Thursday, 24 March 2016

Bash to audit your npm dependencies

With the issues surrounding npm today, I thought it would be interesting to write a bash one liner to see how many stars on github each dependency in my project's dependency tree has. The bash is below, it's only real dependencies are curl and npm. A word of warning, it does take quite sometime to run especially if you have lots of dependencies.

npm ls | grep -oP "\w[^@]+@" | sed s/@// | sort |uniq |  awk '{print "npm view " $1 " repository.url"}' | sh | grep -oP "github(\w|\W)+\.git" | sed 's/.git//g' | sed 's/.com/.com\/repos/g' | awk '{print "curl -s \"https://api."$1"\" | grep -P \"(stargazers_count|full_name)\" "}' | sh


In regards to my opinion on the situation, the behavior of some of the individuals was clearly childish at best and everyone who was stung by the situation should be a little more careful about their dependencies.