VersionEye now with new Dependency Badges

VersionEye has now new dependency badges for Java, Ruby, PHP and Node.JS. You will find them on every package page. They look like this.

dep_out-of-datedep_up-to-date dep_unknown

They badges are showing you immediately if the dependencies of a software library are up-to-date, out-of-date or unknown. By clicking on the badges a popup will appear with code snippets for the most used markup languages. Just use copy and pate to add the badges to your GitHub or another HTML page.


The badges are also available for your VersionEye projects, if they are public.

Screen Shot 2013-05-22 at 10.32.55 PM

A project is up-to-date if all his dependencies are up-to-date.

I am looking forward to see this badges on GitHub 🙂

Usage of GitHub Scopes refactored at VersionEye

At VersionEye we provide a login with your GitHub Account. Initially we implemented the GitHub login with the “repo” scope. That means that you give VersionEye read and write access to ALL your repositories, even your private ones. Many people asked me why VersionEye needs read and write access to private repositories. Well. VersionEye don’t need write access to your repositories because VersionEye never will change your source code. But currently the GitHub API doesn’t provide a “read-only” scope for private repositories. I talked to the GitHub guys at the GitMerge Conf. in Berlin and I know they are working on more scopes for the GitHub API.

The 2nd question is why VersionEye needs read access to private repositories. Well. We just need that if you want that we monitor your private Repositories.

Because so many people complaint about this scope, we did some refactoring. If you now login in via GitHub, VersionEye will only ask for read access to your public repositories.

Screen Shot 2013-05-22 at 11.27.18 AM

If you want to create a new project at VersionEye, we will only fetch your public repositories.

Screen Shot 2013-05-22 at 11.28.16 AM

But if you want that VersionEye is monitoring your private repositories, you can afterwards grand VersionEye access to your private repositories. You just have to click the link “Grand access to private repositories” in the GitHub tab. Than this dialog will appear.

Screen Shot 2013-05-22 at 11.28.30 AM

And again. VersionEye will never do write operations on your repositories. We use that scope only for reading and monitoring your private repositories.

In the settings area you can click on the link “Connect”, to see your connections to other social networks. Here we display you also the GitHub API scope we have for your account.

Screen Shot 2013-05-22 at 11.28.47 AM

You can every time use the “disconnect” link. That will delete the GitHub token for your Account in the VersionEye database.

Testing AJAX with Capybara and Selenium

In the past days I migrated my tests from WebRat to Capybara and I wrote a couple new acceptance tests with RSpec, Capybara and the selenium-webdriver. All in one it’s pretty cool.

You can just keep writing your acceptance tests as usual with RSpec and Capybara. Here is a small example.

describe "Empty Payment History", :js => true do
  it "shows correct message when there's no history" do
    visit "/settings/payments"
    have_css "#payment_history", text: "You dont have any Payment history"

This test is sending a request to “/settings/payments” and is testing if on the page the CSS class “payment_history” occurs. Pretty easy. This you could also do with WebRat. But the magic is in the first line. “:js => true” that tells Capybara that it should execute the test with the selenium-webdriver. That will basically start your browser (Firefox) and you can see how the test gets executed. This is not possible with WebRat.

It’s just getting a little bit tricky if you do a lot of AJAX requests on the page. In the Capybara documentation they write that you should use the “find” methods, because they wait until an element appears on the page. That didn’t worked out for me. The test always failed. Somebody on Stackoverflow wrote that this construct would work for AJAX pages.

within('#payment_history') do
  page.all('a',  :text => 'View receipt')

And he was right! This test always succeeded. ALWAYS! Even if the test was completely wrong! 😀 Yeah. Very funny! *LOL* Seems like a bug. I did a little bit more research and finally I found a solution which worked correctly.

using_wait_time 10 do
  page.should have_content("View receipt")

With “using_wait_time” you can force Selenium to wait for a couple seconds, until the AJAX requests are done. That finally worked out and the tests are working now correctly.

Don’t use Webrat anymore

Webrat is a testing Framework for Ruby. In general it is pretty cool, but DEAD! The last version was released more than 2 years ago. And there are only 200 GEMs referencing it.

Screen Shot 2013-05-19 at 1.58.05 PM

The newest PullRequests on GitHub are 1 year old! Not an active project! Don’t use dead projects!

I moved my tests to Capybara. This project is more active. VersionEye shows that the newest version was released 1 month ago and there are almost 2300 GEMs referencing it.

Screen Shot 2013-05-19 at 2.01.56 PM

And the newest PullRequests on GitHub are only 4 days old. That all shows me that it’s still active and I feel better if I know that there developers fixing bugs 🙂

Moving Tests from Webrat to Capybara

I one of my applications I had a bunch of tests written with RSpec and Webrat. Unfortunately it seems that Webrat is not longer maintained actively anymore. That’s why it is a good decision to move to Capybara, an active Test Framework for Ruby.

