1.1.1 • Published 4 years ago
npm-vs-repo v1.1.1
node-risk
Insight into an npm repo:
- Downloads the tarball from node
- Extracts it to a temporary folder
- Clones the claimed linked repository
- Diff the published folder with the repository folder
Quick check
Using npx you can quickly check the differences between a npm package and it's claimed repository.
npx npm-vs-repo PACKAGE_NAME
Development
Clone and npm i
this repo then run ./bin/risk PACKAGE_NAME
to perform the above actions.