GithubHelp home page GithubHelp logo

npms-www's Introduction

npms-www

Build Status Dependency status Dev Dependency status

The https://npms.io website.

Installation

$ npm install

Development

Simply spawn the server by running $ npm run serve. This will create a server defaulting to the dev environment. You may preview the production build by running $ npm run build && npm run serve -- --env prod.

Deploys

There's a separate document that explains the deployment procedure, you may read it here.

Tests

$ npm test
$ npm test-cov # to get coverage report

License

Released under the MIT License.

npms-www's People

Contributors

ankurk91 avatar atduarte avatar dandv avatar delapouite avatar greenkeeper[bot] avatar greenkeeperio-bot avatar mkwtys avatar montogeek avatar peterramsing avatar satazor avatar sonicdoe avatar soul-wish avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar

npms-www's Issues

'Insecure' tag shown but no vulnerabilities

'Insecure' tags are being applied to some packages which do not have any apparent vulnerabilities.

For example lostofs currently has a red 'insecure' tag, see first result from the npms.io search.

Hovering over the tag it says:

Package [email protected] has 3 vulnerabilities. For more details, check against nodesecurity.io.

However, following the link to nodesecurity.io it says there are none:

There are no known vulnerabilities for lostofs@latest or any of its dependencies.

Loading npms.io locally animates the closed-by-default menu

When the page is opened, the white "morph" effect plays for closing the menu on the right, despite the fact that the menu was never opened.

EDIT: This appears to only occur when developing locally: localhost:8080, but not on the live site: npms.io

Link to package details page on yarnpkg.com

The yarnpkg website recently got a search feature and package details page. The search is kinda meh compared to npms, but the package details page is really awesome (example) and far superior to the one on npmjs.com. Would it be a good idea to link to that as well from the results? What do you think?

Community reviews

Currently, the analyzer looks to help with determining the "relevance" of the module on the basis of Github activity. One step ahead would be to add a community driven review system for the modules.

Essentially, "amazon-like" star based reviews and comments. The main aim is to incorporate this into search results so that good modules show up higher than crappier ones. What do you guys think about this?

Proposal: refresh button

Hello! Thanks for doing npms – it is great tool!

I use API in my open-source project to manage plugins. Several times I had a situation when plugin ( === npm package) is updated and published to npm, but npms API result updated only after some time.

I suppose that you don't have hooks from npm registry and you have to update your cache time to time and I'm thinking if it is possible to add refresh button to package page? Or maybe you have other ways to make updates faster?

Link to modules repo in the search results.

Personally, if it's available, I would just a soon have the GitHub repo be the default link.

Failing that, it would be nice to have a link to the repo (just add a clickable GH icon?)

Searching for a module by exact name

While I find this tool useful for package discovery, it doesn't seem to work as expected when you look for a package by its name. Try uglifyjs, for instance: you have to scroll almost all the way down the 127-result list to find the one you're looking for. Try react: I was not able to find it at all!

What about including in the first place the module by that name? This is also something that I find lacking in the official npmjs.com site, but at least I can easily find react :)

Homepage contents

I think that until we have some contents to add to the homepage, we could show the contents of the About page. People that now visit the homepage don't understand why this project exists and how it's different from others.

@satazor: What do you think?

Make navigation menu springier

The navigation menu’s opening “spring” is great! I think it would make the effect more continuous if it happened on menu close. Here it is (in Firefox 47):

springy-menu

Thoughts? I could take a peek at the CSS/JS and open a PR if interested.

Search within chromes address bar is broken

Whenever I want to use Chrome's search feature in the Adress Bar, I get 0 results, because the url transforms from

screen shot 2017-07-14 at 14 13 05

to

https://npms.io/search?term=ramda

but npms.io uses

https://npms.io/search?q=ramda

Please 1. either allow term again or tell chrome to use q instead of term.

Search for modules with type definitions

It'd be really cool to be able to search modules that have TypeScript definitions. These modules can be identified by types or typings as a string pointing to a .d.ts file at the root of package.json. I'd be happy to attempt this if there's a pointer on where to start and whether it sounds like an acceptable feature. It could be implemented as a new option, or something is is:types. There's also the @types namespace on NPM which are third-party definitions, those could be included with is:@types (being a inferior alternative to native types).

[idea] Clickable tags

Currently tags displayed on result pages are unclickable.

I propose that when clicking on a tag, it should triggers a new search with this word.

Body overflow-y

You might want overflow-y: auto; on <body>. Looks better.

Logo and identity design

https://npms.io doesn't have a logo yet and I don't have any experience in drawing logos. If anyone would like to contribute with a logo and identity proposal, please post a comment in this thread. The person behind the chosen logo will be headed to the about page.

Thanks, help would be much appreciated!

  • Logo + identity
  • Favicon
  • Touch icons and the like

Leaking package maintainer email to bots

Hi,
The website https://npms.io is leaking all package maintainer email addresses to bots.
It is visible to Google (try to search email address on google) and scrapping sites can scrap the email addresses to spam them.

screenshot from 2018-07-14 11 08 16
You can notice email address in image tag's alt attribute.

screenshot from 2018-07-14 11 14 15

I know that npm requires to have a pubic email. But npm itself never expose it to pubic in that way.

An in-range update of stylelint is breaking the build 🚨

Version 7.11.1 of stylelint just got published.

