npmsafe

    1.0.12 • Public • Published

    npmsafe

    use npm safety

    Problem

    Nodejs应用仓库钓鱼

    npm repository may contain some harmful packages,
    and these packages may protect them use some similar words as popular package,
    such as goodjs to good-js, but good-js may contain harmful codes.

    Solution

    use npmsafe instead of npm

    Badgers

    NPM

    Build Status

    Dependency Status

    Join the chat at https://gitter.im/ueqt/npmsafe

    Installation

    Through npm:

    npm i npmsafe -g

    Through GitHub:

    git clone git@github.com:ueqt/npmsafe.git
    cd npmsafe
    npm link

    Uninstall

    npm remove npmsafe -g

    Publish

    npm publish

    Usage

    npmsafe xxx

    support all commands and arguments that npm support.

    Example:

    $ npmsafe install express

    npmsafe check

    cd to folder which contains package.json, this command will check packages in package.json.
    if something not verified, you can check it's downloads count in last month to judge it safe or not.

    Example:

    $ npmsafe check
     
    Analysing ~/git/xxx/package.json
     Not verified(package[downloads in npmjs in last month or stars in github(todo)]): 7
    mysql [ 171232 ]
    moment [ 1025532 ]
    later [ 6008 ]
    nodemailer [ 242134 ]
    nodeutil [ 1111 ]
    lodash [ 7512304 ]
    influx [ 5146 ]
    You can choose one choice:
    [  1  ].Stop(Default)
    [  2  ].Continue
    [  3  ].Continue and save to whitelist
    Please input your choice:

    custom whitelist

    I will add much internal whitelist, but you still need more whitelist.
    So when you choose 3 in install time, it will save to your custom whiltelist.
    Custom whitelist is at ~/.npmsafe/customWhiteList.txt , you can also edit it manually.

    Todo

    make a tool to automatically check npmjs repository and create whitelist.json more reliable

    Install

    npm i npmsafe

    DownloadsWeekly Downloads

    2

    Version

    1.0.12

    License

    MIT

    Last publish

    Collaborators

    • ueqt