Skip to content

Latest commit

 

History

History
108 lines (75 loc) · 3.34 KB

README.md

File metadata and controls

108 lines (75 loc) · 3.34 KB

Dxworks depinder

This project was generated using the dxworks-template-node-ts repository template.

Installation

Use npm to install

npm i -g @dxworks/depinder

or, to use it from dxw cli:

dxw plugin i @dxworks/depinder

To check if the installation was successful, run:

depinder --version

Configuration

Depinder relies on GitHub and Libraries.io to get information about packages and known security vulnerabilities. In order to call these downstream services, you need to add two environment variables with the corresponding tokens:

  • GH_TOKEN should contain a GitHub token with the read:packages scope.
  • LIBRARIES_IO_API_KEY should contain the Libraries.io API Key.

Preprocess data

If you want to run Depinder on a project that has not been processed by Depminer before, you need to run the following command to generate the folder structure:

dxw depminer construct <path-to-dx-dependencies-folder> <path-to-exported-folder>

After doing this, some package managers will require some more post-processing, in order to generate the dependency tree or the lock file.

Maven

To generate the dependency tree for a maven project, run the following command in each project (or root project in case they contain modules):

mvn dependency:tree -DoutputFile=deptree.txt

This command should create a deptree.txt file next to each pom.xml file. This file will be processed by MavenMiner to generate the a pom.json file, that corresponds to the expectations that the Depinder Java plugin has.

Gradle

To generate the dependency tree for a gradle project, run the following command in each project (or root project in case they contain modules):

gradle dependencies --configuration compileClasspath > deptree.txt

This command should create a deptree.txt file next to each build.gradle file. This file will be processed by GradleMiner to generate the a gradle.json file, that corresponds to the expectations that the Depinder Java plugin has.

Usage

The following commands can be used either as standalone, or with the dxw prefix ahead.

Cache command

To check if the MongoDB cache is running:

depinder cache

To initalise the Redis cache:

depinder cache init

To start the MongoDB cache:

depinder cache start

To stop the MongoDB cache:

depinder cache stop

To see what is available in the cache, please visit the Mongo Express Dashboard.

Analyse

To analyse a project, run the following command:

depinder analyse <paths-to-analysed-project-folders> ... -r <path-to-results-folder>

This command gets as an argument multiple fully qualified folder paths and will automatically run all plugins that are available for the project's used languages and export the results in the specified results folder.

Acknowledgements

Packagist api calls were inspired by packagist-api-client. Depinder also uses some libraries from Snyk.io to parse dependency files.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

Apache-2.0