{"id":13670768,"url":"https://github.com/wallet77/qualscan","last_synced_at":"2025-04-12T21:24:49.584Z","repository":{"id":39492024,"uuid":"313437573","full_name":"wallet77/qualscan","owner":"wallet77","description":"A CLI, and API, tool to run many quality check-ups on your javascript project.","archived":false,"fork":false,"pushed_at":"2025-01-10T11:03:26.000Z","size":2533,"stargazers_count":26,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-10T06:05:51.066Z","etag":null,"topics":["budget","dependencies-tree","javascript","jscpd","npm","package","quality","thresholds"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wallet77.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-16T21:59:28.000Z","updated_at":"2025-01-10T11:00:38.000Z","dependencies_parsed_at":"2025-01-10T11:32:30.012Z","dependency_job_id":"c76d6549-c2a4-4364-94f6-ac09e299a0b1","html_url":"https://github.com/wallet77/qualscan","commit_stats":{"total_commits":227,"total_committers":1,"mean_commits":227.0,"dds":0.0,"last_synced_commit":"9c53024b0ed03f231e1e1012c9ea9ffc62895bd3"},"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallet77%2Fqualscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallet77%2Fqualscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallet77%2Fqualscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallet77%2Fqualscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wallet77","download_url":"https://codeload.github.com/wallet77/qualscan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248633141,"owners_count":21136813,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["budget","dependencies-tree","javascript","jscpd","npm","package","quality","thresholds"],"created_at":"2024-08-02T09:00:49.289Z","updated_at":"2025-04-12T21:24:49.560Z","avatar_url":"https://github.com/wallet77.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"[![GitHub release](https://img.shields.io/npm/v/qualscan.svg)](https://github.com/wallet77/qualscan/releases/)\n[![GitHub license](https://img.shields.io/github/license/wallet77/qualscan.svg)](https://github.com/wallet77/qualscan/blob/master/LICENSE)\n[![Opened PR](https://img.shields.io/github/issues-pr-raw/wallet77/qualscan.svg)](https://github.com/wallet77/qualscan/pulls)\n[![Opened issues](https://img.shields.io/github/issues/wallet77/qualscan.svg)](https://github.com/wallet77/qualscan/issues)\n[![DeepScan grade](https://deepscan.io/api/teams/12061/projects/15017/branches/292479/badge/grade.svg)](https://deepscan.io/dashboard#view=project\u0026tid=12061\u0026pid=15017\u0026bid=292479)\n[![CI pipeline](https://github.com/wallet77/qualscan/workflows/Node.js%20CI/badge.svg)](https://github.com/wallet77/qualscan/actions?query=workflow%3A%22Node.js+CI%22)\n[![Code coverage](https://img.shields.io/codecov/c/github/wallet77/qualscan.svg)](https://codecov.io/gh/wallet77/qualscan)\n[![Node version](https://img.shields.io/node/v-lts/qualscan.svg)](https://github.com/wallet77/qualscan)\n\n# Qualscan = Quality Scanner\n\n\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"examples/full_logo.png\"/\u003e\n\u003c/div\u003e\n\n**Qualscan analizes any type of project built on Javascript (NPM module, backend app, frontend app, etc).**\n\n![Qualscan example](https://github.com/wallet77/qualscan/blob/main/examples/run_qualscan.gif)\n\n\u003cp\u003e\n \u003ca href=\"#purpose\"\u003ePurpose\u003c/a\u003e •\n \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e •\n \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n \u003ca href=\"#using-config-file\"\u003eUsing config file\u003c/a\u003e •\n \u003ca href=\"#reporters\"\u003eReporters\u003c/a\u003e •\n \u003ca href=\"#api\"\u003eAPI\u003c/a\u003e •\n \u003ca href=\"#budget\"\u003eBudget\u003c/a\u003e •\n \u003ca href=\"#cicd\"\u003eCI / CD\u003c/a\u003e •\n \u003ca href=\"#test\"\u003eTest\u003c/a\u003e •\n \u003ca href=\"#license\"\u003eLicense\u003c/a\u003e\n\u003c/p\u003e\n\n## Purpose\n\nA CLI tool to run multiple plugins in order to check