├── .circleci └── config.yml ├── .editorconfig ├── .gitattributes ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── appveyor.yml ├── index.js ├── lib ├── get-package.js ├── has-binary-or-dependent.js ├── has-dependency.js ├── has-engine.js ├── has-extra-maintainer.js ├── has-file.js ├── has-keyword.js ├── has-prod-version.js ├── has-readme.js ├── has-test.js ├── recent-publish.js ├── significant-downloads.js └── unpublished.js ├── package.json └── test.js /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | jobs: 3 | build: 4 | working_directory: ~/repo 5 | docker: 6 | - image: circleci/node:8.9 7 | steps: 8 | - checkout 9 | - run: npm install --no-progress 10 | - run: npm test 11 | 12 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Standardized configuration for your text editor. 2 | # See: http://EditorConfig.org 3 | 4 | # This is the default for the whole project. 5 | root = true 6 | 7 | # Unix-style newlines with a newline ending every file. 8 | [*] 9 | charset = utf-8 10 | indent_style = space 11 | indent_size = 4 12 | end_of_line = lf 13 | trim_trailing_whitespace = true 14 | insert_final_newline = true 15 | 16 | [*.yml] 17 | indent_size = 2 18 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Configuration for moving files between your working directory and the git database. 2 | 3 | * text=auto 4 | 5 | # Commit these with Unix line endings... 6 | 7 | # Source code. 8 | *.svg text 9 | *.json text 10 | *.js text eol=lf 11 | *.css text eol=lf diff=css 12 | *.html text eol=lf diff=html 13 | *.xml text diff=html 14 | *.sh text eol=lf 15 | *.bat text 16 | 17 | # Templates and lists. 18 | *.csv text 19 | 20 | # Documentation. 21 | *.md text 22 | *.txt text 23 | *.doc diff 24 | *.docx diff 25 | *.rtf diff 26 | *.pdf diff 27 | LICENSE text 28 | LICENSES text 29 | AUTHORS text 30 | CONTRIBUTORS text 31 | 32 | # Configuration files. 33 | .gitignore text 34 | .gitattributes text 35 | .editorconfig text 36 | 37 | # Leave line endings alone for these... 38 | 39 | # Multimedia and compressed storage. 40 | *.png binary 41 | *.jpg binary 42 | *.jpeg binary 43 | *.gif binary 44 | *.ico binary 45 | *.mov binary 46 | *.mp4 binary 47 | *.mp3 binary 48 | *.gz binary 49 | *.zip binary 50 | *.woff2 binary 51 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Dependencies are installed manually or using a build process, so they 2 | # can benefit from machine-specific compiling, etc. 3 | node_modules 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | ## Issues 4 | 5 | **Ask questions** on [Stack Overflow](https://stackoverflow.com/ "Stack Overflow is a question and answer forum."). They will get more visibility and we can all enjoy an optimized Q&A experience. In the event that you don't get a satisfactory answer, it is okay to file an issue. Please post a link to your Stack Overflow question. 6 | 7 | **Bug reports** must include reproducible steps and supporting details, such as screenshots. We will be able to fix the problem faster if you supply a failing test case in a pull request. 8 | 9 | **Feature requests** must include use cases and details of the projects that would like to use them. Please keep these focussed on the user rather than the implementation. A pull request that proves the concept will be more effective if there are technical concerns. 10 | 11 | ## Pull Requests 12 | 13 | We love [PRs](https://help.github.com/articles/using-pull-requests/ "How to use pull requests on GitHub.")! ❤️ The more the merrier, even for simple typos. 14 | 15 | Any non-trivial pull request may earn you commit privileges. 16 | 17 | An ideal patch brings reliability improvements, new tests, and improved code coverage. In general, these things are much more valuable than features. It takes a healthy system to make the user happy. 18 | 19 | ## Help 20 | 21 | **Still learning?** Check out how to [contribute to Open Source](https://egghead.io/series/how-to-contribute-to-an-open-source-project-on-github) projects. 22 | 23 | **Important work** comes in many forms. There are labels for [bugs](https://github.com/sholladay/squatter/labels/bug) and [easy](https://github.com/sholladay/squatter/labels/easy) vs [hard](https://github.com/sholladay/squatter/labels/hard) tasks. We also appreciate documentation, examples, tutorials, blogs, videos, books, and other supporting content. 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (C) 2017 Seth Holladay, me@seth-holladay.com 2 | 3 | Mozilla Public License, version 2.0 4 | 5 | 1. Definitions 6 | 7 | 1.1. "Contributor" 8 | 9 | means each individual or legal entity that creates, contributes to the 10 | creation of, or owns Covered Software. 11 | 12 | 1.2. "Contributor Version" 13 | 14 | means the combination of the Contributions of others (if any) used by a 15 | Contributor and that particular Contributor's Contribution. 16 | 17 | 1.3. "Contribution" 18 | 19 | means Covered Software of a particular Contributor. 20 | 21 | 1.4. "Covered Software" 22 | 23 | means Source Code Form to which the initial Contributor has attached the 24 | notice in Exhibit A, the Executable Form of such Source Code Form, and 25 | Modifications of such Source Code Form, in each case including portions 26 | thereof. 27 | 28 | 1.5. "Incompatible With Secondary Licenses" 29 | means 30 | 31 | a. that the initial Contributor has attached the notice described in 32 | Exhibit B to the Covered Software; or 33 | 34 | b. that the Covered Software was made available under the terms of 35 | version 1.1 or earlier of the License, but not also under the terms of 36 | a Secondary License. 