Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
git-repo-info
Advanced tools
The git-repo-info npm package provides a simple way to gather information about a Git repository. It can be used to retrieve details such as the current branch, the latest commit hash, and other repository metadata.
Get Current Branch
This feature allows you to get the current branch name of the Git repository.
const gitRepoInfo = require('git-repo-info');
const info = gitRepoInfo();
console.log(info.branch);
Get Latest Commit Hash
This feature allows you to get the latest commit hash of the Git repository.
const gitRepoInfo = require('git-repo-info');
const info = gitRepoInfo();
console.log(info.sha);
Get Repository Root
This feature allows you to get the root directory of the Git repository.
const gitRepoInfo = require('git-repo-info');
const info = gitRepoInfo();
console.log(info.root);
Get Committer Date
This feature allows you to get the committer date of the latest commit in the Git repository.
const gitRepoInfo = require('git-repo-info');
const info = gitRepoInfo();
console.log(info.committerDate);
simple-git is a lightweight interface for running Git commands in any node.js application. It provides a more comprehensive set of Git functionalities compared to git-repo-info, including the ability to execute various Git commands programmatically.
nodegit is a native Node.js library that provides a high-level API for interacting with Git repositories. It offers extensive Git functionalities, including repository management, commit history, and branch operations, making it more feature-rich than git-repo-info.
isomorphic-git is a pure JavaScript implementation of Git that works in both Node.js and browser environments. It provides a wide range of Git functionalities, including cloning, committing, and pushing, making it a versatile alternative to git-repo-info.
Retrieves repo information without relying on the git
command.
var getRepoInfo = require('git-repo-info');
var info = getRepoInfo();
info.branch // current branch
info.sha // current sha
info.abbreviatedSha // first 10 chars of the current sha
info.tag // tag for the current sha (or `null` if no tag exists)
info.lastTag // tag for the closest tagged ancestor
// (or `null` if no ancestor is tagged)
info.commitsSinceLastTag // number of commits since the closest tagged ancestor
// (`0` if this commit is tagged, or `Infinity` if no ancestor is tagged)
info.committer // committer for the current sha
info.committerDate // commit date for the current sha
info.author // author for the current sha
info.authorDate // authored date for the current sha
info.commitMessage // commit message for the current sha
info.root // root directory for the Git repo or submodule
// (if in a worktree, this is the directory containing the original copy)
info.commonGitDir // directory containing Git metadata for this repo or submodule
// (if in a worktree, this is the primary Git directory for the repo)
info.worktreeGitDir // if in a worktree, the directory containing Git metadata specific to
// this worktree; otherwise, this is the same as `commonGitDir`.
When called without any arguments, git-repo-info
will automatically lookup upwards
into parent directories to find the first match with a .git
folder.
If passed an argument, it will be assumed to be the path to the repo's .git
folder
to inspect.
FAQs
Retrieve current sha and branch name from a git repo.
We found that git-repo-info demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.