NPM Security Fetcher (WIP)

a Node.js CLI created to simplify the analysis of npm registry packages.

About

I personally created this project to analyze npm packages by various criteria (popularity etc). Most researchers re-create the same codes over and over again and I thought it might be nice to have a CLI and various methods to simplify our lives.

Features

- Pull packages from the npm registry by divers criteria.
- Offers you various methods to read and extract information from the npm tarball.
- Functionalities can be extended

Requirements

- Node.js v22 or higher

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

``

bash

$ npm i npm-security-fetcher -g

or

bash

$ git clone https://github.com/fraxken/npm-security-fetcher.git

$ cd npm-security-fetcher

$ npm ci

$ npm link





Then the nsf binary will be available in your terminal.

bash

$ nsf --help





Usage example



The first step is to create a javascript file with three methods:



- init (run before fetching and extracting packages from the npm registry).

- run (called for each downloaded npm packages).

- close (run at the end when there is no more packages to fetch).



This script must use the latest Node.js ESM (it also support top-level-await).

js

import path from "path";



export async function init() {

  const baseDir = path.join(process.cwd(), "results");



  return { baseDir }; // <-- init and return context object!

}



export async function close(ctx) {

  console.log("close triggered");

}



export async function run(ctx, { name, location, root }) {

  console.log(ctx.baseDir);

  console.log(

handle package name: ${name}, location: ${location}

);

}





> There is no restriction on the nature of the context.



After editing your file you can run your script as follows

bash

$ nsf npm myfile.js

``

The root folder "example" contains real world examples that are used (for js-x-ray etc).

Contributors ✨

![All Contributors](#contributors-)

Thanks goes to these wonderful people (emoji key):

_Gentilhomme
💻 📖 👀 🛡️ 🐛

_{Nicolas Hallaert}
📖

_WildCöde
💻

_{Kouadio Fabrice Nguessan}
🚧

License

MIT

NPM Security Fetcher (WIP)

a Node.js CLI created to simplify the analysis of npm registry packages.

About

Features

- Pull packages from the npm registry by divers criteria.
- Offers you various methods to read and extract information from the npm tarball.
- Functionalities can be extended

Requirements

- Node.js v22 or higher

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

``

bash

$ npm i npm-security-fetcher -g

or

bash

$ git clone https://github.com/fraxken/npm-security-fetcher.git

$ cd npm-security-fetcher

$ npm ci

$ npm link





Then the nsf binary will be available in your terminal.

bash

$ nsf --help





Usage example



The first step is to create a javascript file with three methods:



- init (run before fetching and extracting packages from the npm registry).

- run (called for each downloaded npm packages).

- close (run at the end when there is no more packages to fetch).



This script must use the latest Node.js ESM (it also support top-level-await).

js

import path from "path";



export async function init() {

  const baseDir = path.join(process.cwd(), "results");



  return { baseDir }; // <-- init and return context object!

}



export async function close(ctx) {

  console.log("close triggered");

}



export async function run(ctx, { name, location, root }) {

  console.log(ctx.baseDir);

  console.log(

handle package name: ${name}, location: ${location}

);

}





> There is no restriction on the nature of the context.



After editing your file you can run your script as follows

bash

$ nsf npm myfile.js

``

The root folder "example" contains real world examples that are used (for js-x-ray etc).

Contributors ✨

![All Contributors](#contributors-)

Thanks goes to these wonderful people (emoji key):

_Gentilhomme
💻 📖 👀 🛡️ 🐛

_{Nicolas Hallaert}
📖

_WildCöde
💻

_{Kouadio Fabrice Nguessan}
🚧

License

MIT

@nodesecure/npm-security-fetcher

NPM Security Fetcher (WIP)

About

Features

Requirements

Getting Started

Usage example

Contributors ✨

License

@nodesecure/npm-security-fetcher

NPM Security Fetcher (WIP)

About

Features

Requirements

Getting Started

Usage example

Contributors ✨

License