# nscm - the CLI Utility for [NodeSource Certified Modules](https://nodesource.com/products/certified-modules) `nscm` is a simple utility for [NodeSource Certified Modules](https://nodesource.com/products/certified-modules) that can be used to easily authenticate with your Certified Modules registry, to whitelist pacakges that fail certification, and to generate a detailed report about current project and the modules it depends on. ## Installation You can install it from `npm` by running: ``` $ npm install -g nscm ``` ## Usage This tool is meant to be used in the root folder of an application where the `package.json` file exists. ``` Usage: nscm [command] [options] Commands: config, c Configure nscm options help Display help report, r Get a report of your packages signin, s, login Sign in to nscm signout, o, logout Sign out of nscm verify Verify if all packages are certified whitelist, w Whitelist your packages Options: -C, --certified Shows only certified packages -c, --concurrency Concurrency of requests (defaults to 15) -d, --dot Formats the report in Graphiz dot (disabled by default) -f, --failed Shows only packages that failed certification (disabled by default) -g, --github Sign in using GitHub SSO (disabled by default) -G, --google Sign in using Google SSO (disabled by default) -h, --help Output usage information -j, --json Formats the report in JSON (disabled by default) -o, --output Save report to file (disabled by default) -p, --production Only check production (disabled by default) -r, --registry Certified modules registry (defaults to "") -s, --svg Formats the report in SVG (disabled by default) -t, --token Token for registry authentication (defaults to "") -v, --version Output the version number Additional Help Add -h to the 'config' or 'whitelist' commands for additional help concerning those commands. nscm config -h nscm whitelist -h ``` ## `nscm report` (default) Returns a report of matching certified packages and their certification scores. ``` $ nscm report please wait while we process the information ┌────────────────────────────────────┬───────────────┬────────┐ │ Package │ Version │ Score │ ├────────────────────────────────────┼───────────────┼────────┤ │ body-parser │ 1.15.2 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ │ debug │ 2.2.0 │ 70 │ ├────────────────────────────────────┼───────────────┼────────┤ │ ms │ 0.7.1 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ │ bytes │ 2.4.0 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ │ content-type │ 1.0.2 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ │ depd │ 1.1.0 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ │ http-errors │ 1.5.1 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ │ inherits │ 2.0.3 │ 100 │ ├────────────────────────────────────┼───────────────┼────────┤ ``` You can also pass `--json` to return the report in JSON format, `--svg` to return the report in SVG format, or `--dot` to return the report in [Graphviz][] DOT format. Use `--production` to return only `dependencies` and not `devDependencies` and `--output` to save a file (*.json* or *.svg*) for generated report. If you want to filter the output you can use `--certified` to show only certified packages or `--failed` to show only packages that failed certification. [Graphviz]: http://www.graphviz.org/ ``` $ nscm report --production --json please wait while we process the information [ { "name": "body-parser", "version": "1.15.2", "from": "1.15.2 <1.16.0", "score": 100 }, { "name": "debug", "version": "2.2.0", "from": ">=2.2.0 <2.3.0", "score": 70 }, { "name": "ms", "version": "0.7.1", "from": "0.7.1", "score": 100 }, { "name": "bytes", "version": "2.4.0", "from": "2.4.0", "score": 100 }, ... ``` ## `nscm whitelist` Check which packages aren't certified, and start an interactive prompt to add packages to the whitelist. ``` $ nscm whitelist please wait while we process the information 37 packages aren't certified, do you want to add them to the whitelist? ? add debug@2.2.0 Yes ? add setprototypeof@1.0.2 Yes ? add statuses@1.3.1 No ? add ee-first@1.1.1 No ? add unpipe@1.0.0 (ynaH) All ┌────────────────────────────────────┬───────────────┬────────┐ │ Package │ Version │ Score │ ├────────────────────────────────────┼───────────────┼────────┤ │ debug │ 2.2.0 │ 70 │ ├────────────────────────────────────┼───────────────┼────────┤ │ setprototypeof │ 1.0.2 │ │ ├────────────────────────────────────┼───────────────┼────────┤ ... ├────────────────────────────────────┼───────────────┼────────┤ │ source-list-map │ 0.1.8 │ │ ├────────────────────────────────────┼───────────────┼────────┤ │ webpack-core │ 0.6.9 │ │ └────────────────────────────────────┴───────────────┴────────┘ 35 packages added to the whitelist ``` You can also pass `--all` to add all the packages to the whitelist and `--json` to return the packages in a JSON format. ### `nscm whitelist add` Add a package and its dependencies to the whitelist. ``` $ nscm whitelist add debug@2.x ``` If you pass only the package name, `nscm` will use `latest`. You can also pass a semver range or a specific version. If a semver range is passed it will be resolved to the highest published version that matches the range. ### `nscm whitelist delete` Delete a package from the whitelist. ``` $ nscm whitelist delete debug ``` ### `nscm whitelist list` Lists all whitelisted packages. ``` $ nscm whitelist list ┌────────────────────────────────────┬───────────────┬────────┐ │ Package │ Version │ Score │ ├────────────────────────────────────┼───────────────┼────────┤ │ acorn │ 4.0.1 │ │ ├────────────────────────────────────┼───────────────┼────────┤ │ isarray │ 2.0.1 │ │ └────────────────────────────────────┴───────────────┴────────┘ 2 packages in the whitelist ``` ### `nscm whitelist reset` Removes all whitelisted packages. ## `nscm config` ### Configuration Options * `token` - Authentication Token. If not specified, it will be fetched from `~/.npmrc` - **required** * `registry` - Private NodeSource Certified Modules registry URL. If not specified, it will be fetched from `~/.npmrc` - **required** * `concurrency` - Concurrency of requests to package registry - default: 15 ### `nscm config set ` Modify the specified configuration option. ``` $ nscm config set concurrency 10 ``` ### `nscm config get` Gets a configuration option ``` $ nscm config get registry https://{registryId}.registry.nodesource.io ``` ### `nscm config delete` Deletes a configuration option. ``` $ nscm config delete token ``` ### `nscm config list` List all configuration options. ``` $ nscm config list concurrency = 15 registry = https://{registryId}.registry.nodesource.io ``` ### `nscm config reset` Reset all configuration options to default values. ``` $ nscm config reset ``` ## Authors and Contributors
Nathan WhiteGitHub/nwTwitter/@_nw_
Julián DuqueGitHub/julianduqueTwitter/@julian_duque
Adrián EstradaGitHub/edsadrTwitter/@edsadr
Max HarrisGitHub/maxharris9Twitter/@maxharris9
Tierney CyrenGitHub/bnbTwitter/@bitandbang
Giovanny GongoraGitHub/GioyikTwitter/@Gioyik
Contributions are welcomed from anyone wanting to improve this project! ## License & Copyright **nscm** is Copyright (c) 2017 NodeSource and licensed under the MIT license. All rights not explicitly granted in the MIT license are reserved. See the included [LICENSE.md](https://github.com/nodesource/nscm/blob/master/LICENSE.md) file for more details.