nscm - the CLI Utility for NodeSource Certified Modules
nscm is a simple utility for NodeSource Certified Modules that can be used to easily authenticate with your Certified Modules registry, to whitelist pacakges that fail certification, and to generate a detailed report about current project and the modules it depends on.
You can install it from npm by running:
$ npm install -g nscm
This tool is meant to be used in the root folder of an application where the package.json file exists.
Usage: nscm [command] [options]
Commands:
config, c Configure nscm options
help Display help
report, r Get a report of your packages
signin, s, login Sign in to nscm
signout, o, logout Sign out of nscm
verify Verify if all packages are certified
whitelist, w Whitelist your packages
Options:
-C, --certified Shows only certified packages
-c, --concurrency <n> Concurrency of requests (defaults to 15)
-d, --dot Formats the report in Graphiz dot (disabled by default)
-f, --failed Shows only packages that failed certification (disabled by default)
-g, --github Sign in using GitHub SSO (disabled by default)
-G, --google Sign in using Google SSO (disabled by default)
-h, --help Output usage information
-j, --json Formats the report in JSON (disabled by default)
-o, --output Save report to file (disabled by default)
-p, --production Only check production (disabled by default)
-r, --registry Certified modules registry (defaults to "")
-s, --svg Formats the report in SVG (disabled by default)
-t, --token Token for registry authentication (defaults to "")
-v, --version Output the version number
Additional Help
Add -h to the 'config' or 'whitelist' commands for additional help concerning those commands.
nscm config -h
nscm whitelist -h
Returns a report of matching certified packages and their certification scores.
$ nscm report
please wait while we process the information
┌────────────────────────────────────┬───────────────┬────────┐
│ Package │ Version │ Score │
├────────────────────────────────────┼───────────────┼────────┤
│ body-parser │ 1.15.2 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ debug │ 2.2.0 │ 70 │
├────────────────────────────────────┼───────────────┼────────┤
│ ms │ 0.7.1 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ bytes │ 2.4.0 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ content-type │ 1.0.2 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ depd │ 1.1.0 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ http-errors │ 1.5.1 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
│ inherits │ 2.0.3 │ 100 │
├────────────────────────────────────┼───────────────┼────────┤
You can also pass --json to return the report in JSON format,
--svg to return the report in SVG format, or
--dot to return the report in Graphviz DOT format.
Use --production to return only dependencies and not devDependencies and
--output to save a file (.json or .svg) for generated report.
If you want to filter the output you can use
--certified to show only certified packages or
--failed to show only packages that failed certification.
$ nscm report --production --json
please wait while we process the information
[
{
"name": "body-parser",
"version": "1.15.2",
"from": "1.15.2 <1.16.0",
"score": 100
},
{
"name": "debug",
"version": "2.2.0",
"from": ">=2.2.0 <2.3.0",
"score": 70
},
{
"name": "ms",
"version": "0.7.1",
"from": "0.7.1",
"score": 100
},
{
"name": "bytes",
"version": "2.4.0",
"from": "2.4.0",
"score": 100
},
...
Check which packages aren't certified, and start an interactive prompt to add packages to the whitelist.
$ nscm whitelist
please wait while we process the information
37 packages aren't certified, do you want to add them to the whitelist?
? add debug@2.2.0 Yes
? add setprototypeof@1.0.2 Yes
? add statuses@1.3.1 No
? add ee-first@1.1.1 No
? add unpipe@1.0.0 (ynaH) All
┌────────────────────────────────────┬───────────────┬────────┐
│ Package │ Version │ Score │
├────────────────────────────────────┼───────────────┼────────┤
│ debug │ 2.2.0 │ 70 │
├────────────────────────────────────┼───────────────┼────────┤
│ setprototypeof │ 1.0.2 │ │
├────────────────────────────────────┼───────────────┼────────┤
...
├────────────────────────────────────┼───────────────┼────────┤
│ source-list-map │ 0.1.8 │ │
├────────────────────────────────────┼───────────────┼────────┤
│ webpack-core │ 0.6.9 │ │
└────────────────────────────────────┴───────────────┴────────┘
35 packages added to the whitelist
You can also pass --all to add all the packages to the whitelist and --json to return the packages in a JSON format.
Add a package and its dependencies to the whitelist.
$ nscm whitelist add debug@2.x
If you pass only the package name, nscm will use latest. You can also pass a semver range or a specific version. If a semver range is passed it will be resolved to the highest published version that matches the range.
Delete a package from the whitelist.
$ nscm whitelist delete debug
Lists all whitelisted packages.
$ nscm whitelist list
┌────────────────────────────────────┬───────────────┬────────┐
│ Package │ Version │ Score │
├────────────────────────────────────┼───────────────┼────────┤
│ acorn │ 4.0.1 │ │
├────────────────────────────────────┼───────────────┼────────┤
│ isarray │ 2.0.1 │ │
└────────────────────────────────────┴───────────────┴────────┘
2 packages in the whitelist
Removes all whitelisted packages.
token- Authentication Token. If not specified, it will be fetched from~/.npmrc- requiredregistry- Private NodeSource Certified Modules registry URL. If not specified, it will be fetched from~/.npmrc- requiredconcurrency- Concurrency of requests to package registry - default: 15
Modify the specified configuration option.
$ nscm config set concurrency 10
Gets a configuration option
$ nscm config get registry
https://{registryId}.registry.nodesource.io
Deletes a configuration option.
$ nscm config delete token
List all configuration options.
$ nscm config list
concurrency = 15
registry = https://{registryId}.registry.nodesource.io
Reset all configuration options to default values.
$ nscm config reset
| Nathan White | GitHub/nw | Twitter/@_nw_ |
|---|---|---|
| Julián Duque | GitHub/julianduque | Twitter/@julian_duque |
| Adrián Estrada | GitHub/edsadr | Twitter/@edsadr |
| Max Harris | GitHub/maxharris9 | Twitter/@maxharris9 |
| Tierney Cyren | GitHub/bnb | Twitter/@bitandbang |
| Giovanny Gongora | GitHub/Gioyik | Twitter/@Gioyik |
Contributions are welcomed from anyone wanting to improve this project!
nscm is Copyright (c) 2017 NodeSource and licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.