New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

npm-research

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

npm-research

Nice little utility to help you research NPM packages.

latest
Source
npmnpm
Version
0.2.0
Version published
Maintainers
1
Created
Source

Node.js - npm-research

Nice little utility to help you research NPM packages.

Why?

You don't want to always reinvent the wheel do you? Neither do I. Well, this will help you research NPM packages a bit more. It does this by performing npm search and then parsing out the package names and retreiving the homepage and repository urls. It can then open up the repo urls in your browser. This way you can see how many stars the project has and investigate the quality of the code and documentation.

Installation

npm install -g npm-research

Usage

$ npm-research

npm-research [0.1.0]

  Usage: npm-research [some search terms...] [options]

  Options:

    -b, --browser   Open repos in browser
    -g, --gte [num]   Only display/open those who have a dependents greater than specified number i.e. more popular

Example

Perform basic research. Find the package name and description. Show the number of packages that depend upon the package. This way you can gauge popularity of the package.

$ npm-research string csv

Searching...

          name  deps    description
        a-csv   [0] :  A CSV parsing/stringify module
       csvrow   [0] :  parse a CSV row string
       string  [16] :  string contains methods that aren't included in the vanilla JavaScript string such as escaping HTML, decoding HTML entities, stripping tags, etc.

Done.

Example 2

Perform research, but filter out projects that have less than 1 depenedent. Open the repositories in your browser so that you can investigate the code.

$ npm-research string csv --gte 1 --browser

Searching...

          name  deps    description
       string  [16] :  string contains methods that aren't included in the vanilla JavaScript string such as escaping HTML, decoding HTML entities, stripping tags, etc.

Done.

Misc.

After each NPM package information is downloaded, it is then cached for two days. This information can be found in $HOME/.npm-research/packages.json.

Todo

Unfortunately npm search is slows balls and TJ Holowaychuk's npm-search isn't working right now. Maybe leverage Google search to speed things up?

License

(MIT License)

Copyright 2012, JP Richardson jprichardson@gmail.com

Keywords

npm
github
bitbucket
research
search
package

FAQs

Package last updated on 22 Nov 2012

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026