adviser-plugin-dependencies
Advanced tools
Plugin for adviser that contains rules related to dependencies in the package.json
You'll first need to install Adviser:
$ npm i adviser --save-dev
Next, install adviser-plugin-dependencies:
$ npm install adviser-plugin-dependencies --save-dev
Note: If you installed Adviser globally (using the -g flag) then you must also install adviser-plugin-dependencies globally.
Add dependencies to the plugins section of your .adviserrc configuration file. You can omit the adviser-plugin- prefix:
{
"plugins": ["dependencies"]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"dependencies/min-vulnerabilities-allow": ["error", { "level": "low", "skip": ["780"] }]
}
}
If you don't have a .adviserrc you can create one running $ adviser --init
{
"plugins": ["dependencies"],
"rules": {
"dependencies/min-vulnerabilities-allow": ["error", { "level": "high", "skip": ["780"] }],
"dependencies/licenses-allowlist": [
"warn",
{ "allowlist": ["MIT", "ISC", "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause"] }
],
"dependencies/not-allowed-packages": ["error", { "packages": ["jquery", "lodash", "kill-port", "la-tata"] }],
"dependencies/outdated-packages": ["warn", { "criteria": "major", "exclude": [] }]
}
}
If you would like to contribute and later on test your changes there are a couple ways explained below.
The package (adviser-plugin-dependencies) is setup to run tests under the folder __tests__ with Jest. Save your tests there and they will run before push code and by travis once the PR is created.
To run your rules with adviser, we recommend you to create an empty folder (We have one under ./examples/integration) with:
adviser configuration file. You can grab the example in this README or generate one using $ adviser --init (adviser must be installed globally or using npx)$ npm link in the adviser-plugin-dependencies root$ npm link adviser-plugin-dependencies in the example project rootFAQs
Adviser plugin to keep healthy dependecies
The npm package adviser-plugin-dependencies receives a total of 60 weekly downloads. As such, adviser-plugin-dependencies popularity was classified as not popular.
We found that adviser-plugin-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.