Check NPM packages for manifest confusion
| check_packages.sh | ||
| LICENSE | ||
| npm-manifest-check.py | ||
| README.md | ||
| requirements.txt | ||
npm manifest confusion checker
A python script to check npm packages for manifest mismatches, as reported by Darcy Clarke. Can also check all the dependencies of a package recursively.
Usage
Install the requirements first:
pip install -r requirements.txt
Check the help:
./npm-manifest-check.py -h
usage: npm-manifest-check [-h] [-b] package
Check NPM packages for manifest mismatches
positional arguments:
package name of the NPM package
optional arguments:
-h, --help show this help message and exit
-r, --recursive recursively check all dependencies for mismatches
-b, --brief do not show detailed comparisons of mismatching values
-c, --color colorize the output
Single package
To check a single package, pass the name of a package to the script as the first argument. Here, I'm using the package Darcy has helpfully provided:
$ ./npm-manifest-check.py darcyclarke-manifest-pkg
Version mismatch for darcyclarke-manifest-pkg!
Reported version: 2.1.15
Actual version: 3.0.0
Dependency mismatch detected for darcyclarke-manifest-pkg!
{'dictionary_item_added': {"root['sleepover']": '*'}}
Scripts mismatch detected for darcyclarke-manifest-pkg!
{ 'dictionary_item_added': { "root['install']": 'touch ./bad-pkg-write && echo '
'"bad pkg exec!"\n'}}
Name mismatch detected for darcyclarke-manifest-pkg!
Reported name: darcyclarke-manifest-pkg
Actual name: express
A 'good' package will look like this:
$ ./npm-manifest-check.py color
No mismatch detected for color.
Multiple packages
check_packages.sh is a wrapper script which reads a list of packages to check from a packages.list file. Add the packages you want to check to this file, one package per line, and start the script:
./check_pages.sh
It will only report packages that have a mismatch.