Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding - Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
@backstage/plugin-todo-backend
Advanced tools
@backstage/plugin-todo-backend
A Backstage backend plugin that lets you browse TODO comments in your source code
- Version
- 0.0.0-nightly-20240322021005
- Version published
- Weekly downloads
- 110 -99%
- Maintainers
- 3
Weekly downloads
- Created
@backstage/plugin-todo-backend
Backend for the @backstage/plugin-todo plugin. Assists in scanning for and listing // TODO comments in source code repositories.
Installation
Install the @backstage/plugin-todo-backend package in your backend packages, and then integrate the plugin using the following default setup for src/plugins/todo.ts:
import { Router } from 'express';
import { CatalogClient } from '@backstage/catalog-client';
import {
createRouter,
TodoReaderService,
TodoScmReader,
} from '@backstage/plugin-todo-backend';
import { PluginEnvironment } from '../types';
export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
const todoReader = TodoScmReader.fromConfig(env.config, {
logger: env.logger,
reader: env.reader,
});
const catalogClient = new CatalogClient({
discoveryApi: env.discovery,
});
const todoService = new TodoReaderService({
todoReader,
catalogClient,
});
return await createRouter({ todoService });
}
And then add to packages/backend/src/index.ts:
// In packages/backend/src/index.ts
import todo from './plugins/todo';
// ...
async function main() {
// ...
const todoEnv = useHotMemoize(module, () => createEnv('todo'));
// ...
apiRouter.use('/todo', await todo(todoEnv));
Scanned Files
The included TodoReaderService and TodoScmReader works by getting the entity source location from the catalog.
The location source code is determined automatically. In case of the source code of the component is not in the same place of the entity YAML file, you can explicitly set the value of the backstage.io/source-location annotation of the entity, and if that is missing it falls back to the backstage.io/managed-by-location annotation. Only url locations are currently supported, meaning locally configured file locations won't work. Also note that dot-files and folders are ignored.
Parser Configuration
The TodoScmReader accepts a TodoParser option, which can be used to configure your own parser. The default one is based on Leasot and supports a wide range of languages. You can add to the list of supported tags by configuring your own version of the built-in parser, for example:
import {
TodoScmReader,
createTodoParser,
} from '@backstage/plugin-todo-backend';
// ...
const todoReader = TodoScmReader.fromConfig(env.config, {
logger: env.logger,
reader: env.reader,
parser: createTodoParser({
additionalTags: ['NOTE', 'XXX'],
}),
});
FAQs
A Backstage backend plugin that lets you browse TODO comments in your source code
The npm package @backstage/plugin-todo-backend receives a total of 95 weekly downloads. As such, @backstage/plugin-todo-backend popularity was classified as not popular.
We found that @backstage/plugin-todo-backend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 22 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding - Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding - Oct 29, 2025