npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

eslint-plugin-allowed-dependencies

v1.0.1

Published

ESLint plugin Allowed Dependencies

Downloads

1,192

Readme

ESLint plugin Allowed Dependencies

Coverage Status License npm release downloads

ESLint plugin for restricting imports to package dependency categories. Suggested to be used for source code, to prevent importing packages that are not present in the distribution.

The plugin distinguishes between production dependencies, mandatory and optional peers in your package.json. The import syntax also matters: regular import or import type (excluded from distributable javascript code).

Demo

// package.json
{
  "dependencies": { "express-zod-api": "^20" },
  "devDependencies": { "typescript": "^5" },
  "peerDependencies": { "prettier": "^3" },
  "peerDependenciesMeta": { "prettier": { "optional": true } },
}
// src/index.ts
import { createServer } from "express-zod-api"; // OK
import { join } from "node:fs"; // OK
import { helper } from "./tools"; // OK
import { factory } from "typescript"; // Error: Importing typescript is not allowed.
import { format } from "prettier"; // Error: Only 'import type' syntax is allowed for prettier.

Relationships and differences

  • Unlike @typescript-eslint/no-restricted-imports rule, it allows you to configure what can be imported, and not what cannot, and not specifically, but by category.
  • Unlike no-extraneous-dependencies of eslint-plugin-import plugin, it supports ESLint 9 and its flat config.
  • Unlike same rule of eslint-plugin-import-x plugin, it does not require to install a typescript resolver to operate.

Quick start

Requirements

  • Node.js ^18.18.0 || ^20.9.0 || ^22.0.0
  • eslint@^9.0.0
  • typescript-eslint@^8.0.0

Installation

yarn add --dev eslint-plugin-allowed-dependencies

Setup

// eslint.config.js or .mjs if you're developing in CommonJS environment
import jsPlugin from "@eslint/js";
import tsPlugin from "typescript-eslint";
import allowedDepsPlugin from "eslint-plugin-allowed-dependencies";

export default [
  {
    plugins: {
      allowed: allowedDepsPlugin,
    },
  },
  jsPlugin.configs.recommended,
  ...tsPlugin.configs.recommended,
  // For the sources:
  {
    files: ["src/**/*.ts"], // implies that "src" only contains the sources
    rules: {
      "allowed/dependencies": "error",
    },
  },
  // In case "src" also contains tests:
  // {
  //  files: ["src/**/*.spec.ts"], // exclude test files
  //  rules: { "allowed/dependencies": "off" },
  // },
];

Configuration

Options

Supply the options this way:

{
  rules: {
    "allowed/dependencies": [
      "error", // these are defaults:
      {
        packageDir: ".",
        production: true,
        requiredPeers: true,
        optionalPeers: "typeOnly",
        typeOnly: [],
        ignore: ["^\\.", "^node:"],
      },
    ],
  },
}

By default, the plugin is configured for checking the source code based on the package.json located in the current working directory of the ESLint process. Production dependencies and mandatory peers are allowed to import, but optional peers are allowed to be imported only as types.

packageDir:
  description: The path having your package.json
  type: string
  default: ctx.cwd # ESLint process.cwd()

production:
  description: Allow importing the packages listed in manifest.dependencies
  type:
    - boolean
    - "typeOnly"
  default: true

requiredPeers:
  description: Allow importing the non-optional packages listed in manifest.peerDependencies
  type:
    - boolean
    - "typeOnly"
  default: true

optionalPeers:
  description: Allow importing the packages marked as optional in manifest.peerDependenciesMeta
  type:
    - boolean
    - "typeOnly"
  default: "typeOnly"

typeOnly:
  description: Extra packages to allow type only imports
  type: string[]
  default: []

ignore:
  description: List of patterns to ignore in the import statements
  type: string[]
  default:
    - "^\\." # relative paths (starts with a dot)
    - "^node:" # built-in modules (prefixed with "node:")

packageDir option

If you're using workspaces or somehow running ESLint from different locations, you'd need an absolute path:

// for CommonJS:
const options = {
  packageDir: __dirname,
};
// for ESM:
import { fileURLToPath } from "node:url";
import { dirname } from "node:path";

const options = {
  packageDir: dirname(fileURLToPath(import.meta.url)),
};