This project was generated using the dxworks-template-node-ts repository template.
Use npm to install
npm i -g @dxworks/depinderor, to use it from dxw cli:
dxw plugin i @dxworks/depinderTo check if the installation was successful, run:
depinder --versionDepinder relies on GitHub and Libraries.io to get information about packages and known security vulnerabilities. In order to call these downstream services, you need to add two environment variables with the corresponding tokens:
GH_TOKENshould contain aGitHubtoken with theread:packagesscope.LIBRARIES_IO_API_KEYshould contain theLibraries.ioAPI Key.
If you want to run Depinder on a project that has not been processed by Depminer before,
you need to run the following command to generate the folder structure:
dxw depminer construct <path-to-dx-dependencies-folder> <path-to-exported-folder>After doing this, some package managers will require some more post-processing, in order to generate the dependency tree or the lock file.
To generate the dependency tree for a maven project, run the following command in each project (or root project in case they contain modules):
mvn dependency:tree -DoutputFile=deptree.txtThis command should create a deptree.txt file next to each pom.xml file.
This file will be processed by MavenMiner to generate the a pom.json file, that corresponds to the expectations that the Depinder Java plugin has.
To generate the dependency tree for a gradle project, run the following command in each project (or root project in case they contain modules):
gradle dependencies --configuration compileClasspath > deptree.txtThis command should create a deptree.txt file next to each build.gradle file.
This file will be processed by GradleMiner to generate the a gradle.json file, that corresponds to the expectations that the Depinder Java plugin has.
The following commands can be used either as standalone, or with the dxw prefix ahead.
To check if the MongoDB cache is running:
depinder cacheTo initalise the Redis cache:
depinder cache initTo start the MongoDB cache:
depinder cache startTo stop the MongoDB cache:
depinder cache stopTo see what is available in the cache, please visit the Mongo Express Dashboard.
To analyse a project, run the following command:
depinder analyse <paths-to-analysed-project-folders> ... -r <path-to-results-folder>This command gets as an argument multiple fully qualified folder paths and will automatically run all plugins that are available for the project's used languages
and export the results in the specified results folder.
Packagist api calls were inspired by packagist-api-client.
Depinder also uses some libraries from Snyk.io to parse dependency files.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.