Upgrade to Pro — share decks privately, control downloads, hide ads and more …

10 Code Search Tricks for Open Source

719435d98d452de7ac367c828266cf01?s=47 Erika Heidi
February 10, 2022

10 Code Search Tricks for Open Source

Learn how to leverage Sourcegraph code search to improve onboarding and productivity in the context of open source software.

Talk presented at JSWorld Online on February 10, 2022.

719435d98d452de7ac367c828266cf01?s=128

Erika Heidi

February 10, 2022
Tweet

More Decks by Erika Heidi

Other Decks in Technology

Transcript

  1. 10 Code Search Tricks for Open Source Using Sourcegraph to

    improve onboarding and productivity in the context of OSS JSWorld Online 2021
  2. Sourcegraph Code Search • Search across millions of indexed open

    source repositories ◦ doesn't require an account • Search across your public and private repositories ◦ requires an account to sync your repos from multiple code hosts • Other options: Self hosted ◦ free up to 10 users
  3. Browser-based search (sourcegraph.com/search)

  4. IDE-based search (VSCode Plugin)

  5. 1. Find projects that welcome contributors Use case: you want

    to find a welcoming open source project to contribute to (ex: for Hacktoberfest)
  6. Search string: contributing lang:Markdown

  7. None
  8. None
  9. 2. Find welcoming projects in language or framework Use case:

    you want to find a welcoming open source project in your language or framework of choice to contribute to
  10. Search string: contributing lang:Markdown repohasfile:"^composer.json$" patterntype:regexp

  11. None
  12. 3. Find projects relying on specific dependencies Use case: you

    want to find out which projects are relying on a library you wrote, and how they're using it
  13. Search string: tailwindcss file:package.json

  14. None
  15. 4. Find how an object is used across multiple repositories

    Use case: you want to use an undocumented function or method from an open source project and would like to see usage examples
  16. Search string: repo:^github\.com/minicli/.* new TableHelper lang:PHP

  17. None
  18. Search string: repo:^github\.com/minicli/.* getPrinter()->out(...,...) patterntype:structural

  19. None
  20. 5. Find exposed keys and secrets across repositories Use case:

    you want to check if any of your repositories contains exposed keys and secrets that were committed by mistake
  21. Search string: repo:^github\.com/sourcegraph/.* (key|secret|token)-[\w+]{32,} patterntype:regexp

  22. 6. Find usage of compromised dependencies Use case: you find

    out about a compromised package and want to check if the malicious code is included in any of your repositories
  23. Search string: symfont/process lang:JSON

  24. None
  25. 7. Audit an organization for outdated dependencies Use case: you

    want to check across repositories for dependencies with a specific version
  26. Search string: file:package.json lodash 4.17.19 patterntype:regexp

  27. 8. Find code that is not up to language standards

    Use case: you want to audit one or multiple repositories for code that is not up to predefined standards and best practices
  28. Search string: lang:PHP ^if([(...)]) patterntype:regexp

  29. None
  30. 9. Search for recent changes in large or multiple projects

    Use case: you want to be on top of any new functionality or bug patches in a project you rely on
  31. Search string: repo:^github\.com/laravel/laravel$ type:commit after:lastweek

  32. None
  33. 10. Find deprecated function calls across repositories Use case: you

    need to update a project to a newer version of a framework or language, but there might be breaking changes
  34. Search string: mhash(...) lang:PHP select:content patterntype:structural

  35. None
  36. Thank You! Questions? Twitter: @erikaheidi E-mail: erika.heidi@sourcegraph.com https://sourcegraph.com