Distributed code review for npm
npm-crev
is an implementation of the crev distributed code review system for the npm ecosystem.
Crev is scalable, distributed, and social. Users publish and circulate results of their reviews: potentially warning about problems, malicious code, or just encouraging high quality by peer review.
Crev allows building a personal web of trust in other people and the code they use and review.
npm-crev is far from done, but under active development. It has not been audited for security.
- Generating IDs
- Fetching repos
- Trusting others
- Reviewing packages
- Integration tests of most commands
- Pushing proof repos
- Support for npm <7 and yarn
- Customization of verification parameters (what does trust mean to you?)
- Go through TODOs in code
$ npm install -g crev
$ crev COMMAND
running command...
$ crev (-v|--version|version)
crev/0.0.0 linux-x64 node-v15.3.0
$ crev --help [COMMAND]
USAGE
$ crev COMMAND
...
fetch proofs from other users
USAGE
$ crev fetch
OPTIONS
-h, --help show CLI help
--all fetch all repos we know of
--update update proofs from trusted users
--url=url URL of a git repo
See code: src/commands/fetch.ts
display help for crev
USAGE
$ crev help [COMMAND]
ARGUMENTS
COMMAND command to show help for
OPTIONS
--all see all commands in CLI
See code: @oclif/plugin-help
create a new crev ID
USAGE
$ crev id:create
OPTIONS
-h, --help show CLI help
-p, --passphrase=passphrase passphrase to encrypt your private key
-u, --url=url URL of the associated Git repo
See code: src/commands/id/create.ts
list crev IDs
USAGE
$ crev id:list
OPTIONS
-a, --all list all known crev IDs
-h, --help show CLI help
-x, --extended show extra columns
--columns=columns only show provided columns (comma-separated)
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
ALIASES
$ crev id:show
See code: src/commands/id/list.ts
publicly trust another crev ID
USAGE
$ crev id:trust IDS
ARGUMENTS
IDS comma-separated list of IDs to trust
OPTIONS
-h, --help show CLI help
--comment=comment an optional comment for your trust proof
--level=distrust|none|low|medium|high how much you trust the IDs
--skip-comment don't prompt for a comment if one isn't passed
See code: src/commands/id/trust.ts
switch the current crev ID
USAGE
$ crev id:use [ID]
OPTIONS
-h, --help show CLI help
See code: src/commands/id/use.ts
review a package
USAGE
$ crev review [PACKAGE]
ARGUMENTS
PACKAGE the name of the package to review
OPTIONS
-h, --help show CLI help
-v, --version=version the version to review
--comment=comment an optional comment for your package review
--rating=strong|positive|neutral|negative your rating of the package
--skip-comment don't prompt for a comment if one isn't passed
--thoroughness=none|low|medium|high how thoroughly you reviewed the package
--understanding=none|low|medium|high how well you understood the code
See code: src/commands/review.ts
verify your project's dependencies
USAGE
$ crev verify [LOCKFILE]
ARGUMENTS
LOCKFILE path to a npm lockfile
OPTIONS
-h, --help show CLI help
-x, --extended show extra columns
--columns=columns only show provided columns (comma-separated)
--csv output is csv format [alias: --output=csv]
--filter=filter filter property by partial string matching, ex: name=foo
--no-header hide table header from output
--no-truncate do not truncate output to fit screen
--output=csv|json|yaml output in a more machine friendly format
--sort=sort property to sort by (prepend '-' for descending)
See code: src/commands/verify.ts