堆栈内存溢出
  简体   繁体   English

如何使用CI检查NPM依赖关系

[英]How to Check NPM Dependencies with CI

 原文  2016-01-22 13:47:19       node.js/ npm/ travis-ci

问题描述

I've recently been trying to find a way to have a regular check on the dependencies of a project, this would ideally look for new versions of packages as well as deprecation. 我最近一直在尝试寻找一种方法来定期检查项目的依赖关系,理想情况下,它会寻找新版本的软件包以及不赞成使用的软件包。

At the moment, npm-check, depcheck and other such plugins seem to either not work or aren't returning the results that I'd expect (ie not flagging unused dependencies). 目前,npm-check,depcheck和其他此类插件似乎不起作用或未返回我期望的结果(即未标记未使用的依赖项)。

Does anyone know of a good way to test for this kind of thing? 有人知道测试这种事情的好方法吗?

2 个解决方案

解决方案1
 0 已采纳  2016-01-22 15:31:02

For new versions of packages, I've been pleased with greenkeeper . 对于新版本的软件包,我对greenkeeper感到满意。 It sends you pull requests whenever a new version of a package you depend on is released. 每当您依赖的软件包的新版本发布时,它都会向您发送拉取请求。 Then your CI configuration should run tests against the code in the PR. 然后,您的CI配置应针对PR中的代码运行测试。

Not sure if they currently warn about deprecated packages, but the theory is if you are always using the latest release, you will never be using a deprecated version. 不知道他们当前是否警告过时的软件包,但是理论上讲,如果您始终使用最新版本,则永远不会使用过时的版本。 That is unless the entire package and all versions get deprecated for some reason. 除非出于某种原因弃用了整个软件包和所有版本。

I don't believe it flags unused dependencies either, but you might consider asking them to add that feature. 我也不相信它会标记未使用的依赖项,但您可以考虑要求他们添加该功能。 Their support seems pretty attentive to the needs of users. 他们的支持似乎很贴心用户的需求。

解决方案2
 0  2016-02-22 16:30:52

I ended up using the David NPM module to check the status of the packages and pass / fail a mocha test based on the result: 我最终使用David NPM模块检查软件包的状态,并根据结果通过/失败了mocha测试:

https://github.com/alanshaw/david https://github.com/alanshaw/david

You can see the example code on web-starter-kit: 您可以在web-starter-kit上查看示例代码:

https://github.com/google/web-starter-kit/blob/11562f490fe17cfc88ba86742de6345469b70779/test/dependency-checker.js https://github.com/google/web-starter-kit/blob/11562f490fe17cfc88ba86742de6345469b70779/test/dependency-checker.js

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 npm:如何提取依赖关系? - npm: How to extract dependencies? 在VS Team Services CI版本中通过npm安装私有依赖项 - Installing private dependencies via npm in a VS Team Services CI build Npm ci:为什么在 vscode 终端上没有对等依赖项错误 - Npm ci : why no peer dependencies error on vscode terminal 如何修复 npm 依赖中的漏洞? - How to fix vulnerability in npm dependencies? GitHub 动作 CI 检查 npm 测试保持运行不停 - GitHub action CI check for npm test keep running non stop 检查npm依赖项是否存在安全问题的最佳方法是什么? - What is the best way to check npm dependencies for security issues? 依赖共享的 NPM 依赖 - NPM dependencies shared by dependencies 如何使用 NPM 更新开发依赖项? - How do I update development dependencies with NPM? 如何列出应用程序npm软件包及其相关版本 - How to list app npm packages and dependencies with their versions 如何锁定云函数中的 npm 依赖项 - How to lock down npm dependencies in a cloud function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM