Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

analyze-ember-project-dependencies

Package Overview
Dependencies
Maintainers
0
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

analyze-ember-project-dependencies

Analyze dependencies of an Ember project

  • 0.4.4
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
0
Created
Source

analyze-ember-project-dependencies

Analyze dependencies of an Ember project

  1. Why use it?
  2. Usage
  3. Compatibility
  4. Contributing
  5. License

Why use it?

Both Embroider and pnpm ask that packages declare their dependencies correctly. The codemod (really, a linter) performs a static code analysis so that you can easily find missing and unused dependencies.

For more information, see Fixing Package Dependencies.

Usage

Step 1. Run the codemod (e.g. at the workspace root of a monorepo).

cd <path/to/your/project>
npx analyze-ember-project-dependencies

Step 2. Check the output for true positives.

Arguments

Optional: Specify the component structure

By default, apps and addons follow the flat component structure for components. Pass --component-structure to indicate otherwise.

npx analyze-ember-project-dependencies --component-structure nested
Optional: Specify the project root

Pass --root to run the codemod somewhere else (i.e. not in the current directory).

npx analyze-ember-project-dependencies --root <path/to/your/project>

Limitations

The codemod is designed to cover typical cases. It is not designed to cover one-off cases.

To better meet your needs, consider cloning the repo and running the codemod locally.

cd <path/to/cloned/repo>

# Compile TypeScript
pnpm build

# Run codemod
./dist/bin/analyze-ember-project-dependencies.js --root <path/to/your/project>

[!IMPORTANT]

The codemod uses a list called KNOWN_ENTITIES to analyze implicit code. The list accounts for packages that live outside of your project. It isn't meant to be (and doesn't have to be) exhaustive.

You can modify KNOWN_ENTITIES to get more accurate results.

src/utils/find-entities/known-entities.ts 
const KNOWN_ENTITIES = new Map<PackageName, Partial<ProjectDataEntities>>([
  [
    '@ember/render-modifiers',
    {
      modifiers: ['did-insert', 'did-update', 'will-destroy'],
    },
  ],

  // ...
]);

Compatibility

  • Node.js v18 or above

Contributing

See the Contributing guide for details.

License

This project is licensed under the MIT License.

Keywords

FAQs

Package last updated on 12 Nov 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc