New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@condenast/opensource-check

Package Overview
Dependencies
Maintainers
357
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@condenast/opensource-check

Test Runner for Open Source Conventions

latest
Source
npmnpm
Version
0.0.5
Version published
Weekly downloads
68
-48.48%
Maintainers
357
Weekly downloads
 
Created
Source

OpenSource Check ✅

A Test Runner for verifying Open Source conventions in JavaScript projects

license

Proudly built by:

Pre-Requisites

This utility can currently only be used for JavaScript/Node projects.

Install

This utility can be used as a temporary dependency, global dependency or a dev dependency.

Head over to the usage section below on how to set it up based on your preference.

Usage

Parameters

The utility accepts the following parameters:

  • --path - to specify the path of your project directory (defaults to current working directory)
  • --org - to specify the npm organization namespace for your project

Usage as a temporary dependency

This is great option for taking this a quick spin!

npx @condenast/opensource-check --path <your-project-path>
npx @condenast/opensource-check --path ./glamorous
npx @condenast/opensource-check --path ./xml-to-react --org condenast

Usage as a global dependency

This is a good option if you plan to use this frequently but don't want it to be a part of your project setup.

npm install -g @condenast/opensource-check

opensource-check --path <your-project-path>
opensource-check --path ./glamorous
opensource-check --path ./xml-to-react --org condenast

Usage as a dev dependency

This is a wonderful option if you plan to use this as part of your project workflow including using in CI environment.

npm install -D @condenast/opensource-check

npx @condenast/opensource-check --path <your-project-path>
npx @condenast/opensource-check --path ./glamorous
npx @condenast/opensource-check --path ./xml-to-react --org condenast

Screenshot

This is a sample screenshot of running this utlility:

Checklist

The current checklist of things that are verified by the utility on every run:

Documentation

  • Has a README
    • Has a Title
    • Has an Install section
    • Has a Usage section
  • Has a License
  • Has a Code of Conduct
  • Has Contributing Guidelines
  • Has an Issue template
  • Has a Pull Request template
  • Has a Changelog
  • Has Examples

Development

  • Has a package.json
    • Has org namespace, if applicable
    • Has a version
    • Has a description
    • Has a main or bin
    • Has a link to git repository
    • Has contributors
    • Has a license
  • Has a .gitignore
  • Has a linter
  • Has a test runner

Boilerplate

These documents are provided under the boilerplate directory for use by any project:

Projects that Checked-Out!

This is a list of projects that pass the Open Source Checks:

Thanks

We were inspired by the ideas and code of the following projects:

Contributors

See the list of contributors who participated in writing this tool.

Keywords

opensource
javascript
jest
linter

FAQs

Package last updated on 24 May 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026