The NodeSource Certified Modules command line utility
nscm is a simple utility for NodeSource Certified Modules that can be used to easily authenticate with your Certified Modules registry, to whitelist pacakges that fail certification, and to generate a detailed report about current project and the modules it depends on.
You can install it from npm by running:
$ npm install -g nscm
This tool is meant to be used in the root folder of an application where the package.json file exists.
Usage: nscm [command] [options]
Commands:
config, c Configure nscm options
help Display help
report, r Get a report of your packages
signin, s, login Sign in to nscm
signout, o, logout Sign out of nscm
verify Verify if all packages are certified
whitelist, w Whitelist your packages
Options:
-C, --certified Shows only certified packages
-c, --concurrency <n> Concurrency of requests (defaults to 15)
-d, --dot Formats the report in Graphiz dot (disabled by default)
-f, --failed Shows only packages that failed certification (disabled by default)
-g, --github Sign in using GitHub SSO (disabled by default)
-G, --google Sign in using Google SSO (disabled by default)
-h, --help Output usage information
-j, --json Formats the report in JSON (disabled by default)
-o, --output Save report to file (disabled by default)
-p, --production Only check production (disabled by default)
-r, --registry Certified modules registry (defaults to "")
-s, --svg Formats the report in SVG (disabled by default)
-t, --token Token for registry authentication (defaults to "")
-v, --version Output the version number
Additional Help
Add -h to the 'config' or 'whitelist' commands for additional help concerning those commands.
nscm config -h
nscm whitelist -h
nscm report (default)Returns a report of matching certified packages and their certification scores.
$ nscm report
please wait while we process the information
┌────────────────────────────────────┬───────────────┬────────┐
│ Package │ Version │ Score │
├────────────────────────────────────┼───────────────┼────────┤
│ body-parser │ 1.15.2 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ debug │ 2.2.0 │ 70 │
├────────────────────────────────────┼───────────────┼────────┤
│ ms │ 0.7.1 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ bytes │ 2.4.0 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ content-type │ 1.0.2 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ depd │ 1.1.0 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ http-errors │ 1.5.1 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ inherits │ 2.0.3 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
You can also pass --json to return the report in JSON format,
--svg to return the report in SVG format, or
--dot to return the report in Graphviz DOT format.
Use --production to return only dependencies and not devDependencies and
--output to save a file (.json or .svg) for generated report.
If you want to filter the output you can use
--certified to show only certified packages or
--failed to show only packages that failed certification.
$ nscm report --production --json
please wait while we process the information
[
{
"name": "body-parser",
"version": "1.15.2",
"from": "1.15.2 <1.16.0",
"score": 100
},
{
"name": "debug",
"version": "2.2.0",
"from": ">=2.2.0 <2.3.0",
"score": 70
},
{
"name": "ms",
"version": "0.7.1",
"from": "0.7.1",
"score": 100
},
{
"name": "bytes",
"version": "2.4.0",
"from": "2.4.0",
"score": 100
},
...
nscm whitelistCheck which packages aren’t certified, and start an interactive prompt to add packages to the whitelist.
$ nscm whitelist
please wait while we process the information
37 packages aren't certified, do you want to add them to the whitelist?
? add [email protected] Yes
? add [email protected] Yes
? add [email protected] No
? add [email protected] No
? add [email protected] (ynaH) All
┌────────────────────────────────────┬───────────────┬────────┐
│ Package │ Version │ Score │
├────────────────────────────────────┼───────────────┼────────┤
│ debug │ 2.2.0 │ 70 │
├────────────────────────────────────┼───────────────┼────────┤
│ setprototypeof │ 1.0.2 │ │
├────────────────────────────────────┼───────────────┼────────┤
...
├────────────────────────────────────┼───────────────┼────────┤
│ source-list-map │ 0.1.8 │ │
├────────────────────────────────────┼───────────────┼────────┤
│ webpack-core │ 0.6.9 │ │
└────────────────────────────────────┴───────────────┴────────┘
35 packages added to the whitelist
You can also pass --all to add all the packages to the whitelist and --json to return the packages in a JSON format.
nscm whitelist addAdd a package and its dependencies to the whitelist.
$ nscm whitelist add [email protected]
If you pass only the package name, nscm will use latest. You can also pass a semver range or a specific version. If a semver range is passed it will be resolved to the highest published version that matches the range.
nscm whitelist deleteDelete a package from the whitelist.
$ nscm whitelist delete debug
nscm whitelist listLists all whitelisted packages.
$ nscm whitelist list
┌────────────────────────────────────┬───────────────┬────────┐
│ Package │ Version │ Score │
├────────────────────────────────────┼───────────────┼────────┤
│ acorn │ 4.0.1 │ │
├────────────────────────────────────┼───────────────┼────────┤
│ isarray │ 2.0.1 │ │
└────────────────────────────────────┴───────────────┴────────┘
2 packages in the whitelist
nscm whitelist resetRemoves all whitelisted packages.
nscm configtoken - Authentication Token. If not specified, it will be fetched from ~/.npmrc - requiredregistry - Private NodeSource Certified Modules registry URL. If not specified, it will be fetched from ~/.npmrc - requiredconcurrency - Concurrency of requests to package registry - default: 15nscm config set <key> <value>Modify the specified configuration option.
$ nscm config set concurrency 10
nscm config getGets a configuration option
$ nscm config get registry
https://{registryId}.registry.nodesource.io
nscm config deleteDeletes a configuration option.
$ nscm config delete token
nscm config listList all configuration options.
$ nscm config list
concurrency = 15
registry = https://{registryId}.registry.nodesource.io
nscm config resetReset all configuration options to default values.
$ nscm config reset
| Nathan White | GitHub/nw | Twitter/@_nw_ |
|---|---|---|
| Julián Duque | GitHub/julianduque | Twitter/@julian_duque |
| Adrián Estrada | GitHub/edsadr | Twitter/@edsadr |
| Max Harris | GitHub/maxharris9 | Twitter/@maxharris9 |
| Tierney Cyren | GitHub/bnb | Twitter/@bitandbang |
| Giovanny Gongora | GitHub/Gioyik | Twitter/@Gioyik |
Contributions are welcomed from anyone wanting to improve this project!
nscm is Copyright © 2017 NodeSource and licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.