuster

GitHub Actions Workflow Status GitHub Actions Workflow Status NPM Downloads NPM Version codecov GitHub License

This CLI tool helps automate the process of configuring CI job token scopes in GitLab projects.

Starting from GitLab 16, it is mandatory to explicitly configure CI_JOB_TOKEN access, and this tool simplifies that by automating the necessary API calls.

How it works?

  • Fetches project details from GitLab.
  • Identifies dependency files (go.mod, composer.json, package-lock.json) in the repository.
  • Extracts dependencies from these files.
  • Configures CI job token scopes to whitelist the source project in dependency projects.
graph LR
    A[gitlab-token-scope-adjuster -p 1234] --> B[Fetch Project Details]
    B --> C[Identify Dependency Files]
    C --> D[Process Each Dependency File]
    D --> E[Extract Dependencies]
    E --> F[Whitelist project CI_JOB_TOKEN in the Dependency Project]

Prerequisites

  • Node.js (>= 22.x)
  • GitLab access token with the necessary permissions

Installation

Install @shini4i/gitlab-token-scope-adjuster package:

npm install -g @shini4i/gitlab-token-scope-adjuster

Usage

Expose the following environment variables:

export GITLAB_URL=https://gitlab.example.com
export GITLAB_TOKEN=your_access_token

And run the following command:

gitlab-token-scope-adjuster -p <your_project_id>

--project-id/-p and --all are mutually exclusive. Make sure to specify exactly one of them when running the CLI.

To find dependency files recursively run the following command:

gitlab-token-scope-adjuster -p <your_project_id> --monorepo

Keep in mind that depending on the amount of files in the repo it can significantly increase execution time.

Process every accessible project

You can iterate over every project visible to the provided token:

gitlab-token-scope-adjuster --all

Combine the --all mode with --dry-run (and optionally --report) whenever you only need a preview of the changes:

gitlab-token-scope-adjuster --all --dry-run --report # writes gitlab-token-scope-report.yaml
gitlab-token-scope-adjuster --all --dry-run --report reports/output.yaml

CLI options

  • -p, --project-id <id> – process a single project by ID (required when --all is not supplied).
  • --dry-run – list dependency projects without adjusting scopes.
  • --monorepo – recurse through the repository tree when looking for dependency manifests.
  • --all – process every project the token can access instead of a single --project-id.
  • --report [path] – persist dry-run results for --all mode as YAML (defaults to gitlab-token-scope-report.yaml).

Local development

ts-node is required only when running the CLI directly from source during development. After cloning the repository:

You can exercise the CLI directly from the repository without installing globally:

npm exec ts-node -- src/cli.ts --project-id <project_id> --dry-run
npm exec ts-node -- src/cli.ts --all --dry-run --report reports/dry-run.yaml

For faster subsequent runs:

npm run build
node dist/cli.js --all --dry-run --report

The Makefile includes shortcuts such as make dry-run-all to execute --all --dry-run via ts-node.

Testing

Run the automated test suites:

npm test

To generate a coverage report:

npm run coverage

The Makefile also exposes make test and make test-coverage targets if you prefer invoking tests through make.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

If you discover a bug or have an idea for an enhancement, feel free to open an issue.

License

This project is released under the MIT License.