Thursday, 24 March 2016

Bash to audit your npm dependencies

With the issues surrounding npm today, I thought it would be interesting to write a bash one liner to see how many stars on github each dependency in my project's dependency tree has. The bash is below, it's only real dependencies are curl and npm. A word of warning, it does take quite sometime to run especially if you have lots of dependencies.

npm ls | grep -oP "\w[^@]+@" | sed s/@// | sort |uniq |  awk '{print "npm view " $1 " repository.url"}' | sh | grep -oP "github(\w|\W)+\.git" | sed 's/.git//g' | sed 's/.com/.com\/repos/g' | awk '{print "curl -s \"https://api."$1"\" | grep -P \"(stargazers_count|full_name)\" "}' | sh


In regards to my opinion on the situation, the behavior of some of the individuals was clearly childish at best and everyone who was stung by the situation should be a little more careful about their dependencies.


  1. Long Description Riskonnect is the trusted, preferred source of Integrated Risk Management technology, offering a growing suite of solutions on a world-class cloud computing model that enable clients to elevate their programs for management of all risks across the enterprise. Riskonnect allows organizations to holistically understand, manage and control risks, positively affecting shareholder value OSHA compliance solution

  2. Following the above steps is critical when performing any type of audit otherwise the audit itself could be fraught with omissions or inaccuracies.

    independent auditing services uk