Repo Info

Highlights any red flags for linked git libraries before you add as a dependency. Reports on activity & dependencies.

Comment

Inspiration

I wanted to play around with Amazon Lambda, Slack, and the libraries.io API. This was an excellent chance to combine all 3.

What it does

Health Check for Github Libraries - Identify strengths and weaknesses of public Github libraries without leaving Slack. Pulls information about any Public Github library linked in Slack from the Github API / Libraries.io API, and posts an overview of the data in

How I built it

I started by typing into the Lambda console directly in the browser, and got a basic slack bot working, but soon needed to include npm libraries, and wanted better version control. Claudia.js provides all these things so I adapted the code to run in that framework (although not using the claudia-bot-builder library as it didn't seem to support the Slack Events API).

The bot itself runs on AWS Lambda, the OAuth authentication works using API Gateway & redirects, the tokens are stored in DynamoDB and even the website is a static website hosted on S3, so there are no EC2 servers required at all for any step of the process!

Challenges I ran into

Slack has a lot of documentation (which is good), but there are so many different APIs and methods of integrating that it took me a long time to figure out exactly which flow & APIs were needed to get the flow I wanted.

It was difficult to get Lambda to respond to Slack's message within their 3 second deadline, and continue processing. In the end, I work around this limitation by calling a second lambda function from the first function so that the first function could return immediately, and the second function could continue to process in the background. (https://claudiajs.com/tutorials/slack-delayed-responses.html)

Accomplishments that I'm proud of

There are lots of tests (at least for the testable parts!)

What I learned

How to use AWS Lambda & integrate into Slack.

What's next for Repo Info

There's a lot of features I'd like to add:

  • Package managers this repo is release on (eg. "available on npm, bower")
  • Release Frequency
  • Number of regular contributors (Bus count)
  • Number of Transitive dependencies (how big is the dependency tree?)
  • Issues / Pull requests closed / opened recently
  • Transitive licensing issues?
  • Github badges / shields: eg. Travis' "Build passing" or the "Dependencies up-to-date" etc. Just scrape the readme for these?
  • Security issues? Known bad versions of dependencies? nodesecurity
  • Avg. time to fix when a vulnerability becomes known?
  • Score each area and colour it red/green in the Slack window with formatting
  • Code-Climate score?
  • Overall health rating? Some function of the above fields.
  • A graph of health-ratings? A bad "red" dependency colours the tree that depends on it?
  • "Star on Github" button
  • Test coverage (integrate with travis?)
  • Change colour of attachment sidebar by sending "color: #ff0000" in chat.postMessage. Red / orange / green for repo health.

Built With

Share this project:

Updates