Check NPM packages for manifest confusion
Go to file
Felix Pankratz 78988233f4 code cleanup
2023-06-29 16:52:01 +02:00
check_packages.sh remove openssl conf from shellscript 2023-06-29 15:27:22 +02:00
npm-manifest-check.py code cleanup 2023-06-29 16:52:01 +02:00
README.md missing .py in README 2023-06-29 15:50:16 +02:00
requirements.txt improvements, bash script to quickly check a list of packages 2023-06-29 15:10:19 +02:00

npm manifest confusion checker

A python script to check npm packages for manifest mismatches, as reported by Darcy Clarke.

Usage

Install the requirements first:

pip install -r requirements.txt

Single package

To check a single package, pass the name of a package to the script as the first argument. Here, I'm using the package Darcy has helpfully provided:

$ ./npm-manifest-check.py darcyclarke-manifest-pkg
Version mismatch for darcyclarke-manifest-pkg!
Reported version: 2.1.15
Actual version: 3.0.0
Dependency mismatch detected for darcyclarke-manifest-pkg!
Reported dependencies: {}
Actual dependencies: {'sleepover': '*'}
Scripts mismatch detected for darcyclarke-manifest-pkg!
Reported scripts: {}
Actual scripts: {'install': 'touch ./bad-pkg-write && echo "bad pkg exec!"\n'}
Name mismatch detected for darcyclarke-manifest-pkg!
Reported name: darcyclarke-manifest-pkg
Actual name: express

A 'good' package will look like this:

$ ./npm-manifest-check.py color
No mismatch detected for color.

Multiple packages

check_packages.sh is a wrapper script which reads a list of packages to check from a packages.list file. Add the packages you want to check to this file, one package per line, and start the script:

./check_pages.sh

It will only report packages that have a mismatch.