UNPKG

npm-consider-tester

Version:

Check npm package dependencies, stats and impact on your package before installing it

github.com/delfrrr/npm-consider

delfrrr/npm-consider

113 lines (74 loc) 4.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# npm-consider Check npm package dependencies size, licenses and impact on your package before installing it 🤔 ![npm-consider](https://i.imgur.com/eAQPbHL.gif) If you like it, please, ⭐️ this repo! [![Build Status](https://travis-ci.org/delfrrr/npm-consider.svg?branch=master)](https://travis-ci.org/delfrrr/npm-consider) ## Features * calculate dependencies size recursively * show dependencies license policy for linking * calculates impact on current package * show a full dependency graph * analyses packages without downloading it * supports yarn * analyzes local package * provides continuous integration (CI) mode ## Installing ``` npm install -g npm-consider ``` **Note:** this tool is more useful when your colleagues also use it 😉 ## Usage **Add new dependency** `npm-consider` has similar arguments as `npm install` ``` npm-consider install --save express ``` The command recursively requests packages info from npm and builds dependencies graph. Size of the package determined via `HEAD` request to `tarball` download URL. **Analyze local package** When called without arguments in package directory it builds a dependency graph and calculates metrics for local package ``` npm-consider install ``` **Using for automation and continuous integration** You can specify maximum values of size and number as well as allowed license types in `config` of your `package.json`. ``` "config": { "maxPackagesNumber": 100, "maxSizeBites": 840400, "allowedLicenseTypes": [ "permissive", "publicDomain", "uncategorized" ] } ``` Once provided you can call ``` npm-consider install --test ``` ![npm-consider](https://i.imgur.com/eo4HbDb.gif) If all limits are satisfied command will exit with `code=0`; otherwise `code=1`. Note: in this mode, `npm-consider` will not call `npm install` or `yarn install`. Supported properties: * `maxPackagesNumber` max number of `npm` dependencies incuding [transitive dependencies](https://en.wikipedia.org/wiki/Transitive_dependency) * `maxSizeBites` max size of downloaded packages in bites * `allowedLicenseTypes` what types of dependency licenses are accpetable for the package Supported types are `publicDomain`, `permissive`, `weaklyProtective`, `protective`, `networkProtective`, `uncategorized`. If you are not sure which license types are appropriate [check this artice](https://medium.com/@vovabilonenko/licenses-of-npm-dependencies-bacaa00c8c65). ### Usage with yarn If the project contains `yarn.lock` file, then `npm-consider` will do `yarn add` with corresponding options. ### Licence type `npm-consider` calculates license type for every dependency. The type defines license policy for [linking as a librtary](https://en.wikipedia.org/wiki/Library_(computing)#Linking). Data collected from [Comparison of free and open-source software licenses](https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses) on Wikipedia. * `Public Domain` and `Permissive` license allows you to do anything except sue the author * `Weakly Protective` license have a restriction to how can it be linked and combined with other licenses * `Protective` or *Copyleft* dependency license requires a dependent module to have a free license, which prevents it from being proprietary * `Network Protective` same as *Protective* but also triggers with network interaction * `Uncategorized` means that license was not found in a package info or was not categorised in terms of linking; feel free to contribute to license categorisation; **Note:** that even permissive licenses have some restrictions. Check the following slide and article to learn about license compatibility: ![](https://www.dwheeler.com/essays/floss-license-slide-image.png) [The Free-Libre / Open Source Software (FLOSS) License Slide](https://www.dwheeler.com/essays/floss-license-slide.html) ### Menu options * **Install** runs `npm install` with the same arguments * **Impact** takes onto account already installed dependencies and shows relative impact. It behaves differently, depending on `--save` or `--save-dev` option. The second one takes into account already installed `dependencies` and `devDepenedencies`. * **Details** prints dependencies graph * **Skip** cancels `npm install`; no changes in your project will apply.