10 Code Search Tricks for Open Source

Transcript

1. 10 Code Search Tricks for Open Source Using Sourcegraph to

   improve onboarding and productivity in the context of OSS JSWorld Online 2021

2. Sourcegraph Code Search • Search across millions of indexed open

   source repositories ◦ doesn't require an account • Search across your public and private repositories ◦ requires an account to sync your repos from multiple code hosts • Other options: Self hosted ◦ free up to 10 users

3. Browser-based search (sourcegraph.com/search)

4. IDE-based search (VSCode Plugin)

5. 1. Find projects that welcome contributors Use case: you want

   to find a welcoming open source project to contribute to (ex: for Hacktoberfest)

6. Search string: contributing lang:Markdown

7. None
8. None

9. 2. Find welcoming projects in language or framework Use case:

   you want to find a welcoming open source project in your language or framework of choice to contribute to

10. Search string: contributing lang:Markdown repohasfile:"^composer.json$" patterntype:regexp

11. None

12. 3. Find projects relying on specific dependencies Use case: you

    want to find out which projects are relying on a library you wrote, and how they're using it

13. Search string: tailwindcss file:package.json

14. None

15. 4. Find how an object is used across multiple repositories

    Use case: you want to use an undocumented function or method from an open source project and would like to see usage examples

16. Search string: repo:^github\.com/minicli/.* new TableHelper lang:PHP

17. None

18. Search string: repo:^github\.com/minicli/.* getPrinter()->out(...,...) patterntype:structural

19. None

20. 5. Find exposed keys and secrets across repositories Use case:

    you want to check if any of your repositories contains exposed keys and secrets that were committed by mistake

21. Search string: repo:^github\.com/sourcegraph/.* (key|secret|token)-[\w+]{32,} patterntype:regexp

22. 6. Find usage of compromised dependencies Use case: you find

    out about a compromised package and want to check if the malicious code is included in any of your repositories

23. Search string: symfont/process lang:JSON

24. None

25. 7. Audit an organization for outdated dependencies Use case: you

    want to check across repositories for dependencies with a specific version

26. Search string: file:package.json lodash 4.17.19 patterntype:regexp

27. 8. Find code that is not up to language standards

    Use case: you want to audit one or multiple repositories for code that is not up to predefined standards and best practices

28. Search string: lang:PHP ^if([(...)]) patterntype:regexp

29. None

30. 9. Search for recent changes in large or multiple projects

    Use case: you want to be on top of any new functionality or bug patches in a project you rely on

31. Search string: repo:^github\.com/laravel/laravel$ type:commit after:lastweek

32. None

33. 10. Find deprecated function calls across repositories Use case: you

    need to update a project to a newer version of a framework or language, but there might be breaking changes

34. Search string: mhash(...) lang:PHP select:content patterntype:structural

35. None

36. Thank You! Questions? Twitter: @erikaheidi E-mail: [email protected] https://sourcegraph.com