the quality of your Javascript project. \n**List of features:**\n- security audit of your dependencies\n- check dependencies updates\n- check code duplications\n- check project's size (bundle's size, number of files)\n- check project's structure (readme, license, etc)\n- check exact version of dependencies\n- check dependencies (missing or unused)\n- check dependencies size (number of dep, actual size, tree's depth)\n- require time of entrypoint (loading time when we require your project)\n\nIn addition you can run all you custom scripts. \nIt will give you a global score based on the number of successful tasks.\n\n## Output\n\nThis tool will basically returns 1 if, at least, one task has failed, otherwise it returns 0.\n\nBasic error output:\n![Qualscan error](https://github.com/wallet77/qualscan/blob/main/examples/error_output.png)\n\nA task is considered as successful if the `fail` threhsold (see \u003ca href=\"#budget\"\u003ebudgets\u003c/a\u003e) has not been exceeded.\n`warn` of `info` thresholds will bring you more information but the task will be considered as successful even if the thresholds are exceeded.\n\n## Installation\n\n```bash\n$ npm install qualscan -g\n```\n\n## Usage\n\n```bash\n$ qualscan\n```\n\n### Options\n\n**Display all existing options**\n```bash\n$ qualscan -h\n```\n\n**Run only a set of tasks**\n\n```bash\n$ qualscan --tasks security-audit updates\n```\n\n**Run only a set of scripts**\n\n```bash\n$ qualscan --scripts test\n```\n\n**Display tasks messages**\n\n```bash\n$ qualscan -v\n```\n\n**Display tasks messages by level**\n\n```bash\n$ qualscan -v -l warn\n```\n\n| Level | Description |\n|:-------------:|:--------------------------------:|\n| all | (default) display all logs |\n| error | Display errors only |\n| warn | Display warnings \u0026 errors |\n| info | Display info \u0026 errors \u0026 warnings | \n\u003cbr/\u003e\n\n**Send custom args to jscpd**\n\n```bash\n$ qualscan -cda \"--ignore tests/resources/code_duplication_failed/*\"\n```\n\nFor a full list of possible arguments, please follow this documentation: [Jscpd doc](https://github.com/kucherenko/jscpd/tree/master/packages/jscpd).\n\n**Check exact version for dev dependencies**\n\n```bash\n$ qualscan -devd\n```\n\n**Export current configuration**\n\n```bash\n$ qualscan exportConf\n```\n\n## Using Config file\n\nQualscan can use a configuration file instead of a list of options.\n\nYou can specify your configuration file in two different ways:\n\n1. **Use .qualscanrc file** \nBy default, Qualscan will check if .qualscanrc file is present in the current directory.\nYou can find an [example here](https://github.com/wallet77/qualscan/tree/main/examples/.qualscanrc).\n```json\n{\n \"scripts\": [\"linter\"],\n \"tasks\": [\n \"code-duplication\",\n \"security-audit\",\n \"updates\",\n \"package-check\",\n \"dependencies-exact-version\",\n \"project-size\",\n \"dependencies-check\",\n \"dependencies-size\",\n \"require-time\"\n ],\n \"code-duplication\": {\n \"args\": \"--ignore */resources/code_duplication_failed/* --gitignore\"\n },\n \"verbose\": true,\n \"level\": \"error\"\n}\n```\n\n2. **Use the option -c**\n```bash\n$ qualscan -c /pathTo/MyConfigFile.json\n```\n\n## Reporters\n\nBy default qualscan will use `text` reporter and display results in the console. \nAllowed reporters:\n- text\n- json\n- json in console\n\n```bash\nqualscan --reporters json\n```\nBy default the default path to store the report is: [workingDir]/report/qualscan_report.json\n\nDefine another report directory\n```bash\nqualscan --reporters json --reportPath \"myCustomDir/\"\n```\n\nTo display json in console\n```bash\nqualscan --reporters json --reportPath \"\"\n```\n\n## API\n\n```javascript\nconst qualscan = require('qualscan')\nconst report = await qualscan.run({\n tasks: ['code-duplication', 'project-size'],\n scripts: ['linter'],\n reporters: ['json'],\n reportPath: '' // return the report as JSON object\n}, 'path/to/my/project')\n```\n\n## Budget\n\nThe