A tool allowing Rocketmakers to detect bitrot in projects.
The main focus of this tool is to notify about versions becoming outdated over time.
To setup this in your project you will need to:
Add yaml extension from vscode marketplace
Add the below to .vscode/settings.json in the root of your project
"yaml.schemas": {
"node_modules/bitrot/schema.json": "bitrot.yaml",
},
Add bitrot.yaml to the root of your project using node_modules/bitrot/schema.json to validate/help, an example is below:
projects:
- name: 'backend'
path: 'backend'
tags: ['node']
justifications:
- rule: 'pkg:npm/mocha'
reason: 'Not switched to Jest yet'
This can then be ran using npx @rocketmakers/bitrot which if not installed will run the latest version. If you install bitrot as a package you will be locked to a specific version and will not receive rule updates.
FAQs
A tool for checking for version drift of packages over time.
The npm package bitrot receives a total of 0 weekly downloads. As such, bitrot popularity was classified as not popular.
We found that bitrot demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.