mach-talos-dependencies-manager v0.2.3
Talos Dependencies Manager
In Greek mythology, Talos ... was a giant automaton made of bronze to protect Europa in Crete from pirates and invaders. He circled the island's shores three times daily. |
---|
As Mach needed to be protected from being overspread with duplicated or unwanted dependencies due to its growth, Talos was born as a module to standardize dependencies in the services repositories, and its function is to protect the services from risky, unmaintained or redundant libraries.
Getting started
The first step is to clone Talos repository to your local machine, and run npm i -g
to install globally Talos's commands. After running this command, your are ready to make use of all Talos funcionalities.
Talos features
As Talos was born to manage MACH's dependencies, it has (so far) two main functionalities: giving visibility of the dependencies (with their somehow objective reliability), and to standardize their usage therefore preventing to rely on unwanted libraries.
Talos interface
Talos has its own Talos website to give visibility to MACH members about all dependencies that are being used throughout the whole project, and their score and reliability according to some specific parameters. The specific information you can find about each dependecy in the website is:
- Basic Information: Description of the library and its main function, with a set of keywords that match such function.
- Score: Quantification of the library reliability obtained from npms, which is a specific weighing of 4 variables Quality, Maintenance, Popularity, and Personalities gathered from different sources such as Github.
- Usage: List of every MACH service that depends on such library, giving a big-picture of its criticality and propagation.
- Approval: Shows whether that specific library is whitelisted and accepted in MACH's stack.
Talos commands
Talos exposes several commands which bind to a specific functionality implemented by the package that allow access to valuable information regarding dependencies usage, reliability and acceptance by MACH developers team.
Talos check
(alias Talos c
): Command that executed on a specific project on your local machine, checks the dependencies declared in its package.json
file, and compares them to the ones included in Talos's whitelist (list of whitelisted dependencies), outputting every unsupported library with its score obtained with npms api.
[3] Unsupported dependencies:
-> es6-error [8.1/10]
-> serialize-error [8/10]
-> uuid [9.2/10]
Talos update
(alias Talos u
): Command that executed on Talos project, renders a dependencies.json
file which contains all the information that is to be exposed in Talos website and saves it into project's statics
folder. This command gets every dependency used throughout the whole MACH project -specifically in the backend stack and repositories-, and after retrieving each package information it generates the said dependencies file with their scores, description, and place of usage.
Talos whitelist
(alias Talos w
): Command that executed on a specific banch on Talos project, compares such branch's whitelist to the one present in the origin/master
one, outputting every dependency added/removed to/from the current branch's whitelist. This command is used to notify when MACH's dependency whitelist is to be modified, therefore this process runs every time a deployment in Talos project modifies the current active whitelist for every member of the MACH team to know about this new standard.
Dependency added: bluebird [9.3/10]
Dependency added: seneca [6.4/10]
Dependency removed: dud [1.2/10]
References
Every library with its score, acceptance and usage can be checked in the official Talos Website: