Article
Published on February 28, 2022 by Laurens Van Keer
Not every large organisation employs large monorepos like Google, Facebook, and Microsoft do. Many clients I have consulted for have many repositories in their repository management platform (often GitHub, GitLab, or BitBucket). Such multirepo setups sometime make the organisation's "codebase portfolio" and its dependencies opaque to the developers and the management.
This can complicate version management. Sometimes we need a list of all apps and libraries that are dependent on a specific version of a library (e.g. the Log4j "Log4Shell" vulnerability). Or the core team did an update of one of the base libraries, and we need to know which apps are dependant on this library. Or we simply want a list of all applications in our organisation.
Most repository management software already provides some tools out of box for analysis, but these can be quite limited in scope.
Introducing an idea for a simple tool for performing such analysis, along with a minimal implementation using Node.js, for GitLab organisations...
The idea is to read the projects API of the repository management software. For each project, read the package.json
file (if it exists) of the default branch - because when developing the tool I was mainly interested in frontend and Node.js projects. Next, the dependencies are read, and this data is populated in a local Neo4j instance. Finally, we can run Cypher queries on our repository and dependency graph:
A simple idea, but quite powerful, I've found.
In the quick Node.js script I've written, only GitLab is supported because I happen to have two clients using GitLab. API docs can be found here: GitLab Projects API
Disclaimer: this is not a finished and polished product. Rather, it is a script I've written quickly that helps me during my day-to-day work as a consultant for various companies, and would like to share with the world.
Photo credit: Alina Grubnyak
We give strategic and technical advice for your digitalisation project.
We help your concepts come to live.
We coach and train your in-house developers.
© 2016 - 2023 App Vision BV. All rights reserved.
Lindekouter 9, 9420 Erpe-Mere
VAT BE0665619245