{"id":18374737,"url":"https://github.com/jupiterone/map-repo-dependencies","last_synced_at":"2025-10-12T20:32:31.457Z","repository":{"id":39897585,"uuid":"198479891","full_name":"JupiterOne/map-repo-dependencies","owner":"JupiterOne","description":"Example script to create dependency relationships between code repos in JupiterOne graph","archived":false,"fork":false,"pushed_at":"2023-02-15T20:17:40.000Z","size":523,"stargazers_count":4,"open_issues_count":1,"forks_count":3,"subscribers_count":23,"default_branch":"main","last_synced_at":"2025-03-22T06:25:08.631Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JupiterOne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2019-07-23T17:40:05.000Z","updated_at":"2022-03-26T17:54:13.000Z","dependencies_parsed_at":"2023-02-16T09:16:00.499Z","dependency_job_id":null,"html_url":"https://github.com/JupiterOne/map-repo-dependencies","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fmap-repo-dependencies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fmap-repo-dependencies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fmap-repo-dependencies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fmap-repo-dependencies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JupiterOne","download_url":"https://codeload.github.com/JupiterOne/map-repo-dependencies/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247547060,"owners_count":20956479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T00:15:50.082Z","updated_at":"2025-10-12T20:32:26.436Z","avatar_url":"https://github.com/JupiterOne.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JupiterOne Repository Relationship Generator\n\nA script that generates JupiterOne entity relationships between a repository and\nits dependencies. This script will look for dependencies within a repository's\n`package.json` file as well as the `dependencies.yaml` file if the repository has\na `deploy` directory.\n\nThis script currently works with node.js dependencies in package.json only.\nAdditionally, this script only creates relationships for `dependencies` (not\n`devDependencies`).\n\n## Before Running\n\n- Create a directory containing the repositories that you would like the script\n  to be run against (Note: You will need the path to this directory while running the\n  script).\n\n- Ensure that the `package.json` for each repository is at the root of the\n  repository.\n\n- JupiterOne API credentials are required to run the necessary queries to create\n  the relationships.\n\n  - You must pass in your account and access token.\n  - You will be prompted for both of these when you run the script.\n  - You have the option to create env variables to bypass manually entering them\n    into the console.\n\n    - Use `J1_ACCOUNT` for the account variable and `J1_API_TOKEN` for the\n      access token variable.\n\n## Running the script\n\n- Use `yarn start`\n\n- If you wish to only run the script on a certain group of dependencies, you\n  have the option of inputting any number of package scopes.\n\n  For Example:\n\n  - Dependencies list:\n\n    - `@jupiterone/jupiterone-client-nodejs`\n    - `@lifeomic/alpha`\n    - `@lifeomic/base-pipeline`\n    - `graphlql`\n    - `dotenv`\n\n    ```bash\n    Input a package scope, i.e. @package (input DONE when finished): @lifeomic\n    Input a package scope, i.e. @package (input DONE when finished): @jupiterone\n    Input a package scope, i.e. @package (input DONE when finished): DONE\n    ```\n\n    This set of inputs will create relationships for the first three items on\n    the dependencies list above.\n\n- Example Output:\n\n  ```bash\n  Could not query Repo (advent-helix-vcf-ingest).\n  Could not query Repo (app-store-admin-web).\n  Could not query Repo (app-store-service).\n  \n  Repo: scheduler\n  Successfully created relationship (scheduler USES @lifeomic/alpha: ^0.14.0).\n  Failed to create relationship with @lifeomic/attempt: ^3.0.0 (was not found on the graph). Skipped.\n  Successfully created relationship (scheduler USES @lifeomic/koa: ^7.1.1).\n  Successfully created relationship (scheduler USES @lifeomic/lambda-runtime-tools: ^3.4.1).\n  Successfully created relationship (scheduler USES @lifeomic/logging: ^1.0.5).\n  Successfully created relationship (scheduler USES lambda-cloudwatch-slack, deploy).\n  Successfully created relationship (scheduler USES provision-environment, deploy).\n  Successfully created relationship (scheduler USES provision-pager-duty, deploy).\n  Successfully created relationship (scheduler USES sumo-cloudwatch-logs, deploy).\n  \n  Repo: koa\n  *** Repo does not have a deploy directory with a dependencies.yaml ***\n  Successfully created relationship (koa USES @lifeomic/abac: ^2.0.3).\n  Successfully created relationship (koa USES @lifeomic/alpha: ^0.12.1).\n  Successfully created relationship (koa USES @lifeomic/fhir-schemas: ^2.1.1).\n  Successfully created relationship (koa USES @lifeomic/platform-headers: ^1.3.0).\n  Successfully created relationship (koa USES @lifeomic/usage-stream: ^6.0.0).\n  \n  Summary:\n  Created Relationships: 13\n  Failed Attempts: 1\n  Failed dependencies:\n    @lifeomic/attempt: ^3.0.0 (scheduler).\n  ```\n\n## Querying the visualizing the graph in JupiterOne\n\nYou can then run queries in JupiterOne to generate reports and visualizations\nof your repo dependencies. For example:\n\n**Which internal repo is mostly used by other repos?**\n\n```j1ql\nFind CodeRepo as repo\n  that uses CodeRepo as dependency\nreturn\n  dependency.name, count(repo) as dependents\norder by dependents desc\n```\n\n**Show a visual dependency graph of a particular repo:**\n\n```j1ql\n'jupiter-client-nodejs' that uses CodeRepo return tree\n```\n\n\u003e Replace `jupiter-integration-okta` in the above query with the desired repo\n\u003e name.\n\n![](graph.png)\n\n## Current limitations\n\n- This script only parses repos pulled down locally and does not handle remote\n  repos.\n\n- This script is limited to analyzing the `package.json` file for `node.js`\n  projects.\n\n- This script only creates relationships for `dependencies` (not\n  `devDependencies`).\n\n- This script does not currently handle deletion of repo dependency\n  relationships if the dependency is removed from the `package.json` file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fmap-repo-dependencies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjupiterone%2Fmap-repo-dependencies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fmap-repo-dependencies/lists"}