npmsafe v1.0.12
npmsafe
use npm safety
Problem
npm repository may contain some harmful packages,
and these packages may protect them use some similar words as popular package,
such asgoodjstogood-js, butgood-jsmay contain harmful codes.
Solution
use npmsafe instead of npm
Badgers
Installation
Through npm:
npm i npmsafe -gThrough GitHub:
git clone git@github.com:ueqt/npmsafe.git
cd npmsafe
npm linkUninstall
npm remove npmsafe -gPublish
npm publishUsage
npmsafe xxx
support all commands and arguments that npm support.
Example:
$ npmsafe install expressnpmsafe check
cd to folder which contains package.json, this command will check packages in package.json.
if something not verified, you can check it's downloads count in last month to judge it safe or not.
Example:
$ npmsafe check
Analysing ~/git/xxx/package.json
Not verified(package[downloads in npmjs in last month or stars in github(todo)]): 7
mysql [ 171232 ]
moment [ 1025532 ]
later [ 6008 ]
nodemailer [ 242134 ]
nodeutil [ 1111 ]
lodash [ 7512304 ]
influx [ 5146 ]
You can choose one choice:
[ 1 ].Stop(Default)
[ 2 ].Continue
[ 3 ].Continue and save to whitelist
Please input your choice:custom whitelist
I will add much internal whitelist, but you still need more whitelist.
So when you choose 3 in install time, it will save to your custom whiltelist.
Custom whitelist is at ~/.npmsafe/customWhiteList.txt , you can also edit it manually.
Todo
make a tool to automatically check npmjs repository and create whitelist.json more reliable