node package manager
Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »


CorpCheck CLI

If you want to use CorpCheck for more than just as a web tool to check packages for risks, you can integrate the CLI module into your build and deployment process to actually prohibit the deployment of risky packages. The CLI will use the ruleset you define and stop if it encounters a viral license, an unreleased package or an abandoned package will tons of open issues.


install to global using npm:

npm install -g corp-check-cli

install to project using npm:

npm install --save-dev corp-check-cli


Validate npm package

You can identify risks in published npm packages with corp-check npm <package> CLI command. And you will know how good that package for you.

corp-check npm express

Validate project

You can create a report about your product with corp-check <path-to-local-source>. Also you can use your package-lock.json with the --package-lock option. And with --prod argument you can skip the devDependencies from validation

corp-check . --package-lock --prod

Npm script

Define script for corp-check project validation

    "scripts": {
        "corp-check": "corp-check ."

and you can run by npm

npm run corp-check

Validation rules

Just create a corp-check-rules.json in your project root and you can override the default evaluation rules. With the --rule-set <path> option you can have more custom rules.

corp-check . --rule-set ./my-rules.json

If you want to validate an npm package with your custom rule you have to pass the --rule-set option

corp-check npm express --rule-set ./my-rules.json

You can read more about custom rules here


    -V, --version             output the version number
    --force, -f               force validation
    --verbose, -v             list all warnings
    --rule-set <ruleSetJson>  validation rule set, default: ./corp-check-rules.json
    --log-level <logLevel>    winston log level, default: warn
    --prod                    skip devDependencies
    --package-lock            use package-lock.json file
    -h, --help                output usage information