Branch Build failing 🚨
Dependency stylelint
Current Version 7.11.0
Type devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As stylelint is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪

Status Details
  • continuous-integration/travis-ci/push The Travis CI build could not complete due to an error Details

Release Notes 7.11.1
  • Fixed: media-feature-name-*list now accept arrays for their primary options (#2632).
  • Fixed: selector-* now ignore custom property sets (#2634).
  • Fixed: selector-pseudo-class-no-unknown now ignores Less :extend (#2625).
Commits

The new version differs by 10 commits.

  • 3ae1b72 Add an ignorePattern example for URL in comments in max-line-length (#2635)
  • c0b3e17 Prepare 7.11.1
  • 239e749 Add an ignorePattern test for URLs in comments in max-line-length (#2636)
  • d092c46 Create CHANGELOG.md
  • 9baf0d0 Fixed: ignore custom property sets in selector rules. (#2634)
  • f3f4fd2 Create CHANGELOG.md
  • 861a1bd Fixed: media-feature-name-whitelist and media-feature-name-blacklist now accept array as first option. (#2632)
  • 76df61d Create CHANGELOG.md
  • 93fb065 Fixed: ignore less :extend in selector-pseudo-class-no-unknown. (#2625)
  • d229a67 chore(package): update del to version 3.0.0 (#2616)

See the full diff

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.


Your Greenkeeper Bot 🌴

[Feature Request] Display package size

I am considering writing a tool to do this because it might be outside the scope of this project.

There is already https://bundlephobia.com which is great for front end dependencies that get bundled with webpack but it doesn't tell you about the size of dev dependencies such as test frameworks.

There is already a request to add this to npmjs.com here: npm/www#197

Is this a feature that could be used by npms.io? (forgive me if this is the wrong repo)

An in-range update of eslint-plugin-react is breaking the build 🚨

Version 6.10.1 of eslint-plugin-react just got published.

Branch Build failing 🚨
Dependency eslint-plugin-react
Current Version 6.10.0
Type devDependency

This version is covered by your current version range and after updating it in your project the build failed.

As eslint-plugin-react is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.

I recommend you give this issue a high priority. I’m sure you can resolve this 💪


Status Details
  • continuous-integration/travis-ci/push The Travis CI build failed Details
Release Notes v6.10.1

Fixed

Commits

The new version differs by 11 commits .

  • ab03af8 Update CHANGELOG and bump version
  • b646485 Merge pull request #1089 from benstepp/bs-multicomp-false-positives
  • c038899 Bug fix for false positives with no-multi-comp
  • 8148833 [Fix] Update void-dom-elements-no-children createElement checks
  • c45ab86 Merge pull request #1081 from webOS101/jsx-indent-fix
  • 7863a5c Fix jsx-indent single line jsx
  • 416deff Update void-dom-elements-no-children
  • 22f3638 Merge pull request #1077 from iancmyers/fix-jsx-indent-template-conditional
  • c6f4a5e Fix error caused by templates in ConditionalExpressions (jsx-indent)
  • a4b6a85 Merge pull request #1058 from kentcdodds/pr/jsx-indent-tabs-fix
  • 6e5f688 [Fix] jsx-indent with tabs (fixes #1057)

See the full diff.

Not sure how things should work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.


Your Greenkeeper Bot 🌴

Autofocus the input

It would be amazing if you autofocus the search input. 😁 Then we wouldn't have to click on that input.

Thanks for amazing product!

Preview metadata information of search result

This is merely a suggestion to a comment thread posted on Reddit about this project.
Adding a preview modal view when hovering over a link to a package on the search result could show a quick summary of the meta information of said package.
Such information could include but is not limited to:

  • Downloads in last 30 days
  • Amount of GH stars
  • Last updated date
  • Dependency count
  • Dependent count
  • Past version count
  • Current unstable/RC version
  • Direct GH link for quick access to repository

Link to thread in question: comment

(Suggestion) Back with menu open should close the menu

Hi there, nice UI, clean and simple, just the way i like it :)

Is it possible to have the back button (browser back i mean) close the menu if it's open.
I believe that this would be better, especially on mobile where the natural instinct is to press the back button to get out of stuff.

Currently back does history back in all cases.

I would be more then happy to fix this myself :) if it is something that's wanted.

Cheers,
Boogie

npms.io search broken (

Whatever I type in the search field it says "Oops, an error ocurred while fetching the results".

screen shot 2017-08-05 at 13 09 41

what folks were requesting of npm's search

Just forwarding a link to a issue/request made long ago at about npm's website which never went anywhere.

Very happy to see someone else has finally picked up the ball and run with this major issue...thx!

npm/www#6

the score is a good idea but additional filtering, sorting and/or ability for visitor to tweak the scoring algorithm would be a plus.

add sorting features

The site would sort results by calculated score but we can give the user the option to sort by quality alone, maintenance alone, popularity or a combination maybe ??

Displayed package version is inaccurate

The version number that displays on the search results for a package is inaccurate (possibly cached server-side?). For example, the version number displayed for angular-ui-boostrap is 2.0.1, which was released on 2016-08-02. The latest version of this package on npm is 2.1.3, which was released 2016-08-25.

screen shot 2016-09-12 at 9 04 22 am

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.