The Migration was so far pretty smooth. Most time it was a simple replacement of code. Most time I had to replace something like this:

response.should contain("STRING_TO_TEST")

With this :

response.body.should match("STRING_TO_TEST")

Otherwise assertions like this caused problems:

response.status.should == 401

That worked again as soon I wrote it like this here:

response.status.should eq(401)

2 times I got the error message that response is nil. That I could resolve by assigning it explicitly.

response = post @project_uri, {:api_key => @user_api.api_key}, "HTTPS" => "on"
response.status.should eq(403)

Otherwise it worked out pretty good.

Testing SSL with Capybara and Selenium

I am using Capybara with Selenium as JS engine to write acceptance tests for a Ruby on Rails application. In some controllers I am forcing SSL with the “force_ssl” filter from Rails. By running the tests with Selenium this caused some problems. Selenium is launching Firefox and calls the URL Of course there is no SSL for localhost! This causes an error and the test fails.

I did some research for this. There are some tickets on GitHub and StackOverflow to this. but nothing what actually solves the core problem. For right now I just solved it, with running the filter only in production mode and not in test mode.

force_ssl if Rails.env.production?

Now Firefox is launching on

undefined method `visit’ for RSpec with Capybara

I just started to write an acceptance test with capybara. I followed the code example on the GitHub Page and I got this odd error:

Failure/Error: visit ''
 undefined method `visit' for #<RSpec::Core::ExampleGroup::Nested_1::Nested_1:0x007fda48e0f680>

I placed my test in “spec/requests”. After some research I found out that the new Capybara GEM expects the test to be in “spec/features”. After I moved my test file to the right directory it worked perfectly.

Improving the Dependency Wheel at the GitMerge Hackathon

Last week I attended to the GitMerge Conference in Berlin. It was sponsored by GitHub and Google. On Saturday their was the hackathon day. I found somebody who want to contribute to the dependency wheel project. Many Thanks to Coding46 for his contributions!

The dependency wheel project is a JavaScript Library which enables you to draw a circle of dots and connect the dots according to his dependencies. Here is an example:


I integrated this library into the VersionEye project to display dependencies of Software Libraries. Some users complaint that they can’t see the direction of the dependency. In the graph above you can’t see if dom4j is requesting pull-parser or pull-parser is requesting dom4j.

At the GitMerge Hackathon we did some brainstorming how we could solve this problem. We decided to solve the problem with different color. If you go with the mouse cursor over a dot we highlight the outgoing dependencies with a violet color and the incoming dependencies with a green color. Here is an example.

Screen Shot 2013-05-15 at 11.08.16 AM

In the graph above you can directly see the directions. Actionpack depends for example on activesupport, activemodel, builder, erubis, journey, rack, rack-cache, rack-test and sprockets. 2 other dependencies in the circle are depending on Actionpack. Actionmailer and railties are both depending on actionpack.

If you now move the curser to the actionmailer dot, the color of the connection to actionpack changes to green.

Screen Shot 2013-05-15 at 11.15.55 AM

Again many Thanks to Coding46 for his contributions and his help. Without him this wouldn’t be done.

Hasso Plattner Ventures is investing in VersionEye

In the last weeks it was a little bit silent around VersionEye. The company was running low on Money and I spend my time with approaching Investors. In the end I had different options. There was also one offer from a US based VC willing to invest a “bigger amount”.

But in the end I decided to take a smaller amount, 100K EUR, as Convertible Note from Hasso Plattner Ventures (HPV) and stay in control of my company. The Money will be used to build an Enterprise Version of VersionEye. Something what companies can download and use in their Intranets. The Business Model will still be subscription based.


I am very excited about the collaboration with HPV.

How to mock the GitHub API

If you write code against the GitHub API you have to mock it somehow. Otherwise it can be tricky to test it. Here is how I did it. I found this great GEM FakeWeb. With this GEM you can fake Web Requests. It allows you to register URLs with fix responses. Her is an example:

FakeWeb.register_uri(:get, "", :body => "Awesome")

If you do now a HTTP request to you will get “Awesome” as response.

=> "Awesome"

Here is how I mocked the GitHub OAuth login precess. I just registered this 2 URLs:

FakeWeb.register_uri(:get, "{Settings.github_client_id}&client_secret=#{Settings.github_client_secret}&code=123", :body => "token=token_123")
FakeWeb.register_uri(:get, "", :body => "{\"id\": 1, \"email\": \"\"}")

And that’s it. With that you can now test your callback.

get "/auth/github/callback?code=123"
assert_response :success

I am using RSpec for testing. Let me know if you have questions.

Determine scopes for given GitHub Token

If you have a given token from GitHub and you want to know which scopes it has you have to check the Headers. Just use the token for any resource on the GitHub API and double check the headers of the response. In the headers the “x-oauth-scopes” field tells you the which scopes the token has.

