Feature idea: list dependencies from certain maintainers

[wojtekmaj]

Let's say, hypothetically, we got concerning results from running npx dependency-maintainers, we found one account that is a maintainer in a suspiciously large number of dependencies we use, and we would like to dig in deeper.

It would be cool if we could just:

npx dependency-maintainers --list-deps-by=ljharb

(contributor name chosen at random)

and get the list of dependencies we use and they maintain.

[NullVoxPopuli]

I love this idea!

Personally, I'd use this feature to find which deps are releasable by people I know have gone MIA in particular sub communities and maybe adjust who has release access

[benmccann]

Here's an implementation being shared under MIT license. It has my name hardcoded, so you'll have to update it to take an input. It also has an -r option to run recursively in a monorepo

maintainer.js.txt

[NullVoxPopuli]

shared under MIT license

only reason this tool is GPL-3.0 is because I don't think it should be a part of anyone's closed-source product (of course, I would never know -- honor system, basically))

It also has an -r

I commented on #9, and I would be happy to take a PR that adds this feature using @manypkg/get-packages 🎉

[benmccann]

It's not my script, so we'd have to ask @bluwy if he's okay licensing it here under GPL 3

[bluwy]

I don't mind if you'd use all or some of the code, per the MIT license it should be acceptable to be re-licensed under GPL 3. Would appreciate a link to the repo or source code if so, but not strictly something I'd enforce.