npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

nscm

v1.11.0

Published

The NodeSource Certified Modules command line utility

Downloads

50

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

julianduquejulianduquenodesrcnodesrc

Keywords

Readme

nscm - the CLI Utility for NodeSource Certified Modules

nscm is a simple utility for NodeSource Certified Modules that can be used to easily authenticate with your Certified Modules registry, to whitelist pacakges that fail certification, and to generate a detailed report about current project and the modules it depends on.

Installation

You can install it from npm by running:

$ npm install -g nscm

Usage

This tool is meant to be used in the root folder of an application where the package.json file exists.

  Usage: nscm [command] [options]

  Commands:

    config, c           Configure nscm options
    help                Display help
    report, r           Get a report of your packages
    signin, s, login    Sign in to nscm
    signout, o, logout  Sign out of nscm
    verify              Verify if all packages are certified
    whitelist, w        Whitelist your packages

  Options:

    -C, --certified        Shows only certified packages
    -c, --concurrency <n>  Concurrency of requests (defaults to 15)
    -d, --dot              Formats the report in Graphiz dot (disabled by default)
    -f, --failed           Shows only packages that failed certification (disabled by default)
    -g, --github           Sign in using GitHub SSO (disabled by default)
    -G, --google           Sign in using Google SSO (disabled by default)
    -h, --help             Output usage information
    -j, --json             Formats the report in JSON (disabled by default)
    -o, --output           Save report to file (disabled by default)
    -p, --production       Only check production (disabled by default)
    -r, --registry         Certified modules registry (defaults to "")
    -s, --svg              Formats the report in SVG (disabled by default)
    -t, --token            Token for registry authentication (defaults to "")
    -v, --version          Output the version number

  Additional Help

    Add -h to the 'config' or 'whitelist' commands for additional help concerning those commands.

    nscm config -h
    nscm whitelist -h

nscm report (default)

Returns a report of matching certified packages and their certification scores.

$ nscm report
please wait while we process the information
┌────────────────────────────────────┬───────────────┬────────┐
│ Package                            │ Version       │ Score  │
├────────────────────────────────────┼───────────────┼────────┤
│ body-parser                        │ 1.15.2        │ 100    │
├────────────────────────────────────┼───────────────┼────────┤
│ debug                              │ 2.2.0         │ 70     │
├────────────────────────────────────┼───────────────┼────────┤
│ ms                                 │ 0.7.1         │ 100    │
├────────────────────────────────────┼───────────────┼────────┤
│ bytes                              │ 2.4.0         │ 100    │
├────────────────────────────────────┼───────────────┼────────┤
│ content-type                       │ 1.0.2         │ 100    │
├────────────────────────────────────┼───────────────┼────────┤
│ depd                               │ 1.1.0         │ 100    │
├────────────────────────────────────┼───────────────┼────────┤
│ http-errors                        │ 1.5.1         │ 100    │
├────────────────────────────────────┼───────────────┼────────┤
│ inherits                           │ 2.0.3         │ 100    │
├────────────────────────────────────┼───────────────┼────────┤

You can also pass --json to return the report in JSON format, --svg to return the report in SVG format, or --dot to return the report in Graphviz DOT format. Use --production to return only dependencies and not devDependencies and --output to save a file (.json or .svg) for generated report.

If you want to filter the output you can use --certified to show only certified packages or --failed to show only packages that failed certification.

$ nscm report --production --json
please wait while we process the information
[
  {
    "name": "body-parser",
    "version": "1.15.2",
    "from": "1.15.2 <1.16.0",
    "score": 100
  },
  {
    "name": "debug",
    "version": "2.2.0",
    "from": ">=2.2.0 <2.3.0",
    "score": 70
  },
  {
    "name": "ms",
    "version": "0.7.1",
    "from": "0.7.1",
    "score": 100
  },
  {
    "name": "bytes",
    "version": "2.4.0",
    "from": "2.4.0",
    "score": 100
  },
...

nscm whitelist

Check which packages aren't certified, and start an interactive prompt to add packages to the whitelist.

$ nscm whitelist
please wait while we process the information

37 packages aren't certified, do you want to add them to the whitelist?
? add [email protected] Yes
? add [email protected] Yes
? add [email protected] No
? add [email protected] No
? add [email protected] (ynaH) All

┌────────────────────────────────────┬───────────────┬────────┐
│ Package                            │ Version       │ Score  │
├────────────────────────────────────┼───────────────┼────────┤
│ debug                              │ 2.2.0         │ 70     │
├────────────────────────────────────┼───────────────┼────────┤
│ setprototypeof                     │ 1.0.2         │        │
├────────────────────────────────────┼───────────────┼────────┤
...
├────────────────────────────────────┼───────────────┼────────┤
│ source-list-map                    │ 0.1.8         │        │
├────────────────────────────────────┼───────────────┼────────┤
│ webpack-core                       │ 0.6.9         │        │
└────────────────────────────────────┴───────────────┴────────┘
35 packages added to the whitelist

You can also pass --all to add all the packages to the whitelist and --json to return the packages in a JSON format.

nscm whitelist add

Add a package and its dependencies to the whitelist.

$ nscm whitelist add [email protected]

If you pass only the package name, nscm will use latest. You can also pass a semver range or a specific version. If a semver range is passed it will be resolved to the highest published version that matches the range.

nscm whitelist delete

Delete a package from the whitelist.

$ nscm whitelist delete debug

nscm whitelist list

Lists all whitelisted packages.

$ nscm whitelist list
┌────────────────────────────────────┬───────────────┬────────┐
│ Package                            │ Version       │ Score  │
├────────────────────────────────────┼───────────────┼────────┤
│ acorn                              │ 4.0.1         │        │
├────────────────────────────────────┼───────────────┼────────┤
│ isarray                            │ 2.0.1         │        │
└────────────────────────────────────┴───────────────┴────────┘
2 packages in the whitelist

nscm whitelist reset

Removes all whitelisted packages.

nscm config

Configuration Options

  • token - Authentication Token. If not specified, it will be fetched from ~/.npmrc - required
  • registry - Private NodeSource Certified Modules registry URL. If not specified, it will be fetched from ~/.npmrc - required
  • concurrency - Concurrency of requests to package registry - default: 15

nscm config set <key> <value>

Modify the specified configuration option.

$ nscm config set concurrency 10

nscm config get

Gets a configuration option

$ nscm config get registry
https://{registryId}.registry.nodesource.io

nscm config delete

Deletes a configuration option.

$ nscm config delete token

nscm config list

List all configuration options.

$ nscm config list
concurrency = 15
registry = https://{registryId}.registry.nodesource.io

nscm config reset

Reset all configuration options to default values.

$ nscm config reset

Authors and Contributors

Contributions are welcomed from anyone wanting to improve this project!

License & Copyright

nscm is Copyright (c) 2017 NodeSource and licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.