(cd && GO111MODULE=on go get github.com/gagliardetto/lgtm-cli)
cd $GOPATH/src/github.com/gagliardetto/lgtm-cli
make install
export LGTM_CLI_CONFIG=/path/to/lgtm.com_credentials.json # see example below
or
cd $(mktemp -d)
git clone https://github.com/gagliardetto/lgtm-cli.git
cd lgtm-cli
make install
export LGTM_CLI_CONFIG=/path/to/lgtm.com_credentials.json # see example below
{
"api_version": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"session": {
"nonce": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"long_session": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"short_session": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
},
"github": {
"token": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
}
}
You can intercept the lgtm.com session values from Chrome WebDev tools (and similar) after you've logged into lgtm.com (see below for tutorial).
As for the GitHub token, one with zero permissions is advised (i.e. all scope checkboxes non-selected). You can create a new token here: https://github.com/settings/tokens/new
-
Got to https://lgtm.com/ and signup/login.
-
After you're logged in, open the Chrome DevTools >
Network
tab: -
Reload lgtm.com.
-
Set filter to
XHR
: -
Click on an API request:
-
Go to the
Headers
tab and scroll to theRequest Headers
section: -
Copy the values into your
lgtm.com_credentials.json
file:- You can find the
api_version
in highlighted point2
in the above image. - You can find the
session.nonce
in highlighted point5
in the above image. - You can find the
session.long_session
in highlighted point4
in the above image. - You can find the
session.short_session
in highlighted point3
in the above image.
- You can find the
NOTES
- The
api_version
is a value that changes from time to time. - If you get a
... resp.error="bad request"; resp.message="api_mismatch"
, it means it's time to go look for the newapi_version
value from lgtm.com.
For the complete docs about all the commands: lgtm help
; or for a specific command: lgtm help <command>
lgtm unfollow-all
lgtm followed
lgtm follow github/codeql-go kubernetes/kubernetes
lgtm follow \
-f=projects.txt
lgtm follow github
lgtm follow-by-lang --limit=101 python
Results are limited (by the GitHub API) to the first 1K items.
Follow GitHub repositories that match your provided repository search query.
For query syntax, see : https://docs.github.com/en/free-pro-team@latest/github/searching-for-information-on-github/searching-for-repositories
NOTE: lgtm.com does not support fork scanning, so to get more relevant repositories, it's always advised to include fork:false
in your search query.
lgtm follow-by-meta-search --limit=101 'jquery "hello world" in:name,description language:javascript fork:false'
Results are limited (by the GitHub API) to the first 1K items.
Follow GitHub repositories that match your provided code search query.
For query syntax, see: https://docs.github.com/en/free-pro-team@latest/github/searching-for-information-on-github/searching-code
lgtm follow-by-code-search --limit=101 'from flask import Flask language:python filename:"__init__.py"'
Example 1: follow repositories that import the html/template
package.
lgtm follow-by-go-imported-by "html/template"
Example 2: follow repositories that import the golang.org/x/oauth2
package.
lgtm follow-by-go-imported-by "golang.org/x/oauth2"
Follow repositories that depend on a given repo; this info is obtained from the GitHub Dependency Network.
See the official docs to find out what ecosystems are supported (js, python, ruby, php, etc.)
Example 1: get info about dependents of eslint/eslint
(will only print a summary):
lgtm follow-by-depnet --info "eslint/eslint"
Example 2: follow all repositories that depend on eslint/eslint
.
lgtm follow-by-depnet "eslint/eslint"
Example 3: follow the first 100 repositories that depend on eslint/eslint
.
lgtm follow-by-depnet --limit=100 "eslint/eslint"
Example 4: follow the first 100 packages that depend on eslint/eslint
.
lgtm follow-by-depnet --type=PACKAGE --limit=100 "eslint/eslint"
Example 5: follow the first 100 repositories that depend on eslint/eslint
, more specifically on the eslint-config-eslint
package.
lgtm follow-by-depnet --limit=100 --sub="eslint-config-eslint" "eslint/eslint"
lgtm lists
lgtm create-list "name_of_list"
lgtm list "name_of_list"
lgtm add-to-list \
github/codeql-go kubernetes/kubernetes \
--name="name_of_list"
lgtm add-to-list \
--name="name_of_list" \
-f=projects.txt
lgtm delete-list "name_of_list"
NOTE: projects will NOT be unfollowed if they are followed.
Supports glob matching.
lgtm unfollow github/codeql-go "kubernetes/*" "foo/b*" "*/hello"
lgtm unfollow \
-f=projects.txt
Example: unfollow all projects from kubernetes owner.
lgtm unfollow kubernetes
lgtm --wait=30s rebuild --lang=go
Default: rebuild ONLY projects that don't have a build for that language, yet.
lgtm --wait=5s rebuild-proto
or to not be prompted for confirmation for each item:
lgtm --wait=5s rebuild-proto --force
By list name (can specify multiple):
lgtm query \
--list="foo" \
--list="bar" \
-lang=go \
-q=/path/to/query.ql
or by list key (can specify multiple):
lgtm query \
--list-key=0123456789 \
--list-key=0987654321 \
-lang=go \
-q=/path/to/query.ql
lgtm query \
github/codeql-go kubernetes/kubernetes \
-lang=go \
-q=/path/to/query.ql
lgtm query \
-lang=go \
-f=projects.txt \
-q=/path/to/query.ql
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX | jq -r '.[].Project.displayName'
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX --min-results=1 | jq -r ".[].Project.externalURL.url"
lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX --min-alerts=1 | jq -r ".[].Project.externalURL.url"
Multiple commands do some checks and optimizzations that rely on getting the list of followed projects.
When you follow many projects (a few thousands, probably about 5K or more), the lgtm.com API endpoint that lists followed projects does timeout.
To overcome that, you can use the --ignore-followed-errors
flag to use alternative methods to complete the command.
Example:
lgtm --ignore-followed-errors unfollow kubernetes/kubernetes
This of course won't work for commands like lgtm followed
or lgtm unfollow-all
.
The author and contributors of this script assume no liability for your use of this project, including, but not limited legal repercussions or being banned from LGTM.com. Please consult the LGTM.com terms of service for more information.
LGTM/LGTM.com is a trademark of Semmle / GitHub. The use of the LGTM trademark and name on this page shall not imply any affiliation with or endorsement by Semmle / GitHub.
Legal
section of this readme: https://github.com/JLLeitschuh/lgtm_hack_scripts#legal