check-packages
v1.2.0
Published
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
Downloads
6,492
Readme
check-packages
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
Install
To use it in your project:
$ npm install --save-dev check-packages
To use it globally:
$ npm install --global check-packages
It requires Node.js (v6 or higher).
Usage
$ check-packages <checklist.json> [options]
Checklist JSON File
The content of the checklist file must be an array of package names (with optional semver ranges), e.g.:
[
"react",
"react-dom",
"redux@>=1.0.0-rc.0 <1.0.1",
"react-redux@^2 <2.2 || > 2.3"
]
By default check-packages
uses the checklist path packages-whitelist.json
(respectively packages-blacklist.json
when called with option --blacklist
),
but you can also call check-packages
with a different checklist path as
first argument, e.g.:
$ check-packages "./config/whitelisted-dev-dependencies.json" --dev
Options
| Option | Alias | Description |
|----------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| topLevelOnly
| | Checks only direct dependencies listed in the top level package.json (equivalent to depth=0
).Note: You cannot use topLevelOnly
together with depth
. |
| depth
| | Max depth of the dependency tree analysis (default: inifity).Note: You cannot use depth
together with topLevelOnly
. |
| blacklist
| black
| Interpret content of checklist as blacklist. |
| development
| dev
| Analyze the dependency tree for devDependencies. |
| production
| prod
| Analyze the dependency tree for dependencies. |
| verbose
| | Lists unallowed dependencies. |
| exitCode
| | Exit code in case of unallowed dependencies. Default: 1 |
| version
| v
| Displays the version number. |
| help
| h
| Displays the help. |
Examples
$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist
License
MIT © Christian Kühl