@eggsy001/npm-verify

NPM Dependency Bot

CLI Tool to check package dependency versions for a list of repos
Explore the docs »

View Demo · Report Bug · Request Feature

About The Project

A Node.js script for the linux and macOS environments that can be used by node.js developers to check among a list of given repositories:

• whether the installed version of a specified package meets the specified version criteria or not.
• create a pull request if the version criteria doesn't match.
• generate a report containing the results and links for PRs(if any).

Created as a submission for The SDK Tooling Challenge, Dyte's 2022 on-campus hiring process at VIT Bhopal University.

(back to top)

Built With

• Node.js
• Commander
• Octokit

(back to top)

Getting Started

Prerequisites

• git

  Refer installation instructions

• node.js (recommended v16.5.0 LTS)

  using binaries / using package managers / using nvm

• npm

  npm i -g npm

  or

  npm install npm@latest -g

Installation

1. Create a github personal access token that meets at-least the following access requirements. Refer: Creating a Personal Access Token:

   • [x] repo
     • [x] repo:status Access commit status
     • [x] repo_deployment Access deployment status
     • [x] public_repo Access public repositories
     • [x] repo:invite Access repository invitations
     • [x] security_events
   • [x] admin:org
     • [x] write:org
     • [x] read:org
   • [x] user
     • [x] read:user
     • [x] user:email
     • [x] user:follow

   Copy the resultant token for later use in a retrievable place. Note that it is lost upon reloading again after it's created.

2. Clone the repo

   git clone https://github.com/dyte-submissions/dyte-vit-2022-AndroAvi.git

3. Install NPM packages

   npm install

4. Make installed package globally available

   npm link

5. Alternatively, skip steps 2-4 and

   npm install -g @eggsy001/npm-verify

   to install the published npm package directly.

6. Verify installation

   npm-verify --help

   Should return the following output:

(back to top)

Usage

Checking the dependency versions

1. Make sure that the input file is in the .csv format and is located in the current working directory. If not, open a new terminal in the directory of the input file, or

   cd "PATH" #path is the path from cwd to input file.

2. run

      npm-verify -i "INPUT_FILE_NAME.csv" -t "GITHUB_PERSONAL ACCESS_TOKEN" "PACKAGE_NAME"@"PACKAGE_VERSION"

3. Wait for the finish message. The output file output.csv would now be created in the cwd.

Creating update PR for version mismatches

1. Again, make sure that the input file is in the cwd.

2. run:

       npm-verify -i "INPUT_FILE_NAME.csv" -t "GITHUB_PERSONAL ACCESS_TOKEN" "PACKAGE_NAME"@"PACKAGE_VERSION" -u

3. Wait for the finish message. The output file output.csv created this time would contain the links to the PRs in the respective repositories.

   Note that if you don't have write access to a repository in the link, it is automatically forked to the account associated with the github personal access token.

Changing output file name

To change the output file name, pass the optional flag -o or --output with the previous commands, e.g.

npm-verify -i "INPUT_FILE_NAME.csv" -t "GITHUB_PERSONAL ACCESS_TOKEN" "PACKAGE_NAME"@"PACKAGE_VERSION" -u -o  "OUTPUT_FILE_NAME.csv"

Refer to the following command for details on flags.

npm-verify --help

Demonstration

(back to top)

Input And Output Formats

Specifications

Input

• The project assumes as input a .csv with column titles present.
• The first column should be titled name, and the second repo.
• The name column contains the name of the repo.
• The repo column should contain a standard github repo link of the format https://github.com/{owner}/{repo_name}
• For private repositories, the github account belonging to the personal access token should atleast have read access to the private repo.

Output

• version indicates the installed version of the specified package in the repo in the corresponding row. In case specified package isn't found, this value will be 0.0.1 and the script will install the package (this was improvised and can be changed easily).
• version_satisfied indicates whether the installed version is greater than or equal to the specified version or not.
• update_pr contains a link to a PR that updates the specified dependency to the specified version, if the -u flag was passed and the repo doesn't meet the requirements.

Sample Input/Outputs

Sample 1

Input

Output without -u flag

Output with -u flag

Sample 2

Input

Output without -u flag

Output with -u flag

A sample file has been added to the root directory for testing the script on 3 public repos. For testing on private repo's please provide your own.

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

(back to top)

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Contact

Your Name - avijeetpandey87@gmail.com

Project Link: https://github.com/dyte-submissions/dyte-vit-2022-AndroAvi

(back to top)