Feature idea: list dependencies from certain maintainers

Question

Feature idea: list dependencies from certain maintainers

Opened this issue 5 months ago · 5 comments

Let's say, hypothetically, we got concerning results from running npx dependency-maintainers, we found one account that is a maintainer in a suspiciously large number of dependencies we use, and we would like to dig in deeper.

It would be cool if we could just:

npx dependency-maintainers --list-deps-by=ljharb

(contributor name chosen at random)

and get the list of dependencies we use and they maintain.

Answer 1 · 2024-06-23T14:34:33.000Z

I love this idea!

Personally, I'd use this feature to find which deps are releasable by people I know have gone MIA in particular sub communities and maybe adjust who has release access

Answer 2 · 2024-06-26T19:02:55.000Z

Here's an implementation being shared under MIT license. It has my name hardcoded, so you'll have to update it to take an input. It also has an -r option to run recursively in a monorepo

maintainer.js.txt

Answer 3 · 2024-06-26T22:27:36.000Z

shared under MIT license

only reason this tool is GPL-3.0 is because I don't think it should be a part of anyone's closed-source product (of course, I would never know -- honor system, basically))

It also has an -r

I commented on #9, and I would be happy to take a PR that adds this feature using @manypkg/get-packages 🎉

Answer 4 · 2024-06-26T22:53:44.000Z

It's not my script, so we'd have to ask @bluwy if he's okay licensing it here under GPL 3

Answer 5 · 2024-06-27T02:59:16.000Z

I don't mind if you'd use all or some of the code, per the MIT license it should be acceptable to be re-licensed under GPL 3. Would appreciate a link to the repo or source code if so, but not strictly something I'd enforce.