Here is a small example with Ruby and HTTParty.

response = HTTParty.get("{token}", :headers => {"User-Agent" => A_USER_AGENT } )

If you HTTParty, party hard! 😉

GitHub API : User Agent Now Mandatory

GitHub now enforces the User Agent. If you do API calls without user agent you will get a 403 error message back. Check out this post:

If you are using the HTTParty GEM in Ruby to do the API calls you have to set the headers. Here an example:

body = HTTParty.get(url, :headers => {"User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17" } ).response.body

Hack And Tell Berlin

Yesterday night I went to Hack And Tell in Berlin. This monthly MeetUp is organised here in the web. And on Twitter you find it here: The official HashTag is #bhnt. The event is every time at the C-Base Spaceship. It is a little bit similar to SFNewTech. Everybody can go on the stage and do a presentation. 5 min presentation and 5 min questions and answers. You presentation have to be tech. related. Business Questions are not allowed!

I saw a couple very good presentations. Really cool stuff. For example the Open Bank Project from Simon Redfern. The source code is open source and on GitHub:


Another cool presentation was Thunkpedia. A new kind of interactive search. I like the idea of improving a search engine by human voting.


Konrad Reiche presented Security Cam: A Python and Android attachment for Motion to set up a security system.


I did a presentation by myself about VersionEye. Just showed the most important features and the API.


I got many questions and feedback. Somebody told me that I showed to less code during my presentation. I am sorry for that. This was my first Hack and Tell event. Next time will show the code for the JavaScript Dependency Wheel and how I solved the problem to pin a JavaScript Canvas on Pinterest.

And there have been much more cool presentations.

At the end of the event everybody can vote for a presenter. I voted for Thunkpedia because I like the idea and it is a non trivial problem. In the end the Thunkpedia Project and the Security Cam Project become the winners. They had the same amount of points.


Congratulations! 🙂

The Price is this awesome cup.


The winner can have it for 1 Month. And next month somebody else will get it 🙂

You can check out all images from the event here:

Table view for Dependencies

Just pushed a new version online. The dependencies at VersionEye are now displayed in a table view. This is how it looks for Hibernate on the package page.

Screen Shot 2013-04-15 at 6.30.04 PM

You can see now immediately on the package page which dependencies are outdated.

The dependency view for your private projects is changed as well. Here is an example.

Screen Shot 2013-04-15 at 6.29.03 PM

This view is more compressed and you can see more details without scrolling.

Let me know how you like it.

VersionEye API : Dependency stable

At the last DevCamp in KA I had some good discussion about the VersionEye API. That’s why I enhanced it a little bit. I just introduced a new attribute to the project dependencies. The “stable” attribute. If this is true than that means that the newest version is stable, otherwise the newest version is unstable. In that case it could be an alpha or beta version. If this is the case we display the dependency with an yellow background instead of a red background.

Screen Shot 2013-03-25 at 11.19.46 AM Here is the color code we are using at VersionEye: 

if unknown == true
  return "gray"
elsif outdated == true && stable == true
  return "red"
elsif outdated == true && stable == false
  return "yellow"
  return "green"

Swagger UI File Upload Bug

Swagger UI is a pretty cool JS Library to auto generate documentation for APIs. I am using it for VersionEye. The API page at VersionEye is completely running on Swagger UI:

Unfortunately there is a small bug in the JavaScript. If you have 2 file upload fields with the same name, than swagger UI is always taking the last file input from the page. Even if the 2 input fields are in completely different forms. The workaround is to use different names. That’s why I had to change the file upload name for “/v1/projects/{project_key}.json” from “upload” to “project_file”.

Screen Shot 2013-03-25 at 10.46.48 AM

Minimum Stability

The PHP Package Manager Composer has a very cool Feature, called minimum-stability.  That defines the minimun stability for wildcard versions. Let’s say you define this in your composer.json file:

"symfony/finder" : "2.2.*"

By default the minimum stability is “stable”. That means the package manager will look for the newest version in the “2.2.” branch, which is stable. If you want to have the newest dev version you can redefine the minimum stability for this package:

"symfony/finder" : "2.2.*@dev"

In that case you would get the newest development & unstable version from the “2.2.” branch. Possible stability tags are “@dev”, “@RC”, “@stable”, “@beta” and “@alpha”.



VersionEye does now understand the minimum stability tags from composer and can handle it. But it’s an early implementation. Your Feedback is welcome!

Remove 1 Document from ElasticSearch Index via Tire

It is possible to remove 1 single document from an existing ElasticSearch Index! I am using the Ruby GEM Tire to deal with the ElasticSearch Server. This is the command to delete an existing document:

Tire.index( <INDEX_NAME> ).remove( <DOCUMENT_TYPE> , DOCUMENT_ID )

Worked fine for me 🙂