Npm Consider Versions Save

Now if your package.json or transitive dependency packages will have dependency from public git repository on GitHub it will be correctly calculated.

This now works as expected.

  "dependencies": {
    "eslint": "github:eslint/eslint#v5.3.0",
    "webpack": "git+ssh://[email protected]/webpack/webpack.git"
  },

Known issues:

• Feature works via GitHub API which has 60 requests per our limit (without token)
• This does not work yet: github:eslint/eslint#v5.3.0
• Private repositories does not work

If you need this fixed please submit a new issue here

Now you can use npm-consider with private registries via associating a scope with a registry

npm login --registry=http://reg.example.com --scope=@myco

or

npm config set @myco:registry http://reg.example.com

Thanks Fabian for this contribution!

Currently, npm-consider supports only packages hosted on registry.npmjs.org. Dependencies defined via git or http URLs will be skipped.

Now you can call npm-consider install and get stats for a local package in the current directory.

Additionally you can provide limits in your package.json

"config": {
  "maxPackagesNumber": 100,
  "maxSizeBites": 840400,
  "allowedLicenseTypes": [
    "permissive",
    "publicDomain",
    "uncategorized"
  ]
}

and call npm-consider install --test in your automation scripts. If all limits are satisfied command will exit with code=0; otherwise code=1.

Now, when analysing dependencies in local package.json with npm-consider install you can provide --production option to skip devDependencies

Now you can type $ npm-consider install and see stats for local package

Now, if project contains yarn.lock file, then npm-consider will do yarn add with corresponding options.

To make tool consistent with categories from https://medium.com/@vovabilonenko/licenses-of-npm-dependencies-bacaa00c8c65