Bithound is a great tool. Looks like bithound has a cli, but it can only check a repo at a url, and we can't run it locally before a commit happens (as part of npm test). So it's more of a post-commit tool, which is fine. For a nested project like cordova-lib however, it can't analyze the dependencies -- I'm not sure if you can configure it to handle that repo.
Also it's free for open source projects (and has badges, etc). Take a look at cordova-js, ouch: https://www.bithound.io/github/apache/cordova-js/ On Sat, Jun 25, 2016 at 2:02 AM, Jesse <purplecabb...@gmail.com> wrote: > I would rather let bithound[1][2] handle that stuff, instead of adding a > bunch of code to our tests for this. > Here's a fix. [3] > > [1] https://www.bithound.io/github/purplecabbage/cordova-coho > [2] https://www.bithound.io/github/apache/cordova-coho/ > [3] https://github.com/apache/cordova-coho/pull/128 > > > > > > > > > > > @purplecabbage > risingj.com > > On Sat, Jun 25, 2016 at 1:15 AM, Shazron <shaz...@apache.org> wrote: > > > I think it's the first [1]. > > > > This is in cordova-coho [2], from a test [3] that our former intern > Vishal > > (now employee) added. I'm not sure if any other repos are using a nsp > test > > besides coho. > > > > We should add this check to our other repos that use node libraries. > > > > Thoughts? > > > > [1] https://issues.apache.org/jira/browse/CB-11484 > > [2] https://github.com/apache/cordova-coho > > [3] > > > > > https://github.com/apache/cordova-coho/blob/c802314090dc262ef41444397a646f5bd178b3db/package.json#L32 > > >
