README
parent
f5c5db71ef
commit
ba1f7b2a02
@ -0,0 +1,48 @@
|
||||
# npm manifest confusion checker
|
||||
|
||||
A `python` script to check `npm` packages for manifest mismatches, [as reported by Darcy Clarke.](https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem)
|
||||
|
||||
## Usage
|
||||
|
||||
Install the requirements first:
|
||||
|
||||
```
|
||||
pip install -r requirements.txt
|
||||
```
|
||||
|
||||
### Single package
|
||||
|
||||
To check a single package, pass the name of a package to the script as the first argument. Here, I'm using the package Darcy has helpfully provided:
|
||||
|
||||
```
|
||||
$ ./npm-manifest-check darcyclarke-manifest-pkg
|
||||
Version mismatch for darcyclarke-manifest-pkg!
|
||||
Reported version: 2.1.15
|
||||
Actual version: 3.0.0
|
||||
Dependency mismatch detected for darcyclarke-manifest-pkg!
|
||||
Reported dependencies: {}
|
||||
Actual dependencies: {'sleepover': '*'}
|
||||
Scripts mismatch detected for darcyclarke-manifest-pkg!
|
||||
Reported scripts: {}
|
||||
Actual scripts: {'install': 'touch ./bad-pkg-write && echo "bad pkg exec!"\n'}
|
||||
Name mismatch detected for darcyclarke-manifest-pkg!
|
||||
Reported name: darcyclarke-manifest-pkg
|
||||
Actual name: express
|
||||
```
|
||||
|
||||
A 'good' package will look like this:
|
||||
|
||||
```
|
||||
$ ./npm-manifest-check.py color
|
||||
No mismatch detected for color.
|
||||
```
|
||||
|
||||
### Multiple packages
|
||||
|
||||
`check_packages.sh` is a wrapper script which reads a list of packages to check from a `packages.list` file. Add the packages you want to check to this file, one package per line, and start the script:
|
||||
|
||||
```
|
||||
./check_pages.sh
|
||||
```
|
||||
|
||||
It will only report packages that have a mismatch.
|
Loading…
Reference in New Issue