Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
npm-dep-info
Advanced tools
Readme
Generates a glimpse of descriptions for your dependencies in the package.json
npm install npm-dep-info -g
Have you ever got confused of what your NPM packages do? Sometimes it just can't be told by their names.
Example taken from exorcist's package.json
{
"name": "exorcist",
"dependencies": {
"minimist": "0.0.5",
"mold-source-map": "~0.3.0",
"nave": "~0.5.1"
},
"devDependencies": {
"tap": "~0.4.3",
"browserify": "~3.20.0",
"through2": "~0.4.0"
}
}
With npm-dep-info, you get a nice description of these packages:
{
"dependencies": {
"minimist": "parse argument options",
"mold-source-map": "Mold a source map that is almost perfect for you into one that is.",
"nave": "Virtual Environments for Node"
},
"devDependencies": {
"tap": "A Test-Anything-Protocol library",
"browserify": "browser-side require() the node way",
"through2": "A tiny wrapper around Node streams2 Transform to avoid explicit subclassing noise"
}
}
It can generate a Markdown file for you, too.
And a table output:
dependencies
┌─────────────────┬───────────────────────────────────────────────────────┐
│ name │ description │
├─────────────────┼───────────────────────────────────────────────────────┤
│ minimist │ parse argument options │
├─────────────────┼───────────────────────────────────────────────────────┤
│ mold-source-map │ Mold a source map that is almost perfect for you into │
│ │ one that is. │
├─────────────────┼───────────────────────────────────────────────────────┤
│ nave │ Virtual Environments for Node │
└─────────────────┴───────────────────────────────────────────────────────┘
...
Usage:
npm-dep-info [OPTIONS] [ARGS]
Options:
-M, --markdown Output as Markdown
-T, --table Output as table
-I, --include STRING Include extra properties from package.json of the
dependency (e.g. --include version,homepage)
-o, --output PATH Write output to file
-i, --input PATH Location of package.json (default ./)
Output a description from the current directory:
npm-dep-info
npm-dep-info -M # markdown
npm-dep-info -T # table
Output to file:
npm-dep-info -o dependencies.json
npm-dep-info > dependencies.json # pipe
Include extra info
npm-dep-info --include version,homepage # split by ","
FAQs
Generates a glimpse of descriptions for your dependencies in the package.json
The npm package npm-dep-info receives a total of 2 weekly downloads. As such, npm-dep-info popularity was classified as not popular.
We found that npm-dep-info demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.