Skip to content

crda-javascript-api 0.0.2-ea.7

Install from the command line:
Learn more about npm packages
$ npm install @rhecosystemappeng/crda-javascript-api@0.0.2-ea.7
Install via package.json:
"@rhecosystemappeng/crda-javascript-api": "0.0.2-ea.7"

About this version

CodeReady Dependency Analytics JavaScript API
latest-no-snapshot latest-snapshot

This project is still a WIP. Currently, only Java's Maven ecosystem is implemented.

The Crda JavaScript API module is deployed to GitHub Package Registry.

Click here for configuring GHPR and gaining access to the crda-javascript-api module.

Create your token

Create a token with the read:packages scope

Based on GitHub documentation, In Actions you can use GITHUB_TOKEN

Configure GHPR access for NPM

Add the following line to the .npmrc file in your user home ( See GH Docs):

//npm.pkg.github.com/:_authToken=<your-ghp-token-goes-here>

Usage

Instruct NPM to look in GHPR for the RHEcosystemAppEng namespace.
Add @RHEcosystemAppEng:registry=https://npm.pkg.github.com to .npmrc in the project root or user home: 

echo "@RHEcosystemAppEng:registry=https://npm.pkg.github.com" >> .npmrc
  • Use as ESM Module

npm install @RHEcosystemAppEng/crda-javascript-api
import crda from '@RHEcosystemAppEng/crda-javascript-api'
import fs from 'node:fs'

// Get stack analysis in JSON format
let stackAnalysis = await crda.stackAnalysis('/path/to/pom.xml')
// Get stack analysis in HTML format (string)
let stackAnalysisHtml = await crda.stackAnalysis('/path/to/pom.xml', true)

// Get component analysis in JSON format
let buffer = fs.readFileSync('/path/to/pom.xml')
let componentAnalysis = await crda.componentAnalysis('pom.xml', buffer.toString())
  • Use as CLI Script

    • $ npx @RHEcosystemAppEng/crda-javascript-api help

Usage: crda-javascript-api {component|stack}

Commands:
  crda-javascript-api stack </path/to/manifest> [--html|--summary]               produce stack report for manifest path
  crda-javascript-api component <manifest-name> <manifest-content> [--summary]   produce component report for a manifest type and content

Options:
  --help  Show help                                                    [boolean]
    # get stack analysis in json format
$ npx @RHEcosystemAppEng/crda-javascript-api stack /path/to/pom.xml

# get stack analysis in json format (summary only)
$ npx @RHEcosystemAppEng/crda-javascript-api stack /path/to/pom.xml --summary

# get stack analysis in html format format
$ npx @RHEcosystemAppEng/crda-javascript-api stack /path/to/pom.xml --html

# get component analysis
$ npx @RHEcosystemAppEng/crda-javascript-api component pom.xml "$(</path/to/pom.xml)"
  • Use as Global Binary

    • npm install --global @RHEcosystemAppEng/crda-javascript-api
    # get stack analysis in json format
$ crda-javascript-api stack /path/to/pom.xml

# get stack analysis in json format (summary only)
$ crda-javascript-api stack /path/to/pom.xml --summary

# get stack analysis in html format format
$ crda-javascript-api stack /path/to/pom.xml --html

# get component analysis
$ crda-javascript-api component pom.xml "$(</path/to/pom.xml)"

    Excluding Packages

    Excluding a package from any analysis can be achieved by marking the package for exclusion.

    • Java Maven (pom.xml)
    <dependency> <!--crdaignore-->
  <groupId>...</groupId>
  <artifactId>...</artifactId>
  <version>...</version>
</dependency>

    Customizing

    There are 2 approaches for customizing Crda JavaScript API. Whether you're using this API as a Global Module, a Remote Script, or an ESM Module, you can use Environment Variables for various customization.

    However, ESM Module users, can opt for customizing programmatically:

    import crda from '@RHEcosystemAppEng/crda-javascript-api'
import fs from 'node:fs'

let options = {
    "CRDA_SNYK_TOKEN": "my-secret-snyk-token",
    "CRDA_MVN_PATH": "/path/to/my/mvn"
}

// Get stack analysis in JSON format
let stackAnalysis = await crda.stackAnalysis('/path/to/pom.xml', false, options)
// Get stack analysis in HTML format (string)
let stackAnalysisHtml = await crda.stackAnalysis('/path/to/pom.xml', true, options)

// Get component analysis in JSON format
let buffer = fs.readFileSync('/path/to/pom.xml')
let componentAnalysis = await crda.componentAnalysis('pom.xml', buffer.toString(), options)

    NOTE: If setting the same key in both environment variables and options, the environment variable will take precedence.

    Keep scrolling down for the available customizable keys.

    Customizing Tokens

    For including extra vulnerability data and resolutions, otherwise only available to vendor registered users. You can set the various vendor tokens as environment variables.

    Available token environment variables:

    Vendor Token Key
    Snyk CRDA_SNYK_TOKEN

    Customizing Executables

    This project uses each ecosystem's executable for creating dependency trees. These executables are expected to be present on the system PATH. If they are not, or perhaps you want to use custom ones. Use can use the following environment variables for setting custom paths for the said executables.

    Ecosystem Default Executable Key
    Maven mvn CRDA_MVN_PATH

    Details

    Assets

    • crda-javascript-api-0.0.2-ea.7.tgz

    Download activity

    • Total downloads 40
    • Last 30 days 0
    • Last week 0
    • Today 0

    Recent versions

    View all