@kalamazoo/code-insights
Advanced tools
@kalamazoo/code-insightsThis is a tool that can be run on you checkout OR on CI to report on code problems.
--commit The commit to publish insights on [default=current head]
--reporters The reporters to run [default=console]
--gitUrl The git url of the repo [default=current origin url]
--targetBranch The branch with which to compare the current branch, when git reporting is enabled can detect PR target branch. [default=master]
The tool is setup in a way that reports should be easy to add later. If you have a good idea for a report go for it and submit a PR!
This report compares the lock file of the current branch to the one on origin/master.
It then reports the new duplicate dependencies found compared to master.
This report requires origin/master to be available. If you're getting the following error:
Command failed: git show origin/master:package.json
fatal: Invalid object name 'origin/master'.
Your CI job is probably running on a shallow clone. This error can be fixed on bamboo with the following commands:
git remote set-url origin "${bamboo_planRepository_repositoryUrl}"
git fetch origin
The tool is setup in a way that reporters should be easy to add later. If you have a good idea for a report go for it and submit a PR!
This report uses the Bitbucket server code insights feature to show the code-insights report.
If this reporter is enabled and now targetBranch flag is provided, the reporter will try to detect the target branch of the PR the top commit is on. When targetting a different branch than master the report is generated using that branch instead.
Authentication for BB server is required. The following options are provided:
The recommended way of authentication
BITBUCKET_SERVER_TOKEN : the BB server API token
BITBUCKET_SERVER_USERNAME : Bitbucket Server Username
BITBUCKET_SERVER_PASSWORD : Bitbucket Server Password
This reporters just reports the result to the console. Handy when running locally.
FAQs
Code insights reporting tool for FE (mono)repo's.
We found that @kalamazoo/code-insights demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
Research
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
Security News
TeamPCP is partnering with ransomware group Vect to turn open source supply chain attacks on tools like Trivy and LiteLLM into large-scale ransomware operations.