Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
odoo-analyse
Analyse tool for odoo modules
Installation
Install the module with the ability to render graphs:
apt install cloc graphviz
npm install -g eslintcc # required for JS complexity
pip3 install "odoo-analyse[graph]"
Usage
odoo_analyse --help
Read in modules
--config /path/to/odoo.cfg .. Load modules using an odoo configuration file
--path /path/to/modules .. Load modules within a directory
--load /path/to/data.json .. Load the modules from a previously stored data file
Or if you want to load the file from stdin:
--load - .. Loads the data from the module analysis directly from the stdin
Save the loaded modules
-s /path/to/data.json .. Store the loaded modules in a file
Or if you want to output it to stdout:
-s - .. Output the loaded modules to stdout
Filtering
--modules '*' .. Only show modules with a matching name
--models '*' .. Only show models with a matching name
--views '*' .. Only show views with a matching name
--path-filter '*' .. Only modules with a matching file path
--test-filter .. Include module starting with test_
--estimate-state .. Estimate the state of a module (installed/uninstalled) only using dependencies and auto_install flags.
--state-filter installed .. Only modules with a specific state. This connects to a database to determine the state of a module. The connection information are extracted from a configuration file or using the database parameters
--full-graph .. If set all the above filters are only used for the starting nodes and not for the base modules
Module graph
Use atleast one of the following --show-* options to show a module graph.
--show-dependency .. Show module dependencies from the manifests
--show-import .. Show imports of module from other modules
--show-reference .. Show XML references of modules from other modules
--migration '*' .. Color all modules with a matching version
Database
These options can be used to extract instance specific information about modules such as installation state to be used in filters.
--db-host host .. Host on which the database is running
--db-port 5432 .. Port on which the database is running
--db-name odoo .. Name of the database
--db-user user .. Name of the user to access the database
--db-password .. If specified a password prompt will ask for the password to connect to the database
Skipping
These options control what is analysed and can result in a faster analyse.
--skip-all .. All of the below
--skip-assets .. Skip analysing assets (JS, CSS, Web Templates, ...)
--skip-data .. Skip analysing CSV and XML data
--skip-language .. Skip analysing the lines of code
--skip-python .. Skip analysing python files (controllers, models, ...)
--skip-readme .. Skip reading the readme files
Examples
Usage as library
If you'd like to import the package and use it within a Odoo module you can add it as an import and call the options:
>>> from odoo_analyse import Odoo
>>> odoo = Odoo.from_path(".")
>>> odoo["auth_session_timeout"].models
{'ir.http': <Model: ir.http>, 'ir.config_parameter': <Model: ir.config_parameter>, 'res.users': <Model: res.users>}
>>> odoo["auth_session_timeout"].manifest
{"auth_session_timeout": {"path": "/x/y/z", "name": "auth_session_timeout", ...}}
Usage as command line tool
# Analyse all modules in a folder and create a module dependency graph to module.gv.pdf
$ odoo_analyse -p /path/to/modules --show-dependency
# Analyse all available modules of an Odoo instance and save it to a json file for later usage
$ odoo_analyse -c /path/to/odoo.cfg -s /path/to/cache.json
The following examples are using a previously created cache file.
# Create the dependency graph of all modules starting with `sale_`
$ odoo_analyse -l /path/to/cache.json --modules 'sale_*' --show-dependency
# Create the full dependency graph of all modules starting with `sale_`
$ odoo_analyse -l /path/to/cache.json --modules 'sale_*' --show-dependency --full-graph
# Connect to the database from the odoo.cfg and create the dependency graph of all installed modules
$ odoo_analyse -l /path/to/cache.json -c /path/to/odoo.cfg --state-filter installed --show-dependency
# Estimate the state using the module dependencies and auto_install flags based on the `modules` given via stdin. Output the analysed installed modules to `analyse.json`.
$ cat modules.txt | odoo_analyse -p odoo --modules - --analyse analyse.json --estimate-state --state-filter installed
FAQs
Package to analyse odoo modules
We found that odoo-analyse demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025