{"id":20806326,"url":"https://github.com/nodesource/ncm-cli","last_synced_at":"2025-05-07T04:24:36.173Z","repository":{"id":34595578,"uuid":"156519024","full_name":"nodesource/ncm-cli","owner":"nodesource","description":"Command-line tool for NodeSource Certified Modules 2.0","archived":false,"fork":false,"pushed_at":"2025-04-16T16:14:06.000Z","size":3005,"stargazers_count":20,"open_issues_count":7,"forks_count":8,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-04-16T23:30:25.699Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nodesource.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-11-07T09:05:10.000Z","updated_at":"2025-03-19T06:40:44.000Z","dependencies_parsed_at":"2024-12-23T12:29:35.322Z","dependency_job_id":"98873897-b249-457a-bbde-958a3f1a646b","html_url":"https://github.com/nodesource/ncm-cli","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodesource%2Fncm-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nodesource","download_url":"https://codeload.github.com/nodesource/ncm-cli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252811497,"owners_count":21807947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T19:19:19.437Z","updated_at":"2025-05-07T04:24:36.162Z","avatar_url":"https://github.com/nodesource.png","language":"HTML","readme":"# NCM-CLI\n\n[![Build Status](https://travis-ci.org/nodesource/ncm-cli.svg?branch=master)](https://travis-ci.org/nodesource/ncm-cli)\n\nThe command-line tool for NodeSource Certified Modules 2.0 — designed to make code quality, security, and compliance a breeze. Generate a custom project report, fetch compliance and security information, manage organizational whitelists, and inspect specific packages in greater detail — all from the command-line.\n\n_Additional NodeSource Certified Modules v2 information is available [on the NodeSource documentation site](https://docs.nodesource.com/docs/category/ncm-v2)._\n\n## Installation\n\n```\n$ npm install -g ncm-cli\n```\n\n## Usage\n\n```\n$ ncm \u003ccommand\u003e [options]\n```\n\n```\n$ ncm help \u003ccommand\u003e\n```\n\n## Authentication\n\n`ncm-cli` supports three forms of authentication (required).\n\n### 1. NodeSource Account:\n\nSign-in interactively using your [NodeSource account](https://accounts.nodesource.com) email and password.\n\n```\n$ ncm signin\n```\n\n### 2. Single Sign-on\n\n* Using a Google account: `ncm signin -G, --google`\n* Using a GitHub account: `ncm signin -g, --github`\n\n### 3. Environment Variable (CI/CD)\n\n```\n$ NCM_TOKEN=\u003ctoken\u003e ncm \u003ccommand\u003e [options]\n```\n\nLearn more about obtaining NodeSource service tokens and configuring permissions [here](https://docs.nodesource.com/ncm_v2/docs#ci-setup).\n\n## `ncm report`\n\nGenerates a project-wide report of directory risk and quality of installed or specified packages.\nThe top five riskiest modules detected will be displayed alongside a concise project report.\n\nThe directory to generate a report from may be specified via `ncm report \u003cdir\u003e`.\nDefaults to using the current working directory.\n\n```\n$ ncm report\n\n╔════════════╗\n║ foo Report ║\n╚════════════╝\n\n23 packages checked\n\n ! 2 critical risk\n 4 high risk\n 4 medium risk\n 10 low risk\n\n ! 6 security vulnerabilities found across 5 modules\n |➔ Run `ncm report --filter=security` for a list\n\n ! 2 noncompliant modules found\n |➔ Run `ncm report --filter=compliance` for a list\n\n ! 1 used modules whitelisted\n |➔ Run `ncm whitelist --list` for a list\n\n─────────────────────────────────────────────────────────────────────────────────────────────────\n Top 5: Highest Risk Modules\n-------------------------------------------------------------------------------------------------\n Module Name Risk License Security\n┌──────────────────────────────────────────┬────────────┬───────────────────────┬───────────────┐\n│ mime @ 1.3.4 │ |||| Crit │ ✓ MIT │ X 1L │\n│ superagent @ 1.8.5 │ |||| Crit │ ✓ MIT │ X 1M 1L │\n│ form-data @ 1.0.0-rc3 │ |||| High │ ✓ MIT │ ✓ 0 │\n│ formidable @ 1.0.16 │ |||| High │ X UNKNOWN │ ✓ 0 │\n│ mime @ 1.2.11 │ |||| High │ X UNKNOWN │ X 1L │\n└──────────────────────────────────────────┴────────────┴───────────────────────┴───────────────┘\n```\n\n### Full Reports\n\nA report with a list of all modules can be generated by passing `--long, -l`.\n\n```\n$ ncm report --long\n\n╔════════════╗\n║ foo Report ║\n╚════════════╝\n\n23 packages checked\n\n ! 2 critical risk\n 4 high risk\n 4 medium risk\n 10 low risk\n\n ! 6 security vulnerabilities found across 5 modules\n |➔ Run `ncm report --filter=security` for a list\n\n ! 