37 | 38 | 1.6. "Executable Form" 39 | 40 | means any form of the work other than Source Code Form. 41 | 42 | 1.7. "Larger Work" 43 | 44 | means a work that combines Covered Software with other material, in a 45 | separate file or files, that is not Covered Software. 46 | 47 | 1.8. "License" 48 | 49 | means this document. 50 | 51 | 1.9. "Licensable" 52 | 53 | means having the right to grant, to the maximum extent possible, whether 54 | at the time of the initial grant or subsequently, any and all of the 55 | rights conveyed by this License. 56 | 57 | 1.10. "Modifications" 58 | 59 | means any of the following: 60 | 61 | a. any file in Source Code Form that results from an addition to, 62 | deletion from, or modification of the contents of Covered Software; or 63 | 64 | b. any new file in Source Code Form that contains any Covered Software. 65 | 66 | 1.11. "Patent Claims" of a Contributor 67 | 68 | means any patent claim(s), including without limitation, method, 69 | process, and apparatus claims, in any patent Licensable by such 70 | Contributor that would be infringed, but for the grant of the License, 71 | by the making, using, selling, offering for sale, having made, import, 72 | or transfer of either its Contributions or its Contributor Version. 73 | 74 | 1.12. "Secondary License" 75 | 76 | means either the GNU General Public License, Version 2.0, the GNU Lesser 77 | General Public License, Version 2.1, the GNU Affero General Public 78 | License, Version 3.0, or any later versions of those licenses. 79 | 80 | 1.13. "Source Code Form" 81 | 82 | means the form of the work preferred for making modifications. 83 | 84 | 1.14. "You" (or "Your") 85 | 86 | means an individual or a legal entity exercising rights under this 87 | License. For legal entities, "You" includes any entity that controls, is 88 | controlled by, or is under common control with You. For purposes of this 89 | definition, "control" means (a) the power, direct or indirect, to cause 90 | the direction or management of such entity, whether by contract or 91 | otherwise, or (b) ownership of more than fifty percent (50%) of the 92 | outstanding shares or beneficial ownership of such entity. 93 | 94 | 95 | 2. License Grants and Conditions 96 | 97 | 2.1. Grants 98 | 99 | Each Contributor hereby grants You a world-wide, royalty-free, 100 | non-exclusive license: 101 | 102 | a. under intellectual property rights (other than patent or trademark) 103 | Licensable by such Contributor to use, reproduce, make available, 104 | modify, display, perform, distribute, and otherwise exploit its 105 | Contributions, either on an unmodified basis, with Modifications, or 106 | as part of a Larger Work; and 107 | 108 | b. under Patent Claims of such Contributor to make, use, sell, offer for 109 | sale, have made, import, and otherwise transfer either its 110 | Contributions or its Contributor Version. 111 | 112 | 2.2. Effective Date 113 | 114 | The licenses granted in Section 2.1 with respect to any Contribution 115 | become effective for each Contribution on the date the Contributor first 116 | distributes such Contribution. 117 | 118 | 2.3. Limitations on Grant Scope 119 | 120 | The licenses granted in this Section 2 are the only rights granted under 121 | this License. No additional rights or licenses will be implied from the 122 | distribution or licensing of Covered Software under this License. 123 | Notwithstanding Section 2.1(b) above, no patent license is granted by a 124 | Contributor: 125 | 126 | a. for any code that a Contributor has removed from Covered Software; or 127 | 128 | b. for infringements caused by: (i) Your and any other third party's 129 | modifications of Covered Software, or (ii) the combination of its 130 | Contributions with other software (except as part of its Contributor 131 | Version); or 132 | 133 | c. under Patent Claims infringed by Covered Software in the absence of 134 | its Contributions. 135 | 136 | This License does not grant any rights in the trademarks, service marks, 137 | or logos of any Contributor (except as may be necessary to comply with 138 | the notice requirements in Section 3.4). 139 | 140 | 2.4. Subsequent Licenses 141 | 142 | No Contributor makes additional grants as a result of Your choice to 143 | distribute the Covered Software under a subsequent version of this 144 | License (see Section 10.2) or under the terms of a Secondary License (if 145 | permitted under the terms of Section 3.3). 146 | 147 | 2.5. Representation 148 | 149 | Each Contributor represents that the Contributor believes its 150 | Contributions are its original creation(s) or it has sufficient rights to 151 | grant the rights to its Contributions conveyed by this License. 152 | 153 | 2.6. Fair Use 154 | 155 | This License is not intended to limit any rights You have under 156 | applicable copyright doctrines of fair use, fair dealing, or other 157 | equivalents. 158 | 159 | 2.7. Conditions 160 | 161 | Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in 162 | Section 2.1. 