Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
lifion-verify-deps
Advanced tools
Changelog
v2.0.1 (2021-12-13)
#244
: Bring develop up to date#242
: Add fix to properly handle versions with ~ and locked versions4e1c194
: Refactor unit tests to avoid virtual path mocking5b3c48e
: Test path structureb9f3791
: Refactored external commands out of index.js into utils64b95fd
: Add coverage exception for util files5814b9a
: Update package-lockc7af116
: All unit tests refactored and pass658c43f
: Update package-lock45ee622
: Add badges and update workflowsfc59855
: Fix skipped unit tests7e41f3b
: Refactor to exclude only command executionb5ce7d9
: Remove extra spacingb931e29
: Attempt at refactoring module exportdc1d1a1
: Bring develop upto date6690169
: Test path structure788b681
: Fix types782eb1f
: Move test helpers outside of lib9da2413
: Add documentation322ace1
: Fix typo in filename007052f
: Remove redundant directory name variables3c92420
: Update package-locke08c7e3
: Test path structuref5e5b48
: Workaround to fix failing virtual mocks on windowsa6e4eaf
: Workaround to fix failing virtual mocks on windowsb672f89
: Remove debug logs314f738
: Remove redandant asynca69a47e
: Test path structureb4cc5d8
: Workaround to fix failing virtual mocks on windows6fdbe7b
: Fix error documentation for util files9a35936
: Workaround to fix failing virtual mocks on windows5e69808
: Reformatted .eslintrc0177181
: Add missing description for object parameterdd2e98d
: Updated README3c3fa37
: Uninstall chance8c8ed33
: Put back report coverageb3af94f
: Temporarely remove coverage report47c4a6f
: Remove debug logs00898cf
: Test path structureef90aa1
: Put back node 14653ac82
: Test ndoe 16, 17 only30149df
: Remove debug commentb8090fa
: Remove debug log3db1cc5
: Remove TODOReadme
Verifies that installed NPM modules are the latest currently available version.
To install the module:
npm install lifion-verify-deps --global
To run command:
lifion-verify-deps
To use as module:
const verifyDeps = require('lifion-verify-deps');
verifyDeps({ dir: './path-to/project-directory' })
.then(() => /* all installed packages up to date */)
.catch((err) => /* there are packages to be updated */)
Promise.<Array.<string>>
Promise.<string>
Promise.<string>
string
| null
Array.<Promise.<PackageStatus>>
string
Object.<string, string>
| Object
Verifies the dependencies listed in the package.json of the given directory.
Kind: Exported function
Param | Type | Default | Description |
---|---|---|---|
[options] | Object | Optional parameters. | |
[options.autoUpgrade] | boolean | false | Automatically upgrade all suggested dependencies. |
[options.dir] | string | The path where to look for the package.json file. | |
[options.logger] | Logger | A logger instance, with a similar API as the console object. |
Validates package name.
Kind: inner method of verifyDeps
Throws:
Error
- Package name is invalid.Param | Type | Description |
---|---|---|
name | string | Package name. |
Promise.<Array.<string>>
Gets available versions for provided package name.
Kind: inner method of verifyDeps
Returns: Promise.<Array.<string>>
- - List of available versions.
Throws:
Error
- Output failed JSON parse.Param | Type | Description |
---|---|---|
name | string | Package name. |
Promise.<string>
Gets latest tag from provided package name.
Kind: inner method of verifyDeps
Returns: Promise.<string>
- - Return latest version, if latest tag exists.
Throws:
Error
- Output failed JSON parse.Param | Type | Description |
---|---|---|
name | string | Package name. |
Promise.<string>
Finds valid upgrade version of the provided package name.
Kind: inner method of verifyDeps
Returns: Promise.<string>
- - Valid upgrade version.
Throws:
Error
- Outdated version in package.json, version was likely unpublished.Param | Type | Description |
---|---|---|
name | string | Package name. |
wanted | string | Package version. |
string
| null
Gets currently installed version for provided package name.
Kind: inner method of verifyDeps
Returns: string
| null
- - Installed version or null if not installed.
Throws:
Error
- Unable to find installed versions, try installing node modules by running npm i
.Param | Type | Description |
---|---|---|
currentDir | string | Path to package.json directory. |
name | string | Package name. |
logger | Logger | Logger flag. |
Array.<Promise.<PackageStatus>>
Builds list of packages to update.
Kind: inner method of verifyDeps
Returns: Array.<Promise.<PackageStatus>>
- - NPM package state.
Param | Type | Description |
---|---|---|
params | Object | Object with parameters. |
params.deps | Object.<string, string> | List of dependencies. |
params.dir | string | Directory location. |
params.logger | Logger | Logging tool. |
params.type | string | Type of dependency. |
string
Formats package name for installation.
Kind: inner method of verifyDeps
Returns: string
- - Concatenated 'name@latest' for provided package.
Param | Type | Description |
---|---|---|
filteredPkgs | Array.<PackageStatus> | Package properties. |
Object.<string, string>
| Object
Filters out dependencies with locked versions.
Kind: inner method of verifyDeps
Returns: Object.<string, string>
| Object
- List of dependencies excluding locked semver versions.
Param | Type | Description |
---|---|---|
deps | Object.<string, string> | List of dependencies. |
FAQs
Verifies that installed NPM modules are the latest currently available version.
The npm package lifion-verify-deps receives a total of 0 weekly downloads. As such, lifion-verify-deps popularity was classified as not popular.
We found that lifion-verify-deps demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.