(cd && GO111MODULE=on go get github.com/gagliardetto/lgtm-cli)

cd $GOPATH/src/github.com/gagliardetto/lgtm-cli

make install

export LGTM_CLI_CONFIG=/path/to/lgtm.com_credentials.json # see example below

or

cd $(mktemp -d)

git clone https://github.com/gagliardetto/lgtm-cli.git

cd lgtm-cli

make install

export LGTM_CLI_CONFIG=/path/to/lgtm.com_credentials.json # see example below

{
  "api_version": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
  "session": {
    "nonce": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "long_session": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "short_session": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  },
  "github": {
    "token": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  }
}

You can intercept the lgtm.com session values from Chrome WebDev tools (and similar) after you've logged into lgtm.com (see below for tutorial).

As for the GitHub token, one with zero permissions is advised (i.e. all scope checkboxes non-selected). You can create a new token here: https://github.com/settings/tokens/new

1. Got to https://lgtm.com/ and signup/login.

2. After you're logged in, open the Chrome DevTools > Network tab:

   

3. Reload lgtm.com.

4. Set filter to XHR:

   

5. Click on an API request:

   

6. Go to the Headers tab and scroll to the Request Headers section:

   

7. Copy the values into your lgtm.com_credentials.json file:

   • You can find the api_version in highlighted point 2 in the above image.
   • You can find the session.nonce in highlighted point 5 in the above image.
   • You can find the session.long_session in highlighted point 4 in the above image.
   • You can find the session.short_session in highlighted point 3 in the above image.

NOTES

• The api_version is a value that changes from time to time.
• If you get a ... resp.error="bad request"; resp.message="api_mismatch", it means it's time to go look for the new api_version value from lgtm.com.

For the complete docs about all the commands: lgtm help; or for a specific command: lgtm help <command>

lgtm unfollow-all

lgtm followed

lgtm follow github/codeql-go kubernetes/kubernetes

lgtm follow \
	-f=projects.txt

lgtm follow github

lgtm follow-by-lang --limit=101 python

Results are limited (by the GitHub API) to the first 1K items.

Follow GitHub repositories that match your provided repository search query.

For query syntax, see : https://docs.github.com/en/free-pro-team@latest/github/searching-for-information-on-github/searching-for-repositories

NOTE: lgtm.com does not support fork scanning, so to get more relevant repositories, it's always advised to include fork:false in your search query.

lgtm follow-by-meta-search --limit=101 'jquery "hello world" in:name,description language:javascript fork:false'

Results are limited (by the GitHub API) to the first 1K items.

Follow GitHub repositories that match your provided code search query.

For query syntax, see: https://docs.github.com/en/free-pro-team@latest/github/searching-for-information-on-github/searching-code

lgtm follow-by-code-search --limit=101 'from flask import Flask language:python filename:"__init__.py"'

Example 1: follow repositories that import the html/template package.

lgtm follow-by-go-imported-by "html/template"

Example 2: follow repositories that import the golang.org/x/oauth2 package.

lgtm follow-by-go-imported-by "golang.org/x/oauth2"

Follow repositories that depend on a given repo; this info is obtained from the GitHub Dependency Network.

See the official docs to find out what ecosystems are supported (js, python, ruby, php, etc.)

Example 1: get info about dependents of eslint/eslint (will only print a summary):

lgtm follow-by-depnet --info "eslint/eslint"

Example 2: follow all repositories that depend on eslint/eslint.

lgtm follow-by-depnet "eslint/eslint"

Example 3: follow the first 100 repositories that depend on eslint/eslint.

lgtm follow-by-depnet --limit=100 "eslint/eslint"

Example 4: follow the first 100 packages that depend on eslint/eslint.

lgtm follow-by-depnet --type=PACKAGE --limit=100 "eslint/eslint"

Example 5: follow the first 100 repositories that depend on eslint/eslint, more specifically on the eslint-config-eslint package.

lgtm follow-by-depnet --limit=100 --sub="eslint-config-eslint" "eslint/eslint"

lgtm lists

lgtm create-list "name_of_list"

lgtm list "name_of_list"

lgtm add-to-list \
	github/codeql-go kubernetes/kubernetes \
	--name="name_of_list"

lgtm add-to-list \
	--name="name_of_list" \
	-f=projects.txt

lgtm delete-list "name_of_list"

NOTE: projects will NOT be unfollowed if they are followed.

Supports glob matching.

lgtm unfollow github/codeql-go "kubernetes/*" "foo/b*" "*/hello"

lgtm unfollow \
	-f=projects.txt

Example: unfollow all projects from kubernetes owner.

lgtm unfollow kubernetes

lgtm --wait=30s rebuild --lang=go

Default: rebuild ONLY projects that don't have a build for that language, yet.

lgtm --wait=5s rebuild-proto

or to not be prompted for confirmation for each item:

lgtm --wait=5s rebuild-proto --force

By list name (can specify multiple):

lgtm query \
	--list="foo" \
	--list="bar" \
	-lang=go \
	-q=/path/to/query.ql

or by list key (can specify multiple):

lgtm query \
	--list-key=0123456789 \
	--list-key=0987654321 \
	-lang=go \
	-q=/path/to/query.ql

lgtm query \
	github/codeql-go kubernetes/kubernetes \
	-lang=go \
	-q=/path/to/query.ql

lgtm query \
	-lang=go \
	-f=projects.txt \
	-q=/path/to/query.ql

lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX

lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX | jq -r '.[].Project.displayName'

lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX --min-results=1 |  jq -r ".[].Project.externalURL.url"

lgtm x-list-query-results XXXXXXXXXXXXXXXXXXX --min-alerts=1 |  jq -r ".[].Project.externalURL.url"

Multiple commands do some checks and optimizzations that rely on getting the list of followed projects.

When you follow many projects (a few thousands, probably about 5K or more), the lgtm.com API endpoint that lists followed projects does timeout.

To overcome that, you can use the --ignore-followed-errors flag to use alternative methods to complete the command.

Example:

lgtm --ignore-followed-errors unfollow kubernetes/kubernetes

This of course won't work for commands like lgtm followed or lgtm unfollow-all.

The author and contributors of this script assume no liability for your use of this project, including, but not limited legal repercussions or being banned from LGTM.com. Please consult the LGTM.com terms of service for more information.

LGTM/LGTM.com is a trademark of Semmle / GitHub. The use of the LGTM trademark and name on this page shall not imply any affiliation with or endorsement by Semmle / GitHub.

Legal section of this readme: https://github.com/JLLeitschuh/lgtm_hack_scripts#legal