$ cd examples
$ cd hello-npm
$ periscope .
warning: unscoped publication name "hello-npm" vulnerable to spoofing: package.json
warning: unscoped dependency name "express" vulnerable to spoofing: package.json
warning: unscoped dependency name "redis" vulnerable to spoofing: package.jsonSee periscope -h for more options.
NPM provides scoped package names using an at sign (@) prefix. Scoped names are safer than classical names. For example, anyone can publish packages with names similar to redis, but only authorized members of the scope are allowed to publish packages with the @redis/ namespace.
periscope automates scanning large, complex projects to identify first party and third party code that uses unscoped package names.
https://www.npmjs.com/package/@mcandre/periscope
BSD-2-Clause
- Node.js 20.17.0+
- Yarn 4.5.0+
For more information on developing periscope itself, see DEVELOPMENT.md.
- booty, a task runner convention for ECMAScript/JavaScript/Node.js/altJS projects
- linters, a wiki of common programming language linters and SAST tools
- stank, a collection of shell script linter utilities
- unmake, a linter for makefiles