adviser-plugin-dependencies
Advanced tools
Plugin for adviser that contains rules related to dependencies in the package.json
You'll first need to install Adviser:
$ npm i adviser --save-dev
Next, install adviser-plugin-dependencies:
$ npm install adviser-plugin-dependencies --save-dev
Note: If you installed Adviser globally (using the -g flag) then you must also install adviser-plugin-dependencies globally.
Add dependencies to the plugins section of your .adviserrc configuration file. You can omit the adviser-plugin- prefix:
{
"plugins": ["dependencies"]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"dependencies/min-vulnerabilities-allow": ["error", { "level": "low", "skip": ["780"] }]
}
}
If you don't have a .adviserrc you can create one running $ adviser --init
{
"plugins": ["dependencies"],
"rules": {
"dependencies/min-vulnerabilities-allow": ["error", { "level": "high", "skip": ["780"] }],
"dependencies/licenses-allowlist": [
"warn",
{ "allowlist": ["MIT", "ISC", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause"] }
],
"dependencies/not-allowed-packages": ["error", { "packages": ["jquery", "lodash", "kill-port", "la-tata"] }],
"dependencies/outdated-packages": ["warn", { "criteria": "major", "exclude": [] }]
}
}
If you would like to contribute and later on test your changes there are a couple ways explained below.
The package (adviser-plugin-dependencies) is setup to run tests under the folder __tests__ with Jest. Save your tests there and they will run before push code and by travis once the PR is created.
To run your rules with adviser, we recommend you to create an empty folder (We have one under ./examples/integration) with:
adviser configuration file. You can grab the example in this README or generate one using $ adviser --init (adviser must be installed globally or using npx)$ npm link in the adviser-plugin-dependencies root$ npm link adviser-plugin-dependencies in the example project rootFAQs
Adviser plugin to keep healthy dependecies
We found that adviser-plugin-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.