Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
hashing out static analysis of npm packages #6
Both io.js and Node core have a desire for deeper insight into how core APIs are being used across the ecosystem. Given that, I set out to build a tool to answer some questions:
The result of that work is a package called estoc. It uses a stack machine + spies to statically analyze individual packages. As a package, it exposes a readable stream of "Usage" data, where that usage (currently) contains:
estoc evaluates full packages – it accepts directories or gzipped tarballs as arguments. It can successfully analyze the contents of my local npm cache. An average package takes about 500-600ms to analyze. I'm at a point now where I need input from others on how to make this as useful as possible, and especially from folks involved with npm to see if there are any high-value ways of exposing this to the community.