163 | 164 | 165 | 3. Responsibilities 166 | 167 | 3.1. Distribution of Source Form 168 | 169 | All distribution of Covered Software in Source Code Form, including any 170 | Modifications that You create or to which You contribute, must be under 171 | the terms of this License. You must inform recipients that the Source 172 | Code Form of the Covered Software is governed by the terms of this 173 | License, and how they can obtain a copy of this License. You may not 174 | attempt to alter or restrict the recipients' rights in the Source Code 175 | Form. 176 | 177 | 3.2. Distribution of Executable Form 178 | 179 | If You distribute Covered Software in Executable Form then: 180 | 181 | a. such Covered Software must also be made available in Source Code Form, 182 | as described in Section 3.1, and You must inform recipients of the 183 | Executable Form how they can obtain a copy of such Source Code Form by 184 | reasonable means in a timely manner, at a charge no more than the cost 185 | of distribution to the recipient; and 186 | 187 | b. You may distribute such Executable Form under the terms of this 188 | License, or sublicense it under different terms, provided that the 189 | license for the Executable Form does not attempt to limit or alter the 190 | recipients' rights in the Source Code Form under this License. 191 | 192 | 3.3. Distribution of a Larger Work 193 | 194 | You may create and distribute a Larger Work under terms of Your choice, 195 | provided that You also comply with the requirements of this License for 196 | the Covered Software. If the Larger Work is a combination of Covered 197 | Software with a work governed by one or more Secondary Licenses, and the 198 | Covered Software is not Incompatible With Secondary Licenses, this 199 | License permits You to additionally distribute such Covered Software 200 | under the terms of such Secondary License(s), so that the recipient of 201 | the Larger Work may, at their option, further distribute the Covered 202 | Software under the terms of either this License or such Secondary 203 | License(s). 204 | 205 | 3.4. Notices 206 | 207 | You may not remove or alter the substance of any license notices 208 | (including copyright notices, patent notices, disclaimers of warranty, or 209 | limitations of liability) contained within the Source Code Form of the 210 | Covered Software, except that You may alter any license notices to the 211 | extent required to remedy known factual inaccuracies. 212 | 213 | 3.5. Application of Additional Terms 214 | 215 | You may choose to offer, and to charge a fee for, warranty, support, 216 | indemnity or liability obligations to one or more recipients of Covered 217 | Software. However, You may do so only on Your own behalf, and not on 218 | behalf of any Contributor. You must make it absolutely clear that any 219 | such warranty, support, indemnity, or liability obligation is offered by 220 | You alone, and You hereby agree to indemnify every Contributor for any 221 | liability incurred by such Contributor as a result of warranty, support, 222 | indemnity or liability terms You offer. You may include additional 223 | disclaimers of warranty and limitations of liability specific to any 224 | jurisdiction. 225 | 226 | 4. Inability to Comply Due to Statute or Regulation 227 | 228 | If it is impossible for You to comply with any of the terms of this License 229 | with respect to some or all of the Covered Software due to statute, 230 | judicial order, or regulation then You must: (a) comply with the terms of 231 | this License to the maximum extent possible; and (b) describe the 232 | limitations and the code they affect. Such description must be placed in a 233 | text file included with all distributions of the Covered Software under 234 | this License. Except to the extent prohibited by statute or regulation, 235 | such description must be sufficiently detailed for a recipient of ordinary 236 | skill to be able to understand it. 237 | 238 | 5. Termination 239 | 240 | 5.1. The rights granted under this License will terminate automatically if You 241 | fail to comply with any of its terms. However, if You become compliant, 242 | then the rights granted under this License from a particular Contributor 243 | are reinstated (a) provisionally, unless and until such Contributor 244 | explicitly and finally terminates Your grants, and (b) on an ongoing 245 | basis, if such Contributor fails to notify You of the non-compliance by 246 | some reasonable means prior to 60 days after You have come back into 247 | compliance. Moreover, Your grants from a particular Contributor are 248 | reinstated on an ongoing basis if such Contributor notifies You of the 249 | non-compliance by some reasonable means, this is the first time You have 250 | received notice of non-compliance with this License from such 251 | Contributor, and You become compliant prior to 30 days after Your receipt 252 | of the notice. 253 | 254 | 5.2. If You initiate litigation against any entity by asserting a patent 255 | infringement claim (excluding declaratory judgment actions, 256 | counter-claims, and cross-claims) alleging that a Contributor Version 257 | directly or indirectly infringes any patent, then the rights granted to 258 | You by any and all Contributors for the Covered Software under Section 259 | 2.1 of this License shall terminate. 260 | 261 | 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user 262 | license agreements (excluding distributors and resellers) which have been 263 | validly granted by You or Your distributors under this License prior to 264 | termination shall survive termination. 265 | 266 | 6. Disclaimer of Warranty 267 | 268 | Covered Software is provided under this License on an "as is" basis, 269 | without warranty of any kind, either expressed, implied, or statutory, 270 | including, without limitation, warranties that the Covered Software is free 271 | of defects, merchantable, fit for a particular purpose or non-infringing. 