{"id":20806295,"url":"https://github.com/nodesource/ncm-analyze-tree","last_synced_at":"2025-05-07T04:24:03.866Z","repository":{"id":48029625,"uuid":"146563300","full_name":"nodesource/ncm-analyze-tree","owner":"nodesource","description":"Get certification data for a module's dependency tree","archived":false,"fork":false,"pushed_at":"2022-12-02T13:32:27.000Z","size":218,"stargazers_count":5,"open_issues_count":5,"forks_count":2,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-05-01T03:11:06.110Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nodesource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-29T07:38:06.000Z","updated_at":"2024-03-12T12:43:38.000Z","dependencies_parsed_at":"2023-01-22T14:00:59.416Z","dependency_job_id":null,"html_url":"https://github.com/nodesource/ncm-analyze-tree","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-analyze-tree","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-analyze-tree/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-analyze-tree/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-analyze-tree/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nodesource","download_url":"https://codeload.github.com/nodesource/ncm-analyze-tree/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252811389,"owners_count":21807932,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T19:19:09.028Z","updated_at":"2025-05-07T04:24:03.845Z","avatar_url":"https://github.com/nodesource.png","language":"JavaScript","readme":"# ncm-analyze-tree\n\n[![Build Status](https://travis-ci.org/nodesource/ncm-analyze-tree.svg?branch=master)](https://travis-ci.org/nodesource/ncm-analyze-tree)\n\nGet certification data for a module's dependency tree, as it is on disk.\n\nThis process is optimized by trying to get all the necessary information from\na `package-lock.json` or `yarn.lock` file, and a full scan of `node_modules/**`\nis only reverted to if no lock file exists.\n\n## Usage\n\nPrint certification data for this module's dependency tree:\n\n```js\nconst analyze = require('ncm-analyze-tree')\n\nconst data = await analyze({\n  dir: __dirname,\n  token: 'accounts token',\n  onPkgs: pkgs =\u003e console.log(`Analyzing ${pkgs.size} modules...`)\n})\n\nfor (const pkg of data) {\n  console.log(`${pkg.name}@${pkg.version}`)\n  for (const path of pkg.paths) {\n    console.log(`  ${path.map(pkg =\u003e `${pkg.data.name}@${pkg.data.version}`).join(' \u003e ')}`)\n  }\n}\n```\n\n```bash\n$ node example.js | head -n25\nAnalyzing 326 modules...\nstandard@11.0.1\n\neslint@4.18.2\n  standard@11.0.1\najv@5.5.2\n  standard@11.0.1 \u003e eslint@4.18.2\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e table@4.0.2\nco@4.6.0\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e ajv@5.5.2\nfast-deep-equal@1.1.0\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e ajv@5.5.2\nfast-json-stable-stringify@2.0.0\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e ajv@5.5.2\njson-schema-traverse@0.3.1\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e ajv@5.5.2\nbabel-code-frame@6.26.0\n  standard@11.0.1 \u003e eslint@4.18.2\nchalk@1.1.3\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e babel-code-frame@6.26.0\nansi-styles@2.2.1\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e babel-code-frame@6.26.0 \u003e chalk@1.1.3\nescape-string-regexp@1.0.5\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e babel-code-frame@6.26.0 \u003e chalk@1.1.3\n  standard@11.0.1 \u003e eslint@4.18.2 \u003e chalk@2.4.1\n```\n\nThe returned data is of this format:\n\n```\n{\n  name\n  version\n  score\n  paths[]\n  published\n  publishedAt\n  results {\n    severity\n    pass\n    name\n    test\n    value\n  }\n  vulnerabilities {\n    id,\n    title,\n    semver {\n      vulnerable\n    },\n    severity\n  }\n}\n```\n\n## Installation\n\n```bash\n$ npm install ncm-analyze-tree\n```\n\n## API\n\n### analyze({ dir, token, onPkgs, filter, url })\n\n- `dir`: The node project's directory\n- `token`: accounts token\n- `onPkgs`: Called with a `Set` of package objects `{ name, version }`, once the\ntree has been read\n- `filter`: Called with every `pkg` object, return `false` to remove from\nanalysis\n- `url`: `ncm2-api` url\n\n## License \u0026 copyright\n\nCopyright \u0026copy; NodeSource.\n\nLicensed under the MIT open source license, see the LICENSE file for details.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodesource%2Fncm-analyze-tree","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnodesource%2Fncm-analyze-tree","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodesource%2Fncm-analyze-tree/lists"}