Awesome
periscope: NPM/Yarn dependency scope linter
EXAMPLES
$ cd examples
$ cd hello-npm
$ periscope .
warning: unscoped publication name "hello-npm" vulnerable to spoofing: package.json
warning: unscoped dependency name "express" vulnerable to spoofing: package.json
warning: unscoped dependency name "redis" vulnerable to spoofing: package.json
See periscope -h
for more options.
ABOUT
NPM provides scoped package names using an at sign (@
) prefix. Scoped names are safer than classical names. For example, anyone can publish packages with names similar to redis
, but only authorized members of the scope are allowed to publish packages with the @redis/
namespace.
periscope automates scanning large, complex projects to identify first party and third party code that uses unscoped package names.
NPM
https://www.npmjs.com/package/@mcandre/periscope
LICENSE
BSD-2-Clause
REQUIREMENTS
- Node.js 20.17.0+
Optional
- Yarn 4.5.0+
CONTRIBUTING
For more information on developing periscope itself, see DEVELOPMENT.md.