272 | The entire risk as to the quality and performance of the Covered Software 273 | is with You. Should any Covered Software prove defective in any respect, 274 | You (not any Contributor) assume the cost of any necessary servicing, 275 | repair, or correction. This disclaimer of warranty constitutes an essential 276 | part of this License. No use of any Covered Software is authorized under 277 | this License except under this disclaimer. 278 | 279 | 7. Limitation of Liability 280 | 281 | Under no circumstances and under no legal theory, whether tort (including 282 | negligence), contract, or otherwise, shall any Contributor, or anyone who 283 | distributes Covered Software as permitted above, be liable to You for any 284 | direct, indirect, special, incidental, or consequential damages of any 285 | character including, without limitation, damages for lost profits, loss of 286 | goodwill, work stoppage, computer failure or malfunction, or any and all 287 | other commercial damages or losses, even if such party shall have been 288 | informed of the possibility of such damages. This limitation of liability 289 | shall not apply to liability for death or personal injury resulting from 290 | such party's negligence to the extent applicable law prohibits such 291 | limitation. Some jurisdictions do not allow the exclusion or limitation of 292 | incidental or consequential damages, so this exclusion and limitation may 293 | not apply to You. 294 | 295 | 8. Litigation 296 | 297 | Any litigation relating to this License may be brought only in the courts 298 | of a jurisdiction where the defendant maintains its principal place of 299 | business and such litigation shall be governed by laws of that 300 | jurisdiction, without reference to its conflict-of-law provisions. Nothing 301 | in this Section shall prevent a party's ability to bring cross-claims or 302 | counter-claims. 303 | 304 | 9. Miscellaneous 305 | 306 | This License represents the complete agreement concerning the subject 307 | matter hereof. If any provision of this License is held to be 308 | unenforceable, such provision shall be reformed only to the extent 309 | necessary to make it enforceable. Any law or regulation which provides that 310 | the language of a contract shall be construed against the drafter shall not 311 | be used to construe this License against a Contributor. 312 | 313 | 314 | 10. Versions of the License 315 | 316 | 10.1. New Versions 317 | 318 | Mozilla Foundation is the license steward. Except as provided in Section 319 | 10.3, no one other than the license steward has the right to modify or 320 | publish new versions of this License. Each version will be given a 321 | distinguishing version number. 322 | 323 | 10.2. Effect of New Versions 324 | 325 | You may distribute the Covered Software under the terms of the version 326 | of the License under which You originally received the Covered Software, 327 | or under the terms of any subsequent version published by the license 328 | steward. 329 | 330 | 10.3. Modified Versions 331 | 332 | If you create software not governed by this License, and you want to 333 | create a new license for such software, you may create and use a 334 | modified version of this License if you rename the license and remove 335 | any references to the name of the license steward (except to note that 336 | such modified license differs from this License). 337 | 338 | 10.4. Distributing Source Code Form that is Incompatible With Secondary 339 | Licenses If You choose to distribute Source Code Form that is 340 | Incompatible With Secondary Licenses under the terms of this version of 341 | the License, the notice described in Exhibit B of this License must be 342 | attached. 343 | 344 | Exhibit A - Source Code Form License Notice 345 | 346 | This Source Code Form is subject to the 347 | terms of the Mozilla Public License, v. 348 | 2.0. If a copy of the MPL was not 349 | distributed with this file, You can 350 | obtain one at 351 | http://mozilla.org/MPL/2.0/. 352 | 353 | If it is not possible or desirable to put the notice in a particular file, 354 | then You may include the notice in a location (such as a LICENSE file in a 355 | relevant directory) where a recipient would be likely to look for such a 356 | notice. 357 | 358 | You may add additional accurate notices of copyright ownership. 359 | 360 | Exhibit B - "Incompatible With Secondary Licenses" Notice 361 | 362 | This Source Code Form is "Incompatible 363 | With Secondary Licenses", as defined by 364 | the Mozilla Public License, v. 2.0. 365 | 366 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # squatter [![Build status for Squatter](https://img.shields.io/circleci/project/sholladay/squatter/master.svg "Build Status")](https://circleci.com/gh/sholladay/squatter "Builds") [![Build status for Squatter on Windows](https://ci.appveyor.com/api/projects/status/5ofux2q7lq6ehk4w/branch/master?svg=true "Windows Build Status")](https://ci.appveyor.com/project/sholladay/squatter "Windows Builds") 2 | 3 | > Check if a namespace on npm is being hogged. 4 | 5 | ## Why? 6 | 7 | - Find out if a package name is worth [disputing](https://docs.npmjs.com/misc/disputes). 8 | - Filter out low quality packages in tools (e.g. search). 9 | - Check the quality of your own packages. 10 | 11 | ## Install 12 | 13 | ```sh 14 | npm install squatter --save 15 | ``` 16 | 17 | ## Usage 18 | 19 | Get it into your program. 