npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@achingbrain/dependency-check

v4.1.0

Published

checks which modules you have used in your code and then makes sure they are listed as dependencies in your package.json

Downloads

264

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

achingbrainachingbrain

Keywords

Readme

This is a temporary fork which is only necessary until dependency-check-team/dependency-check#127 or equivalent is merged

dependency-check

checks which modules you have used in your code and then makes sure they are listed as dependencies in your package.json, or vice-versa

Node CI Static code analysis dependencies Status Known Vulnerabilities

js-standard-style

requirements for maintained majors

dependency-check 4.x supports Node.js 10 and later

dependency-check 3.x supports Node.js 6 and later

dependency-check 2.x supports Node.js 0.10 and later (Dev note: published using the legacy tag)

For more info on maintenance status, see SECURITY.md.

how it works

dependency-check parses your module code starting from the default entry files (e.g. index.js or main and any bin commands defined in package.json or if specific files has been defined, then those) and traverses through all relatively required JS files, ultimately producing a list of non-relative modules

  • relative - e.g. require('./a-relative-file.js'), if one of these are encountered the required file will be recursively parsed by the dependency-check algorithm
  • non-relative - e.g. require('a-module'), if one of these are encountered it will get added to the list of dependencies, but sub-dependencies of the module will not get recursively parsed

the goal of this module is to simply check that all non-relative modules that get require()'d are in package.json, which prevents people from getting 'module not found' errors when they install your module that has missing deps which was accidentally published to NPM (happened to me all the time, hence the impetus to write this module).

cli usage

$ npm install dependency-check -g
$ dependency-check <path to module file(s), package.json or module folder>

# e.g.

$ dependency-check ./package.json --verbose
Success! All dependencies used in the code are listed in package.json
Success! All dependencies in package.json are used in the code
$ dependency-check ./package.json --missing --verbose
Success! All dependencies used in the code are listed in package.json
$ dependency-check ./package.json --unused --verbose
Success! All dependencies in package.json are used in the code

# or with file input instead:

$ dependency-check ./index.js

# even with globs and multiple inputs:

$ dependency-check ./test/**/*.js ./lib/*.js

dependency-check exits with code 1 if there are discrepancies, in addition to printing them out

To always exit with code 0 pass --ignore

--missing

running dependency-check ./package.json --missing will only do the check to make sure that all modules in your code are listed in your package.json

--unused

running dependency-check ./package.json --unused will only do the inverse of the missing check and will tell you which modules in your package.json dependencies were not used in your code

--no-dev

running dependency-check ./package.json --unused --no-dev will not tell you if any devDependencies in your package.json were missing or unused

--no-peer

running dependency-check ./package.json --unused --no-peer will not tell you if any peerDependencies in your package.json were missing or unused

--ignore-module, -i

ignores a module. This works for both --unused and --missing. You can specify as many separate --ignore-module arguments as you want. For example running dependency-check ./package.json --unused --ignore-module foo will not tell you if the foo module was not used in your code. Supports globbing patterns through the use of micromatch, so eg. --ignore-module "@types/*" is possible

--no-default-entries

running eg. dependency-check package.json tests.js --no-default-entries won't add any default entries despite the main path given being one to a package.json or module folder. So only the tests.js file will be checked

--extensions, -e

running dependency-check ./package.json -e js,jsx:precinct will resolve require paths to .js and .jsx paths, and parse using precinct.

--detective

running dependency-check ./package.json --detective precinct will require() the local precinct as the default parser. This can be set per-extension using using -e. Defaults to parsing with detective.

--verbose

Running with --verbose will enable a log message on success, otherwise dependency-check only logs on failure.

--help

shows above options and all other available options

auto check before every npm publish

add this to your .bash_profile/.bashrc

# originally from https://gist.github.com/mafintosh/405048d304fbabb830b2
npm () {
  ([ "$1" != "publish" ] || dependency-check .) && command npm "$@"
}

now when you do npm publish and you have missing dependencies it won't publish, e.g.:

$ npm publish
Fail! Dependencies not listed in package.json: siblings
$ npm install --save siblings
$ npm publish # works this time

grunt usage

See grunt-dependency-check.

protips

  • detective is used for parsing require() statements, which means it only does static requires. this means you should convert things like var foo = "bar"; require(foo) to be static, e.g. require("bar")
  • use globbing to effectively add all the files you want to check