npms-io / npms-www Goto Github PK
View Code? Open in Web Editor NEWThe https://npms.io website
License: MIT License
The https://npms.io website
License: MIT License
So I can just write npms+Tab in the URL bar to search npms directly from there.
Example:
<link title="Bower.io" type="application/opensearchdescription+xml" href="http://bower.io/opensearch.xml" rel="search">
Similar to google.
Hi,
The website https://npms.io is leaking all package maintainer email addresses to bots.
It is visible to Google (try to search email address on google) and scrapping sites can scrap the email addresses to spam them.
You can notice email address in image tag's alt
attribute.
I know that npm requires to have a pubic email. But npm itself never expose it to pubic in that way.
Hello! Thanks for doing npms – it is great tool!
I use API in my open-source project to manage plugins. Several times I had a situation when plugin ( === npm package) is updated and published to npm, but npms API result updated only after some time.
I suppose that you don't have hooks from npm registry and you have to update your cache time to time and I'm thinking if it is possible to add refresh button to package page? Or maybe you have other ways to make updates faster?
Just forwarding a link to a issue/request made long ago at about npm's website which never went anywhere.
Very happy to see someone else has finally picked up the ball and run with this major issue...thx!
the score is a good idea but additional filtering, sorting and/or ability for visitor to tweak the scoring algorithm would be a plus.
Branch | Build failing 🚨 |
---|---|
Dependency | eslint-plugin-react |
Current Version | 6.10.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
As eslint-plugin-react is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.
I recommend you give this issue a high priority. I’m sure you can resolve this 💪
jsx-indent
auto fix with tabs ([#1057][] @kentcdodds @webOS101)jsx-indent
crash ([#1061][] @iancmyers)void-dom-elements-no-children
crash and fix it to only checks for a createElement call fromno-multi-comp
([#1088][] @benstepp)The new version differs by 11 commits .
ab03af8
Update CHANGELOG and bump version
b646485
Merge pull request #1089 from benstepp/bs-multicomp-false-positives
c038899
Bug fix for false positives with no-multi-comp
8148833
[Fix] Update void-dom-elements-no-children createElement checks
c45ab86
Merge pull request #1081 from webOS101/jsx-indent-fix
7863a5c
Fix jsx-indent single line jsx
416deff
Update void-dom-elements-no-children
22f3638
Merge pull request #1077 from iancmyers/fix-jsx-indent-template-conditional
c6f4a5e
Fix error caused by templates in ConditionalExpressions (jsx-indent)
a4b6a85
Merge pull request #1058 from kentcdodds/pr/jsx-indent-tabs-fix
6e5f688
[Fix] jsx-indent with tabs (fixes #1057)
See the full diff.
There is a collection of frequently asked questions and of course you may always ask my humans.
Your Greenkeeper Bot 🌴
This is merely a suggestion to a comment thread posted on Reddit about this project.
Adding a preview modal view when hovering over a link to a package on the search result could show a quick summary of the meta information of said package.
Such information could include but is not limited to:
Link to thread in question: comment
When I click on the "View this package analysis" link it just shows a json dump:
https://api.npms.io/v2/package/lodash
I think that until we have some contents to add to the homepage, we could show the contents of the About page. People that now visit the homepage don't understand why this project exists and how it's different from others.
@satazor: What do you think?
I'm not sure about the npm API, but this would be handy instead of always having to go through the additional step (and tab) to star the package.
It would be amazing if you autofocus the search input. 😁 Then we wouldn't have to click on that input.
Thanks for amazing product!
You might want overflow-y: auto;
on <body>
. Looks better.
While I find this tool useful for package discovery, it doesn't seem to work as expected when you look for a package by its name. Try uglifyjs, for instance: you have to scroll almost all the way down the 127-result list to find the one you're looking for. Try react: I was not able to find it at all!
What about including in the first place the module by that name? This is also something that I find lacking in the official npmjs.com site, but at least I can easily find react :)
While I did https://npms.io/search?q=koa, I got Oops, an error ocurred while fetching the results.
Is there something wrong?
Currently, the analyzer looks to help with determining the "relevance" of the module on the basis of Github activity. One step ahead would be to add a community driven review system for the modules.
Essentially, "amazon-like" star based reviews and comments. The main aim is to incorporate this into search results so that good modules show up higher than crappier ones. What do you guys think about this?
The version number that displays on the search results for a package is inaccurate (possibly cached server-side?). For example, the version number displayed for angular-ui-boostrap
is 2.0.1, which was released on 2016-08-02. The latest version of this package on npm is 2.1.3, which was released 2016-08-25.
Follow up of npms-io/npms-analyzer#63
Basically, if a exact match appears first but it's not the best module, it should be outlined somehow. We need to come with a good visual solution to make that clear.
I saw that current search result is bigger score first but not all in this rule.
For example , i searched ''express" and got
express(4.14.0) 98
express-session(1.13.0) 86
path-to-regexp(1.5.3) 88
I think "path-to-regexp" should be NO.2 result?
