Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@tromgy/npm-tree
Advanced tools
Readme
A tool to aid in analyzing npm (or yarn) package dependencies.
It can be used either as a command-line utility, or as a pure online solution, available at https://npm-tree.netlify.app.
Requires version of Node 12 or newer and npm 6 or newer. Tested with Node versions 12.18.0 and 14.15.5, npm versions 6.14.4 and 7.6.1
To run it as a command-line tool you can install it globally:
npm install @tromgy/npm-tree -g
and run it in your project directory (the one that contains package.json):
npm-tree
or run it via npx (also in your project directory):
npx @tromgy/npm-tree
When you run it, it will create an HTML file containing the same dependency information as the output from npm list, but in a collapsible, searchable tree and display this HTML file in your default browser:
This file is removed automatically once it's loaded in the browser.
If you want to keep the file and open it later, use the --save option:
npm-tree --save
If you use drive mapping via the subst command on Windows and try to run npm-tree from such mapped drive, it will not be able to open your default browser unless you also add the correspoding mapping to the following registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices]
To use it online, you can just drop the text file containing the output from npm list or yarn list:
It will be processed right in the browser and the same searchable tree will be shown.
FAQs
A convenience tool on top of 'npm list'. Presents the the dependent packages in a collapsible tree with search and dependency path capabilities.
The npm package @tromgy/npm-tree receives a total of 6 weekly downloads. As such, @tromgy/npm-tree popularity was classified as not popular.
We found that @tromgy/npm-tree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.