20 | 21 | ```js 22 | const squatter = require('squatter'); 23 | ``` 24 | 25 | Check whether a given package name is being squatted. 26 | 27 | ```js 28 | squatter('foo').then((isSquatted) => { 29 | console.log(isSquatted); // true 30 | }); 31 | squatter('build-path').then((isSquatted) => { 32 | console.log(isSquatted); // false 33 | }); 34 | ``` 35 | 36 | ## Algorithm 37 | 38 | A [heuristic](https://en.wikipedia.org/wiki/Heuristic_(computer_science)) is used to determine if a package is a squatter. 39 | 40 | A squatter is a package that is not either [exempt](#exemptions), [useful](#usefulness), or [high quality](#quality). 41 | 42 | Packages are guilty until proven innocent. 43 | 44 | ### Exemptions 45 | 46 | A package is exempt (aka *not* a squatter) if it has at least **one** of: 47 | 48 | - A new version was published within the last 30 days 49 | - Significant download activity 50 | 51 | ### Usefulness 52 | 53 | A package is useful (aka *not* a squatter) if it has **all** of: 54 | 55 | - A [README](https://help.github.com/articles/about-readmes/) that is at least 100 characters long 56 | - Has a [binary](https://docs.npmjs.com/files/package.json#bin) **or** is depended on by another package 57 | - Its [version](https://docs.npmjs.com/files/package.json#version) is [1.0.0](http://semver.org/#spec-item-4) or higher 58 | 59 | ### Quality 60 | 61 | A package is high quality (aka *not* a squatter) if it has at least **80%** of: 62 | 63 | - Uses non-dev [dependencies](https://docs.npmjs.com/files/package.json#dependencies) 64 | - Specifies required [engines](https://docs.npmjs.com/files/package.json#engines) 65 | - Uses a [files](https://docs.npmjs.com/files/package.json#files) whitelist 66 | - Uses a [test](https://docs.npmjs.com/misc/scripts) script 67 | - Has [keywords](https://docs.npmjs.com/files/package.json#keywords) 68 | - Has multiple [maintainers](https://docs.npmjs.com/files/package.json#people-fields-author-contributors) 69 | 70 | ## API 71 | 72 | ### squatter(name) 73 | 74 | Returns a `Promise` for a `boolean` of whether the name is being hogged on [npm](https://www.npmjs.com/), as determined by [the algorithm](#algorithm). 75 | 76 | #### name 77 | 78 | Type: `string`
79 | Example: `build-path` 80 | 81 | Any valid npm package name. 82 | 83 | ## CLI 84 | 85 | See [squatter-cli](https://github.com/sholladay/squatter-cli) to use this on the command line. 86 | 87 | ## Contributing 88 | 89 | See our [contributing guidelines](https://github.com/sholladay/squatter/blob/master/CONTRIBUTING.md "The guidelines for participating in this project.") for more details. 90 | 91 | 1. [Fork it](https://github.com/sholladay/squatter/fork). 92 | 2. Make a feature branch: `git checkout -b my-new-feature` 93 | 3. Commit your changes: `git commit -am 'Add some feature'` 94 | 4. Push to the branch: `git push origin my-new-feature` 95 | 5. [Submit a pull request](https://github.com/sholladay/squatter/compare "Submit code to this project for review."). 96 | 97 | ## License 98 | 99 | [MPL-2.0](https://github.com/sholladay/squatter/blob/master/LICENSE "The license for squatter.") © [Seth Holladay](http://seth-holladay.com "Author of squatter.") 100 | 101 | Go make something, dang it. 102 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | environment: 2 | matrix: 3 | - nodejs_version: '8' 4 | install: 5 | - ps: Install-Product node $env:nodejs_version 6 | - set CI=true 7 | - npm -g install npm@latest 8 | - set PATH=%APPDATA%\npm;%PATH% 9 | - npm install 10 | matrix: 11 | fast_finish: true 12 | build: off 13 | shallow_clone: true 14 | test_script: 15 | - node --version 16 | - npm --version 17 | - npm test 18 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const pOne = require('p-one'); 4 | const pEvery = require('p-every'); 5 | const fetchMeta = require('package-json'); 6 | const getPackage = require('./lib/get-package'); 7 | const recentPublish = require('./lib/recent-publish'); 8 | const significantDownloads = require('./lib/significant-downloads'); 9 | const unpublished = require('./lib/unpublished'); 10 | const hasReadme = require('./lib/has-readme'); 11 | const hasBinaryOrDependent = require('./lib/has-binary-or-dependent'); 12 | const hasProdVersion = require('./lib/has-prod-version'); 13 | const hasDependency = require('./lib/has-dependency'); 14 | const hasEngine = require('./lib/has-engine'); 15 | const hasFile = require('./lib/has-file'); 16 | const hasTest = require('./lib/has-test'); 17 | const hasKeyword = require('./lib/has-keyword'); 18 | const hasExtraMaintainer = require('./lib/has-extra-maintainer'); 19 | 20 | const exemptions = [ 21 | recentPublish, 22 | significantDownloads 23 | ]; 24 | const usefulness = [ 25 | hasReadme, 26 | hasBinaryOrDependent, 27 | hasProdVersion 28 | ]; 29 | const quality = [ 30 | hasDependency, 31 | hasEngine, 32 | hasFile, 33 | hasTest, 34 | hasKeyword, 35 | hasExtraMaintainer 36 | ]; 37 | 38 | const squatter = async (name, version = 'latest') => { 39 | const meta = await fetchMeta(name, { 40 | allVersions : true, 41 | fullMetadata : true 42 | }); 43 | 44 | if (unpublished(meta)) { 45 | return false; 46 | } 47 | 48 | const pkg = getPackage(meta, version); 49 | 50 | const isExempt = await pOne(exemptions, (test) => { 51 | return test(pkg, meta); 52 | }); 53 | if (isExempt) { 54 | return false; 55 | } 56 | 57 | const isUseful = await pEvery(usefulness, (test) => { 58 | return test(pkg, meta); 59 | }); 60 | if (isUseful) { 61 | return false; 62 | } 63 | 64 | const minQualityPercent = 80; 65 | const passingQuality = (minQualityPercent / 100) * quality.length; 66 | const qualityScore = quality.reduce((score, test) => { 67 | return score + Number(test(pkg, meta)); 68 | }, 0); 69 | 70 | return qualityScore < passingQuality; 71 | }; 72 | 73 | module.exports = squatter; 74 | -------------------------------------------------------------------------------- /lib/get-package.