{"id":19508041,"url":"https://github.com/slavafomin/for-each-package","last_synced_at":"2026-02-08T16:31:20.264Z","repository":{"id":38230324,"uuid":"255402252","full_name":"slavafomin/for-each-package","owner":"slavafomin","description":"Run command for each npm package under directory","archived":false,"fork":false,"pushed_at":"2022-07-07T18:38:34.000Z","size":323,"stargazers_count":3,"open_issues_count":8,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-02-06T21:40:44.460Z","etag":null,"topics":["cli","lerna","monorepo","npm","npm-scripts","rush","shell"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/slavafomin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-13T17:52:46.000Z","updated_at":"2024-06-23T00:16:02.000Z","dependencies_parsed_at":"2022-08-18T07:05:10.696Z","dependency_job_id":null,"html_url":"https://github.com/slavafomin/for-each-package","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/slavafomin/for-each-package","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slavafomin%2Ffor-each-package","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slavafomin%2Ffor-each-package/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slavafomin%2Ffor-each-package/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slavafomin%2Ffor-each-package/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/slavafomin","download_url":"https://codeload.github.com/slavafomin/for-each-package/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slavafomin%2Ffor-each-package/sbom","scorecard":{"id":831150,"data":{"date":"2025-08-11","repo":{"name":"github.com/slavafomin/for-each-package","commit":"4c847ed047a7dd1097d90c6ea1f7221723beb133"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4","Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T17:50:20.554Z","repository_id":38230324,"created_at":"2025-08-23T17:50:20.554Z","updated_at":"2025-08-23T17:50:20.554Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29236898,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T14:18:14.570Z","status":"ssl_error","status_checked_at":"2026-02-08T14:18:14.071Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","lerna","monorepo","npm","npm-scripts","rush","shell"],"created_at":"2024-11-10T23:03:04.294Z","updated_at":"2026-02-08T16:31:20.248Z","avatar_url":"https://github.com/slavafomin.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# @sfomin/for-each-package\n\n\u003c!-- NPM Badge --\u003e\n\u003ca href=\"https://badge.fury.io/js/%40sfomin%2Ffor-each-package\"\u003e\n  \u003cimg src=\"https://badge.fury.io/js/%40sfomin%2Ffor-each-package.svg\" alt=\"npm version\" height=\"18\"\u003e\n\u003c/a\u003e\n\n\u003c!-- CodeClimate Badge --\u003e\n\u003ca href=\"https://codeclimate.com/github/slavafomin/for-each-package/maintainability\"\u003e\n  \u003cimg src=\"https://api.codeclimate.com/v1/badges/0d74bceac218c511a141/maintainability\" alt=\"maintainability\"\u003e\n\u003c/a\u003e\n\n\u003c!-- MIT License Badge --\u003e\n\u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-yellow.svg\" alt=\"License: MIT\" height=\"20\"\u003e\n\u003c/a\u003e\n\n---\n\nRuns command for each npm package under current working directory.\n\n## Features\n\n- searches for npm packages under the current directory recursively\n  and executes the specified command for each found package\n- respects `.gitignore` settings of your project\n- can filter packages by their name from `package.json`\n- provides both CLI and JavaScript API\n- type-safe (written in TypeScript and ships with type declarations)\n- supports shell expressions in commands\n\n\n## Installation\n\n`npm i -g @sfomin/for-each-package`\n\n## CLI\n\nThe installed package provides global binary called\n`for-each-package` or a short alias `fep`.\n\n### Examples\n\n`for-each-package \"command with args\"` - this would execute `command` for each npm package\nfound under the current working directory\n(skipping the paths like `/node_modules` and paths from `.gitignore`).\n\nE.g.: `for-each-package \"pwd; echo; ls -l\"` would print path of each package\nand would list all files in that directory.\n\nThe following calls will run the specified command in all packages\nthat match `@acme/*` pattern:\n\n- `for-each-package --name \"@acme/*\" \"command\"` or\n- `for-each-package -n \"@acme/*\" \"command\"` or\n- `fep -n \"@acme/*\" \"command\"`\n\n\n### Options (CLI)\n\n`--name | -n` - filters found packages by name using the\nspecified glob pattern or regular expression.\nRegular expression should be specified this way: `\"/^@acme\\/$/\"`\n(between two slashes). Glob pattern should adhere to the\nextended format supported by [glob-to-regexp][glob-to-regexp].\n\n\n## JavaScript API\n\nThis package could also be used programmatically, i.e. directly\nfrom your Node.js program:\n\n```typescript\n\nimport { forEachPackage } from '@sfomin/for-each-package';\n\nawait forEachPackage({\n  cwd: '/var/packages',\n  command: 'pwd \u0026\u0026 ls -l',\n  packageName: /^@acme\\//\n});\n```\n\n### Options (JS API)\n\n`command: string` - shell command to execute for each found package\n\n`cwd?: string` - root directory that should be searched for packages\n\n`packageName?: string | RegExp` - package name filter glob pattern or RegExp\n\n`shell?: (boolean | string) = true` - whether to use shell to execute the specified command\n\n* `false`          - do not use shell\n* `true` (default) - use default shell (/bin/sh on UNIX and cmd.exe on Windows)\n* `string`         - use the specified shell\n\n\n## License (MIT)\n\nCopyright (c) 2020 Slava Fomin II\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n\n  [glob-to-regexp]: https://github.com/fitzgen/glob-to-regexp#readme\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslavafomin%2Ffor-each-package","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslavafomin%2Ffor-each-package","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslavafomin%2Ffor-each-package/lists"}