Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
gitify-dependencies
Advanced tools
CLI tool for replacing node dependencies with their respective git repositories
CLI tool for replacing node dependencies with their respective git repositories.
npm install -g gitify-dependencies
gitify-deps [--options]
Flag | Environment variable | Description | Allowed values | Default value |
---|---|---|---|---|
--checkout-tags -c | CHECKOUT_TAGS | If a dependency is already a git repo, the CLI will just "git checkout" the version specified in npm-shrinkwrap.json . | 'yes', 'no' | 'no' |
--gitify-url-pattern -p | GITIFY_URL_PATTERN | Specify a pattern that gets matched against the package's url. Please note, that you must either set this flag or the environment variable! | none | none |
--node-projects-dir -d | NODE_PROJECTS_DIR | Set a path which will keep the git repository's data. | none | $HOME/.gitify |
This tool walks through your npm-shrinkwrap.json
file and does the following things for every dependency (and it's sub-dependencies):
{NODE_PROJECTS_DIR}/{name of the dependency}
.node_modules
directory if present.{NODE_PROJECTS_DIR}/{name of the dependency}
.node_modules
.In practice you can treat this like a sort of "linked clone" of the original repo. Objects and refs (branches and tags) will be shared between all workdirs, but each one will have it's own working tree, HEAD, and index (staging area). One caveat is that only the git repository is synced, making changes and commiting in one workdir doesn't affect the files in another workdir. Use feature branches
More information about workdirs:
FAQs
CLI tool for replacing node dependencies with their respective git repositories
We found that gitify-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.