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const semver = require('semver'); 4 | 5 | const versionPkg = (meta, version = 'latest') => { 6 | if (!version || typeof version !== 'string') { 7 | throw new Error('A version is required.'); 8 | } 9 | const fixed = meta['dist-tags'][version] || semver.maxSatisfying(Object.keys(meta.versions), version); 10 | const pkg = meta.versions[fixed]; 11 | 12 | if (!fixed || !pkg) { 13 | throw new Error('Version does not exist.'); 14 | } 15 | 16 | return pkg; 17 | }; 18 | 19 | module.exports = versionPkg; 20 | -------------------------------------------------------------------------------- /lib/has-binary-or-dependent.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const got = require('got'); 4 | const checkDependents = require('check-npm-dependents'); 5 | 6 | const hasBinary = ({ bin }) => { 7 | return Boolean(bin) && Object.values(bin).some((filePath) => { 8 | return Boolean(filePath) && typeof filePath === 'string'; 9 | }); 10 | }; 11 | 12 | const hasDependent = async ({ name }) => { 13 | if (!name || typeof name !== 'string') { 14 | throw new TypeError('A package name is required.'); 15 | } 16 | 17 | // The implementation below had to be disabled abruptly because of https://github.com/sindresorhus/npm-name-cli/issues/9 18 | 19 | // const apiUrl = 'https://registry.npmjs.org/-/_view/dependedUpon?' + new URLSearchParams({ 20 | // // Borrowed from here: https://github.com/chrisdickinson/npm-get-dependents/blob/3e5a82e6039ddb3a638fa0301f356b39bab898d7/index.js#L40-L47 21 | // group_level : 2, 22 | // startkey : JSON.stringify([name]), 23 | // endkey : JSON.stringify([name, {}]), 24 | // stale : 'update_after', 25 | // skip : 0, 26 | // // The registry seems to use the limit before other filters on the data, 27 | // // so we ask for more than we need to ensure we receive a result. 28 | // limit : 1000 29 | // }); 30 | // const { body } = await got(apiUrl, { json : true }); 31 | // return body.rows.some(({ key }) => { 32 | // const dependent = key[1]; 33 | // return Boolean(dependent) && typeof dependent === 'string'; 34 | // }); 35 | 36 | const packageUrl = `https://www.npmjs.com/package/${name}`; 37 | const { body, statusCode } = await got(packageUrl); 38 | if (statusCode === 404) { 39 | throw new Error(`Package does not exist: ${name}`); 40 | } 41 | if (statusCode !== 200) { 42 | throw new Error(`Unable to check dependents for ${name}, got status code ${statusCode}`); 43 | } 44 | return checkDependents.parse(body) > 0; 45 | }; 46 | 47 | const hasBinaryOrDependent = (pkg) => { 48 | return hasBinary(pkg) || hasDependent(pkg); 49 | }; 50 | 51 | module.exports = hasBinaryOrDependent; 52 | -------------------------------------------------------------------------------- /lib/has-dependency.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasDependency = (pkg) => { 4 | const depTypes = ['dependencies', 'optionalDependencies']; 5 | return depTypes.some((depType) => { 6 | return typeof pkg[depType] === 'object' && Object.values(pkg[depType]).some((version) => { 7 | return Boolean(version) && typeof version === 'string'; 8 | }); 9 | }); 10 | }; 11 | 12 | module.exports = hasDependency; 13 | -------------------------------------------------------------------------------- /lib/has-engine.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasEngine = ({ engines }) => { 4 | return Boolean(engines) && Object.values(engines).some((version) => { 5 | return Boolean(version) && typeof version === 'string'; 6 | }); 7 | }; 8 | 9 | module.exports = hasEngine; 10 | -------------------------------------------------------------------------------- /lib/has-extra-maintainer.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasExtraMaintainer = ({ maintainers }) => { 4 | return Array.isArray(maintainers) && maintainers.reduce((total, maintainer) => { 5 | const isValid = Boolean(maintainer && maintainer.name) && typeof maintainer.name === 'string'; 6 | return total + Number(isValid); 7 | }, 0) > 1; 8 | }; 9 | 10 | module.exports = hasExtraMaintainer; 11 | -------------------------------------------------------------------------------- /lib/has-file.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasFile = ({ files }) => { 4 | return Array.isArray(files) && files.some((filePath) => { 5 | return Boolean(filePath) && typeof filePath === 'string'; 6 | }); 7 | }; 8 | 9 | module.exports = hasFile; 10 | -------------------------------------------------------------------------------- /lib/has-keyword.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasKeyword = ({ keywords }) => { 4 | return Array.isArray(keywords) && keywords.some((keyword) => { 5 | return Boolean(keyword) && typeof keyword === 'string'; 6 | }); 7 | }; 8 | 9 | module.exports = hasKeyword; 10 | -------------------------------------------------------------------------------- /lib/has-prod-version.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const semver = require('semver'); 4 | 5 | const hasProdVersion = ({ version }) => { 6 | return Boolean(version) && semver.gte(version, '1.0.0'); 7 | }; 8 | 9 | module.exports = hasProdVersion; 10 | -------------------------------------------------------------------------------- /lib/has-readme.