{"id":13847338,"url":"https://github.com/davidmfoley/node-trucker","last_synced_at":"2026-01-31T11:06:29.510Z","repository":{"id":12836809,"uuid":"15512302","full_name":"davidmfoley/node-trucker","owner":"davidmfoley","description":"import-aware file management and dependency analysis for javascript","archived":false,"fork":false,"pushed_at":"2023-02-03T22:30:54.000Z","size":617,"stargazers_count":104,"open_issues_count":7,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-08-16T09:37:01.206Z","etag":null,"topics":["analysis","dependencies","graphviz","nodejs"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidmfoley.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-12-29T17:46:44.000Z","updated_at":"2025-03-02T01:36:54.000Z","dependencies_parsed_at":"2023-02-18T11:48:08.315Z","dependency_job_id":null,"html_url":"https://github.com/davidmfoley/node-trucker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/davidmfoley/node-trucker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidmfoley%2Fnode-trucker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidmfoley%2Fnode-trucker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidmfoley%2Fnode-trucker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidmfoley%2Fnode-trucker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidmfoley","download_url":"https://codeload.github.com/davidmfoley/node-trucker/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidmfoley%2Fnode-trucker/sbom","scorecard":{"id":327253,"data":{"date":"2025-08-11","repo":{"name":"github.com/davidmfoley/node-trucker","commit":"e1f31925811f3f4f55af7975b40bfa0b8d5511dc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/davidmfoley/node-trucker/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/davidmfoley/node-trucker/main.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"18 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T02:45:41.881Z","repository_id":12836809,"created_at":"2025-08-18T02:45:41.881Z","updated_at":"2025-08-18T02:45:41.881Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28939579,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T10:18:23.202Z","status":"ssl_error","status_checked_at":"2026-01-31T10:18:22.693Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","dependencies","graphviz","nodejs"],"created_at":"2024-08-04T18:01:17.232Z","updated_at":"2026-01-31T11:06:29.492Z","avatar_url":"https://github.com/davidmfoley.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"[![NPM Version](https://img.shields.io/npm/v/trucker.svg)](https://www.npmjs.com/package/trucker)\n# trucker\n\nTrucker is a tool that helps manage dependencies between javascript files\n\n\nIt has three main functions:\n\n1. Show all inbound and outbound dependencies for javascript and coffeescript source files. (```trucker --info filename.js``` or ```trucker -i filename.js```)\n\n1. Move/rename source files while fixing up the paths used in requires. (```trucker --move source destination``` or ```trucker -m source destination```)\n\n1. Find unused files (files that are not required by any other files). (```trucker --unused``` or ```trucker -u```)\n\nWhy is it called trucker? Because it hauls your files around without breaking them.\n\n# Support\n\n## Languages\n\n* Javascript, as parsed by babel (up to ES7)\n\n* Coffeescript\n\n* Typescript\n\n\n## Module systems\n\n\n* CommonJS 6 - i.e. ```module.exports``` and ```require()```.\n\n* ECMAScript 6 - i.e. ```export``` and ```import```.\n\n* TypeScript - i.e. ```export``` and ```import```.\n\n# Installation\n\n```npm install -g trucker```\n\nTrucker runs on node.js 10 or greater.\n\n# Usage\n\n### Move files\n\nTo move files:\n\n```trucker  --move [flags] source [additional sources...] destination```\n\n### Get dependency info about files\n\nTo get info about files:\n\n```trucker --info [optional file paths]```\n\nIf no paths are passed, trucker will spit out information for all files in the `base` path (see options below).\n\n###  Build a graph of dependencies using graphviz\n(experimental)\n\nTo get info about files:\n\n```trucker --info --format dot [optional file paths]```\n\nThis will output a [graphviz](http://www.graphviz.org/)-compatible dot file that can be rendered into an image file by the `dot` tool that is part of graphviz.\n\n\nFor example:\n```\ntrucker -i -f dot \u003e ./build/dependencies.dot\ndot -Tpng -o ./build/dependencies.png ./build/dependencies.dot\nopen ./build/dependencies.png\n```\n\nHere's a graph of trucker's internal structure, generated by the following command:\n\n```\ndot -Tsvg -o ./trucker-graph.svg \u003c(trucker --exclude test --exclude examples --info --format dot)\n```\n\n![Trucker Graph](./trucker-graph.svg)\n\n\n\n### Find unused files\n\nFind files that are not required by any other source files in given path\n\n```trucker --unused [path]```\n\n## Examples\n\nin the examples directory (provided), you can try the following (add ```-n``` for dry run mode if desired):\n\n- Get info about all dependencies in the current directory and all sub directories\n```trucker --info```\n\n- Get dependencies for just one subdirectory\n```trucker -i stark/```\n\n- Move a single file:\n```trucker --move stark/eddard.js deceased/```\n\n- Move a single file, specifying destination path:\n```trucker -m stark/eddard.js deceased/ned.js```\n\n- Move multiple files explicitly\n```trucker -m stark/eddard.js tully/catelyn.js deceased/```\n\n- Move a directory:\n```trucker -m stark deceased/stark```\n\n- Paths are automatically created:\n```trucker -m stark/eddard.js deceased/in/book1/```\n\n## Options\n```-h, --help``` prints the help\n\n```-n, --dry-run``` tells trucker not to move any files, but to instead print out a list of all of the changes that would have been made if this option was not set.\n\n```-s, --scope``` can be used to expand or contract the set of files that trucker searches for dependencies. This defaults to the present working directory. If you have a very large project you may wish to constrain the scope for performance reasons (analysis takes time), or in some cases you may wish to expand the scope beyond the current directory. Use ```--scope``` for this.\n\n```-q, --quiet``` suppress output\n\n```-e, --exclude``` Add file glob pattern to ignore to those found in the `.gitignore` file. Repeat this options to add many patterns.\n\n# Ignored files\n\nTrucker ignores files using the first .gitignore it finds, starting from the base directory (usually cwd), and ascending to the root.\n\nSee too the `--exclude` option above.\n\n# Limitations\n\n## Tested on OSX\n\nShould also work on other platforms. Let me know if you have a problem.\n\n## require syntax\n\nTrucker only recognizes basic require syntax.\n\nTrucker doesn't recognize this, for example:\n```javascript\nvar x = '../foo/bar';\nvar y = require(x);\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidmfoley%2Fnode-trucker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidmfoley%2Fnode-trucker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidmfoley%2Fnode-trucker/lists"}