notion of budget comes from the [Webperf budget principle](https://developer.mozilla.org/en-US/docs/Web/Performance/Performance_budgets). \nWith this powerful tool you can define your own thresholds for each plugin. \nThe principle is the following:\n* for each plugin, define your thresholds: fail, warn or info\n* for each threshold set a value for every metrics\n\nExample in config file (for project's size plugin):\n```bash\n{\n \"project-size\": {\n \"budget\": {\n \"fail\": {\n \"entryCount\": 150,\n \"size\": 3000000,\n \"unpackedSize\": 60000000\n },\n \"warn\": {\n \"entryCount\": 100,\n \"size\": 300000,\n \"unpackedSize\": 6000000\n }\n }\n }\n}\n```\n\nBasic budgets output:\n![Budgets example](https://github.com/wallet77/qualscan/blob/main/examples/budgets.png)\n\nFor a task:\n - successful: if `fail` threshold has not been exceeded\n - otherwise the task has failed\n\nFor a threshold:\n - successful if all metrics are under their maximum value\n - otherwise it has failed\n\nSo a task can lead to an error, a warning or an information. \nThresholds can only be passed or failed.\n\n![Budgets errors example](https://github.com/wallet77/qualscan/blob/main/examples/budgets_errors.png)\n\n**List of all metrics per plugin**\n\n| Plugin | Key | Metric | Unit |\n|:--------------------:|:----------------------------:|:-------------------:|:----------------------------------------------------:|\n| Code duplication | code-duplication | percentageTokens | percentage of duplicated tokens |\n| | | percentage | percentage of duplicated lines |\n| Exact version | dependencies-exact-version | dependencies | number of range version in dependencies |\n| | | devDependencies | number of range version in dev dependencies |\n| Security audit | security-audit | critical | number of critical vulnerabilities |\n| | | high | number of high vulnerabilities |\n| | | moderate | number of moderate vulnerabilities |\n| | | low | number of low vulnerabilities |\n| | | info | number of info |\n| Project's size | project-size | entryCount | number of files |\n| | | size | size in bytes (only files in final bundle) |\n| | | unpackedSize | unpacked size in bytes (only files in final bundle) |\n| Dependencies updates | updates | major | number of major updates |\n| | | minor | number of minor updates |\n| | | patch | number of patch |\n| Check dependencies | dependencies-check | missing | number of missing dependencies |\n| | | dependencies | number of unused dependencies |\n| | | devDependencies | number of unused dev dependencies |\n| Dependencies size | dependencies-size | dependencies | number of all dependencies |\n| | | directDependencies | number of direct dependencies |\n| | | weight | total weight of node_modules folder (production) |\n| | | depth | maximum dependencies tree's depth (production) |\n| Require time | require-time | entrypointTime | loading time of the entrypoint : require('myModule') |\n\n## CI/CD\n\nQualscan can be easily integrated with any CI pipeline. \nYou can look at this [basic example with github actions](https://github.com/wallet77/qualscan/blob/main/.github/workflows/node.js.yml).\n\nTo see a typical output you can have a look at this page: [actions page](https://github.com/wallet77/qualscan/runs/1511486101?check_suite_focus=true), and click on step \"run the qualscan tool\".\n\nBasic CI output with Github actions:\n![CI example](https://github.com/wallet77/qualscan/blob/main/examples/ci.png)\n\n## Compatibility\n\n\n| Version | Supported | Tested |\n|:-------------:|:-------------:|:--------------:|\n| 20.x | yes | yes |\n| 18.x | yes | yes |\n| 16.x | yes | yes |\n\n## Test\n\n```bash\n$ npm test\n```\n\nRun with coverage\n\n```bash\n$ npm run coverage\n```\n\nCoverage report can be found in coverage/.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwallet77%2Fqualscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwallet77%2Fqualscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwallet77%2Fqualscan/lists"}