2 noncompliant modules found\n |➔ Run `ncm report --filter=compliance` for a list\n\n─────────────────────────────────────────────────────────────────────────────────────────────────\n Whitelisted Modules\n-------------------------------------------------------------------------------------------------\n Module Name Risk License Security\n┌──────────────────────────────────────────┬────────────┬───────────────────────┬───────────────┐\n│ qs @ 6.3.1 │ |||| Crit │ ✓ BSD-3-Clause │ X 1H │\n└──────────────────────────────────────────┴────────────┴───────────────────────┴───────────────┘\n─────────────────────────────────────────────────────────────────────────────────────────────────\n Non-whitelisted Modules\n-------------------------------------------------------------------------------------------------\n Module Name Risk License Security\n┌──────────────────────────────────────────┬────────────┬───────────────────────┬───────────────┐\n│ mime @ 1.3.4 │ |||| Crit │ ✓ MIT │ X 1L │\n│ superagent @ 1.8.5 │ |||| Crit │ ✓ MIT │ X 1M 1L │\n│ form-data @ 1.0.0-rc3 │ |||| High │ ✓ MIT │ ✓ 0 │\n│ formidable @ 1.0.16 │ |||| High │ X UNKNOWN │ ✓ 0 │\n│ mime @ 1.2.11 │ |||| High │ X UNKNOWN │ X 1L │\n│ qs @ 2.3.3 │ |||| High │ ✓ BSD-2-Clause │ X 1H │\n\n ... etc ...\n\n│ mime-types @ 2.1.22 │ |||| None │ ✓ MIT │ ✓ 0 │\n└──────────────────────────────────────────┴────────────┴───────────────────────┴───────────────┘\n```\n\n### Filters\n\nReports may be filtered based on any of the following flags:\n\n- `--compliance, -c` - only display non-compliant packages.\n- `--security, -s` - only display packages with vulnerabilities.\n\n## Options\n\n- `--json, -j` - Formats the report in JSON (disabled by default)\n\n## `ncm details \u003cmodule{@version}\u003e`\n\nReturns a detailed report about a specific module version.\nDefaults to using the `latest` version as published to npm if no `version` is provided.\n\n```\n$ ncm details client-request@2.3.0\n\n╔═════════════════════════════════════════╗\n║ client-request @ 2.3.0 (within ncm-cli) ║\n╚═════════════════════════════════════════╝\n\n┌──────┬───────────┐\n│ |||| │ None Risk │\n└──────┴───────────┘\n\nSecurity Risk:\n ✓ 0 security vulnerabilities found\n C 0 critical severity\n H 0 high severity\n M 0 medium severity\n L 0 low severity\n\n┌───┬─────────────────────────────┐\n│ ✓ │ No Security Vulnerabilities │\n└───┴─────────────────────────────┘\n\nLicense Risk:\n┌───┬─────┐\n│ ✓ │ MIT │\n└───┴─────┘\n\nModule Risk:\n┌───┬────────────────┐\n│ ✓ │ No Module Risk │\n└───┴────────────────┘\n\nCode Quality (does not affect risk score):\n┌───┬────────────────────────────────────────────────────────────────────────────────────────────┐\n│ ! │ This package version's size on disk is 40.0 kB. │\n└───┴────────────────────────────────────────────────────────────────────────────────────────────┘\n\nRequired By (leftmost is directly in your package):\n┌────────────────────────────────────────────────────────────────────────────────────────────┐\n│ (Directly in your package) │\n└────────────────────────────────────────────────────────────────────────────────────────────┘\n```\n\n## `ncm install \u003cmodule{@version}\u003e`\n\nRuns and displays `ncm details \u003cmodule{@version}\u003e` with an interactive confirmation prompt.\nIf confirmed, attempts to run `npm install \u003cmodule{@version}\u003e` with any additional options provided.\n\n_The config keys `installBin` and `installCmd` can adjust this to work with other package installers if necessary._\n_For more information, see `ncm config --help`._\n\n## `ncm whitelist`\n\nDisplay or modify your NodeSource organization’s module whitelist.\n\n### `ncm whitelist --list`\n\nReturns a list containing each module in your NodeSource organization’s whitelist.\nPublic modules are listed alongside their risk score, license compliance, and security summary.\n\n```\n$ ncm whitelist --list\n\n╔══════════════════════════════╗\n║ personal Whitelisted Modules ║\n╚══════════════════════════════╝\n\n2 modules total\n─────────────────────────────────────────────────────────────────────────────────────────────────\n Whitelisted Modules\n-------------------------------------------------------------------------------------------------\n Module Name Risk License Security\n┌──────────────────────────────────────────┬────────────┬───────────────────────┬───────────────┐\n│ express @ 4.0.0 │ |||| None │ ✓ MIT │ X 1M │\n│ qs @ 6.3.1 │ |||| None │ ✓ BSD-3-Clause │ X 1H │\n└──────────────────────────────────────────┴────────────┴───────────────────────┴───────────────┘\n```\n\n### `ncm whitelist --add \u003cmodule@version\u003e`\n\nAdd one or more modules to your NodeSource organization’s whitelist.\n\n### `ncm whitelist --remove \u003cmodule@version\u003e`\n\nRemove one or more modules from your NodeSource organization’s whitelist.\n\n## `ncm orgs`\n\nChange your active NodeSource organization, which impacts the whitelist.\nDefaults to an interactive prompt.\n\nBy passing an `\u003corgname\u003e`, the interactive part may be skipped.\n\nInput is _case sensitive_.\n\n## `ncm config`\n\nAccess to various configuration settings.\nFor more information, use the help command: `ncm config --help`\n\n## License \u0026 Copyright\n\nCopyright 2019 NodeSource — _[Contributions via DCO 1.1](contributing.md#developers-certificate-of-origin)_\n\nLicensed under the Apache License, Version 2.0 — see the [LICENSE](LICENSE) file for details.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodesource%2Fncm-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnodesource%2Fncm-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodesource%2Fncm-cli/lists"}