Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github-package-analyzer

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github-package-analyzer

Analyze GitHub repositories for package implementation and code quality

latest
npmnpm
Version
0.0.4
Version published
Weekly downloads
1
Maintainers
1
Weekly downloads
 
Created
Source

GitHub Package Analyzer 🔍

A powerful tool to analyze GitHub repositories for package implementation and code quality using the GitHub API and OpenAI's GPT models. Evaluate your dependencies, verify implementations, and get AI-powered suggestions for improvement.

✨ Features

  • 📦 Comprehensive Package Analysis

    • Scans package.json for declared dependencies
    • Verifies actual implementation in codebase
    • Custom pattern matching for different package types
    • Extensible package detection patterns

  • 🤖 AI-Powered Code Analysis

    • Code quality evaluation using OpenAI GPT models
    • Implementation quality scoring
    • Best practices validation
    • Security assessment
    • Performance optimization suggestions

  • 📊 Detailed Reporting

    • Overall repository health score
    • Package-by-package analysis
    • Implementation quality metrics
    • Actionable improvement suggestions
    • Letter grade assignments

  • 🔄 Repository Tools

    • Full repository structure traversal
    • Intelligent file filtering
    • Multi-file code analysis
    • Dependency validation

📥 Installation

npm install github-package-analyzer

⚙️ Configuration

You'll need to provide authentication tokens:

const analyzer = new PackageAnalyzer({
    githubToken: process.env.GITHUB_TOKEN,  // GitHub Personal Access Token
    openaiKey: process.env.OPENAI_API_KEY   // OpenAI API Key
});

🚀 Usage

Basic Example

const PackageAnalyzer = require('github-package-analyzer');
const dotenv = require('dotenv');

dotenv.config();

async function main() {
    const analyzer = new PackageAnalyzer({
        githubToken: process.env.GITHUB_TOKEN,
        openaiKey: process.env.OPENAI_API_KEY
    });
    
    const result = await analyzer.analyze('owner', 'repo', ['react', 'express']);
    console.log(JSON.stringify(result, null, 2));
}

main().catch(console.error);

Extended Example with Custom Patterns

const PackageAnalyzer = require('github-package-analyzer');
const dotenv = require('dotenv');

dotenv.config();

async function analyzeFullStack() {
    // Define custom patterns for various frameworks and libraries
    const customPatterns = {
        'next': {
            filePatterns: ['.js', '.ts', '.jsx', '.tsx'],
            codePatterns: [
                'from "next"',
                'from "next/app"',
                'from "next/document"',
                'from "next/router"'
            ]
        },
        'prisma': {
            filePatterns: ['.ts', '.js'],
            codePatterns: [
                'from "@prisma/client"',
                'new PrismaClient',
                'prisma.$connect'
            ]
        },
        'tailwind': {
            filePatterns: ['.css', '.config.js'],
            codePatterns: [
                'tailwind.config',
                '@tailwind base',
                '@tailwind components',
                '@tailwind utilities'
            ]
        },
        'jest': {
            filePatterns: ['.test.js', '.spec.js', '.test.ts', '.spec.ts'],
            codePatterns: [
                'describe(',
                'test(',
                'it(',
                'expect(',
                'jest.mock'
            ]
        }
    };

    // Initialize analyzer with custom patterns
    const analyzer = new PackageAnalyzer({
        githubToken: process.env.GITHUB_TOKEN,
        openaiKey: process.env.OPENAI_API_KEY,
        patterns: customPatterns
    });

    try {
        // Analyze multiple aspects of a full-stack application
        const result = await analyzer.analyze(
            'owner',
            'repo',
            ['react', 'next', 'prisma', 'tailwind', 'jest']
        );

        // Generate detailed report
        console.log('Analysis Summary:');
        console.log('----------------');
        console.log(`Overall Grade: ${result.summary.grade}`);
        console.log(`Average Score: ${result.summary.averageScore}`);
        console.log('\nPackage Details:');
        
        result.details.dependencies.forEach(pkg => {
            console.log(`\n${pkg.package}:`);
            console.log(`  Installed: ${pkg.installed}`);
            console.log(`  Implemented: ${pkg.implementation}`);
            if (pkg.scores) {
                console.log(`  Code Quality: ${pkg.scores.codeQuality}`);
                console.log(`  Implementation Quality: ${pkg.scores.implementationQuality}`);
                console.log(`  Grade: ${pkg.grade}`);
            }
        });

        // Save detailed report to file
        const fs = require('fs');
        fs.writeFileSync(
            'analysis-report.json',
            JSON.stringify(result, null, 2)
        );

    } catch (error) {
        console.error('Analysis failed:', error);
    }
}

analyzeFullStack().catch(console.error);

📝 Analysis Features

The analyzer performs multiple levels of analysis:

1. Dependency Validation

  • Checks package.json for required dependencies
  • Validates both regular and dev dependencies
  • Reports missing or outdated packages

2. Implementation Detection

  • Scans codebase for actual package usage
  • Supports multiple file extensions
  • Custom pattern matching for different import styles

3. Code Quality Analysis

  • Best practices adherence
  • Error handling patterns
  • Performance optimization opportunities
  • Security vulnerability detection
  • Code organization and structure

4. Implementation Quality

  • Feature utilization assessment
  • Integration pattern analysis
  • Configuration validation
  • Package-specific best practices
  • Code efficiency metrics

📊 Output Format

The analyzer generates detailed reports in the following structure:

{
    "passed": true,
    "summary": {
        "totalScore": 85,
        "averageScore": 85,
        "grade": "B"
    },
    "details": {
        "dependencies": [],
        "implementation": [],
        "codeQuality": [],
        "suggestions": []
    }
}

🎯 Supported Packages

Built-in analysis patterns for:

  • React
  • Express

Add custom patterns by extending the configuration:

const customPatterns = {
    'packageName': {
        filePatterns: ['.ext1', '.ext2'],
        codePatterns: ['import pattern', 'require pattern']
    }
};

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request. See our contributing guidelines for more details.

📄 License

MIT License - see LICENSE file for details.

👤 Author

Tom Tarpey

🔒 Security

⚠️ Important: Never commit API keys or tokens to version control. Use environment variables or secure configuration management for sensitive credentials.

📚 Documentation

For detailed API documentation and advanced usage examples, visit our documentation.

FAQs

Package last updated on 15 Jan 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth

Security News

CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth

CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.

By Sarah Gooding  -  Jan 09, 2026