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasReadme = (pkg, { readme }) => { 4 | return typeof readme === 'string' && readme.trim().length >= 100; 5 | }; 6 | 7 | module.exports = hasReadme; 8 | -------------------------------------------------------------------------------- /lib/has-test.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const hasTest = ({ scripts }) => { 4 | return Boolean(scripts && scripts.test) && 5 | typeof scripts.test === 'string' && 6 | !scripts.test.includes('no test specified'); 7 | }; 8 | 9 | module.exports = hasTest; 10 | -------------------------------------------------------------------------------- /lib/recent-publish.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const recentPublish = (pkg, meta) => { 4 | if (!meta.time || !meta.time.modified) { 5 | throw new TypeError('A modified time is required.'); 6 | } 7 | const today = new Date(); 8 | const thirtyDaysAgo = new Date(); 9 | thirtyDaysAgo.setUTCDate(today.getUTCDate() - 30); 10 | const publishTime = new Date(meta.time.modified); 11 | return publishTime.getTime() >= thirtyDaysAgo.getTime(); 12 | }; 13 | 14 | module.exports = recentPublish; 15 | -------------------------------------------------------------------------------- /lib/significant-downloads.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const got = require('got'); 4 | 5 | const downloadsLastWeek = async (pkgName) => { 6 | const { body } = await got('https://api.npmjs.org/downloads/point/last-week/' + pkgName, { 7 | json : true 8 | }); 9 | return body.downloads; 10 | }; 11 | 12 | const significantDownloads = async ({ name }) => { 13 | const numDownloads = await downloadsLastWeek(name); 14 | return numDownloads > 500; 15 | }; 16 | 17 | module.exports = significantDownloads; 18 | -------------------------------------------------------------------------------- /lib/unpublished.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | const unpublished = (meta) => { 4 | return Boolean(!meta['dist-tags'] && meta.time && meta.time.unpublished); 5 | }; 6 | 7 | module.exports = unpublished; 8 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "squatter", 3 | "version": "0.2.1", 4 | "description": "Check if a namespace on npm is being hogged.", 5 | "homepage": "https://github.com/sholladay/squatter", 6 | "main": "index.js", 7 | "author": { 8 | "name": "Seth Holladay", 9 | "url": "http://seth-holladay.com", 10 | "email": "me@seth-holladay.com" 11 | }, 12 | "scripts": { 13 | "test": "xo && ava" 14 | }, 15 | "repository": { 16 | "type": "git", 17 | "url": "git@github.com:sholladay/squatter.git" 18 | }, 19 | "bugs": { 20 | "url": "https://github.com/sholladay/squatter/issues", 21 | "email": "me@seth-holladay.com" 22 | }, 23 | "engines": { 24 | "node": ">=8" 25 | }, 26 | "license": "MPL-2.0", 27 | "files": [ 28 | "lib", 29 | "index.js" 30 | ], 31 | "dependencies": { 32 | "check-npm-dependents": "^1.0.0", 33 | "got": "^9.0.0", 34 | "p-every": "^1.0.2", 35 | "p-one": "^1.0.0", 36 | "package-json": "^5.0.0", 37 | "semver": "^5.4.1" 38 | }, 39 | "devDependencies": { 40 | "ava": "^1.0.0-beta.7", 41 | "eslint-config-tidy": "^0.6.4", 42 | "xo": "^0.22.0" 43 | }, 44 | "keywords": [ 45 | "squat", 46 | "squatter", 47 | "squatted", 48 | "squatting", 49 | "hog", 50 | "hogged", 51 | "hogging", 52 | "unused", 53 | "useless", 54 | "zombie", 55 | "fake", 56 | "npm", 57 | "registry", 58 | "package", 59 | "name", 60 | "namespace" 61 | ], 62 | "xo": { 63 | "extend": "tidy" 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /test.js: -------------------------------------------------------------------------------- 1 | import test from 'ava'; 2 | import recentPublish from './lib/recent-publish'; 3 | import significantDownloads from './lib/significant-downloads'; 4 | import unpublished from './lib/unpublished'; 5 | import hasReadme from './lib/has-readme'; 6 | import hasBinaryOrDependent from './lib/has-binary-or-dependent'; 7 | import hasProdVersion from './lib/has-prod-version'; 8 | import hasDependency from './lib/has-dependency'; 9 | import hasEngine from './lib/has-engine'; 10 | import hasFile from './lib/has-file'; 11 | import hasTest from './lib/has-test'; 12 | import hasKeyword from './lib/has-keyword'; 13 | import hasExtraMaintainer from './lib/has-extra-maintainer'; 14 | import squatter from '.'; 15 | 16 | test('squatter() correctly identifies squatters', async (t) => { 17 | const squatters = [ 18 | 'foo' 19 | ]; 20 | await Promise.all(squatters.map(async (pkgName) => { 21 | t.true(await squatter(pkgName), `${pkgName} must be a squatter`); 22 | })); 23 | }); 24 | 25 | test('squatter() correctly identifies non-squatters', async (t) => { 26 | const nonSquatters = [ 27 | 'fresh-cli', 28 | // 'mkdirtemp', 29 | 'build-path', 30 | 'delivr', 31 | 'semver', 32 | 'got', 33 | 'ava', 34 | 'leopard' 35 | ]; 36 | await Promise.all(nonSquatters.map(async (pkgName) => { 37 | t.false(await squatter(pkgName), `${pkgName} must not be a squatter`); 38 | })); 39 | }); 40 | 41 | test('recentPublish() restricts package age', (t) => { 42 | const fixture = (date) => { 43 | const meta = { 44 | time : { 45 | modified : date.toISOString() 46 | } 47 | }; 48 | return recentPublish(null, meta); 49 | }; 50 | 51 | const today = new Date(); 52 | t.true(fixture(today)); 53 | 54 | const thirtyDaysAgo = new Date(); 55 | thirtyDaysAgo.setUTCDate(today.getUTCDate() - 30); 56 | t.true(fixture(thirtyDaysAgo)); 57 | 58 | const thirtyOneDaysAgo = new Date(); 59 | thirtyOneDaysAgo.setUTCDate(today.getUTCDate() - 31); 60 | t.false(fixture(thirtyOneDaysAgo)); 61 | }); 62 | 63 | test('significantDownloads() looks for download activity', async (t) => { 64 | const mockPkg = (name) => { 65 | return { name }; 66 | }; 67 | 68 | const activePkgs = ['got', 'yo']; 69 | await Promise.all(activePkgs.map(async (pkgName) => { 70 | const isActive = await significantDownloads(mockPkg(pkgName)); 71 | t.true(isActive, `${pkgName} has many downloads`); 72 | })); 73 | 74 | const inactivePkgs = ['foo', 'bar']; 75 | await Promise.all(inactivePkgs.map(async (pkgName) => { 76 | const isActive = await significantDownloads(mockPkg(pkgName)); 77 | t.false(isActive, `${pkgName} has little or no downloads`); 78 | })); 79 | }); 80 | 81 | test('hasReadme() looks for readmes of a reasonable length', (t) => { 82 | const fixture = (readme) => { 83 | const meta = { readme }; 84 | return hasReadme(null, meta); 85 | }; 86 | 87 | t.false(fixture('')); 88 | t.false(fixture()); 89 | t.false(fixture(null)); 90 | t.false(fixture(false)); 91 | t.false(fixture(0)); 92 | t.false(fixture('# some-pkg')); 93 | t.false(fixture(' A README consisting of ninety-nine characters, plus some bogus whitespace that will not be counted. \n\n \n\t')); 94 | 95 | t.true(fixture('# some pkg\n\n> Description of the project.\n\nUseful information about how to install and use some-pkg.')); 96 | }); 97 | 98 | test('hasBinaryOrDependent() looks for a binary or dependent', async (t) => { 99 | const badPkgs = [ 100 | {}, 101 | { bin : '' }, 102 | { bin : {} }, 103 | { bin : { foo : '' } } 104 | ]; 105 | await Promise.all(badPkgs.map(async (pkg) => { 106 | const err = await t.throwsAsync(hasBinaryOrDependent(pkg), TypeError); 107 | t.is(err.message, 'A package name is required.'); 108 | })); 109 | 110 | const orphans = ['rawr', 'poo']; 111 | await Promise.all(orphans.map(async (pkgName) => { 112 | t.false(await hasBinaryOrDependent({ name : pkgName })); 113 | })); 114 | 115 | t.true(hasBinaryOrDependent({ bin : 'cli.js' })); 116 | t.true(hasBinaryOrDependent({ bin : { foo : 'cli.js' } })); 117 | t.true(hasBinaryOrDependent({ 118 | name : 'rawr', 119 | bin : 'cli.js' 120 | })); 121 | }); 122 | 123 | test('hasProdVersion() looks for version 1.0.0 or greater', (t) => { 124 | t.false(hasProdVersion({})); 125 | t.false(hasProdVersion({ version : '0.0.0' })); 126 | t.false(hasProdVersion({ version : '0.0.1' })); 127 | t.false(hasProdVersion({ version : '0.1.0' })); 128 | t.false(hasProdVersion({ version : '1.0.0-0' })); 129 | 130 | t.true(hasProdVersion({ version : '1.0.0' })); 131 | t.true(hasProdVersion({ version : '1.0.1-0' })); 132 | }); 133 | 134 | test('hasDependency() looks for a non-dev dependency', (t) => { 135 | t.false(hasDependency({})); 136 | t.false(hasDependency({ dependencies : {} })); 137 | t.false(hasDependency({ dependencies : { 'build-path' : '' } })); 138 | t.false(hasDependency({ devDependencies : { 'build-path' : '1.0.0' } })); 139 | 140 | t.true(hasDependency({ dependencies : { 'build-path' : '1.0.0' } })); 141 | }); 142 | 143 | test('hasEngine() looks for an engine requirement', (t) => { 144 | t.false(hasEngine({})); 145 | t.false(hasEngine({ engines : {} })); 146 | t.false(hasEngine({ engines : { node : '' } })); 147 | 148 | t.true(hasEngine({ engines : { node : '1.0.0' } })); 149 | t.true(hasEngine({ engines : { npm : '1.0.0' } })); 150 | }); 151 | 152 | test('hasFile() looks for a file whitelist', (t) => { 153 | t.false(hasFile({})); 154 | t.false(hasFile({ files : [] })); 155 | t.false(hasFile({ files : [''] })); 156 | 157 | t.true(hasFile({ files : ['index.js'] })); 158 | }); 159 | 160 | test('hasTest() looks for a test script', (t) => { 161 | t.false(hasTest({})); 162 | t.false(hasTest({ scripts : {} })); 163 | t.false(hasTest({ scripts : { test : '' } })); 164 | // We do not count npm's default test script as valid. 165 | // eslint-disable-next-line no-useless-escape 166 | t.false(hasTest({ scripts : { test : 'echo \"Error: no test specified\" && exit 1' } })); 167 | t.false(hasTest({ scripts : { test : 'no test specified' } })); 168 | 169 | t.true(hasTest({ scripts : { test : 'xo' } })); 170 | }); 171 | 172 | test('hasKeyword() looks for a file whitelist', (t) => { 173 | t.false(hasKeyword({})); 174 | t.false(hasKeyword({ keywords : [] })); 175 | t.false(hasKeyword({ keywords : [''] })); 176 | 177 | t.true(hasKeyword({ keywords : ['fun'] })); 178 | }); 179 | 180 | test('hasExtraMaintainer() looks for multiple maintainers', (t) => { 181 | t.false(hasExtraMaintainer({})); 182 | t.false(hasExtraMaintainer({ maintainers : [] })); 183 | t.false(hasExtraMaintainer({ maintainers : [''] })); 184 | t.false(hasExtraMaintainer({ maintainers : [{}] })); 185 | t.false(hasExtraMaintainer({ maintainers : [{ name : '' }] })); 186 | t.false(hasExtraMaintainer({ maintainers : [{ name : 'Jane Doe' }] })); 187 | 188 | t.true(hasExtraMaintainer({ 189 | maintainers : [ 190 | { name : 'Jane Doe' }, 191 | { name : 'John Doe' } 192 | ] 193 | })); 194 | }); 195 | 196 | test('unpublished() looks for missing dist-tags and an unpublished time', (t) => { 197 | t.false(unpublished({})); 198 | t.false(unpublished({ time : { created : '2018' } })); 199 | t.false(unpublished({ 200 | 'dist-tags' : {}, 201 | time : { unpublished : '2011' } 202 | })); 203 | 204 | t.true(unpublished({ time : { unpublished : '2011' } })); 205 | }); 206 | --------------------------------------------------------------------------------