It'd be really cool to be able to search modules that have TypeScript definitions. These modules can be identified by types
or typings
as a string pointing to a .d.ts
file at the root of package.json
. I'd be happy to attempt this if there's a pointer on where to start and whether it sounds like an acceptable feature. It could be implemented as a new option, or something is is:types
. There's also the @types
namespace on NPM which are third-party definitions, those could be included with is:@types
(being a inferior alternative to native types).
It would be great to have auto-complete/suggestion features for the search, similar to what https://www.npmjs.com/ does. Thanks!
TBD.
Reference: #210
The yarnpkg website recently got a search feature and package details page. The search is kinda meh compared to npms, but the package details page is really awesome (example) and far superior to the one on npmjs.com. Would it be a good idea to link to that as well from the results? What do you think?
Hi there, nice UI, clean and simple, just the way i like it :)
Is it possible to have the back button (browser back i mean) close the menu if it's open.
I believe that this would be better, especially on mobile where the natural instinct is to press the back button to get out of stuff.
Currently back does history back in all cases.
I would be more then happy to fix this myself :) if it is something that's wanted.
Cheers,
Boogie
npms.io seems to be down currently
Personally, if it's available, I would just a soon have the GitHub repo be the default link.
Failing that, it would be nice to have a link to the repo (just add a clickable GH icon?)
https://npms.io/search?q=influx unfairly lists the same package from tree.xie twice:
The latter was renamed to the former, but both show up in searches.
https://npms.io doesn't have a logo yet and I don't have any experience in drawing logos. If anyone would like to contribute with a logo and identity proposal, please post a comment in this thread. The person behind the chosen logo will be headed to the about page.
Thanks, help would be much appreciated!
'Insecure' tags are being applied to some packages which do not have any apparent vulnerabilities.
For example lostofs currently has a red 'insecure' tag, see first result from the npms.io search.
Hovering over the tag it says:
Package [email protected] has 3 vulnerabilities. For more details, check against nodesecurity.io.
However, following the link to nodesecurity.io it says there are none:
There are no known vulnerabilities for lostofs@latest or any of its dependencies.
Branch | Build failing 🚨 |
---|---|
Dependency | stylelint |
Current Version | 7.11.0 |
Type | devDependency |
This version is covered by your current version range and after updating it in your project the build failed.
As stylelint is “only” a devDependency of this project it might not break production or downstream projects, but “only” your build or test tools – preventing new deploys or publishes.
I recommend you give this issue a high priority. I’m sure you can resolve this 💪
The new version differs by 10 commits.
3ae1b72
Add an ignorePattern
example for URL in comments in max-line-length
(#2635)
c0b3e17
Prepare 7.11.1
239e749
Add an ignorePattern
test for URLs in comments in max-line-length
(#2636)
d092c46
Create CHANGELOG.md
9baf0d0
Fixed: ignore custom property sets in selector rules. (#2634)
f3f4fd2
Create CHANGELOG.md
861a1bd
Fixed: media-feature-name-whitelist
and media-feature-name-blacklist
now accept array as first option. (#2632)
76df61d
Create CHANGELOG.md
93fb065
Fixed: ignore less :extend
in selector-pseudo-class-no-unknown
. (#2625)
d229a67
chore(package): update del to version 3.0.0 (#2616)
See the full diff
There is a collection of frequently asked questions and of course you may always ask my humans.
Your Greenkeeper Bot 🌴
The site would sort results by calculated score but we can give the user the option to sort by quality alone, maintenance alone, popularity or a combination maybe ??
When the page is opened, the white "morph" effect plays for closing the menu on the right, despite the fact that the menu was never opened.
EDIT: This appears to only occur when developing locally: localhost:8080
, but not on the live site: npms.io
..related to react-gravatar #144
Hi there, great project!
It'd be nice to get a link to try packages out on tonicdev e.g. https://tonicdev.com/npm/lodash
I am considering writing a tool to do this because it might be outside the scope of this project.
There is already https://bundlephobia.com which is great for front end dependencies that get bundled with webpack but it doesn't tell you about the size of dev dependencies such as test frameworks.
There is already a request to add this to npmjs.com here: npm/www#197
Is this a feature that could be used by npms.io? (forgive me if this is the wrong repo)
I found I had to edit config/parameters
to the following:
{
"publicPath": "/build/",
"apiUrl": "http://localhost:8080/api",
"googleAnalyticsId": "UA-XXXXX-X"
}
Of course, issue is blocked by #15 because it's unclear what to put there.
Currently tags displayed on result pages are unclickable.
I propose that when clicking on a tag, it should triggers a new search with this word.
I don't know if it's related to the issue, but I get this warning in the console: "This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://developer.mozilla.org/docs/Mozilla/Performance/ScrollLinkedEffects for further details and to join the discussion on related tools and features!"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.