npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

npm-dependencies-extractor

v0.1.0

Published

Retrieves the (flat) list of package dependencies for Javascript projects using npm

Downloads

102

Readme

Build Status

npm-dependencies-extractor

This is a CLI package that provides a command extract-dependencies to extract the flat list of (all installed) dependencies from a package-lock.json file (or another file with the same structure of your choice. If you want, instead of the package-lock.json, you may specify as input file the JSON file generated by the npm command to list json dependencies, such as:

npm list --json > inputFile.json

or, if you only want to see the production dependencies, generate the input as:

npm list --json --prod > inputFile.json 

Why the need to create npm-dependencies-extractor? The dependencies information as output by the package-lock.json or the npm list command is verbose, and requires some processing if you simply want to retrieve a (flat) list of your dependencies. Also, package-lock.json may contain more times a dependency that is present in different branches of the dependency tree.

When there is no dependency in your input file, the script exits after notifying the user. When your input does have dependencies, npm-dependencies-extractor generates, from your input, the flat list of dependencies, in two formats. The first output format is a js file containing the array of dependencies formatted as JSON objects (with keys name and version), with no nesting, like:

    [
        { ‘name’: ‘dependencyName_A’, ‘version’: ‘0.0.1’},
        { ‘name’: ‘dependencyName_B’, ‘version’: ‘2.0.0’},
        { ‘name’: ‘dependencyName_B’, ‘version’: ‘2.0.1’}
    ]

The second output format is a txt file containing an array of dependencies, one per line, formatted as name@version, like:

  [email protected]
  [email protected]
  [email protected]

Status

0.0.6, see CHANGELOG.md

Technology stack

  • Javascript
  • This software is intended to be used standalone, as a command-line tool

Prerequisites

  • you should have Node installed (this script was tested with node v8.12.0)

  • make sure you do not have a fixed depth configured in npm, so that npm install or npm list returns all dependencies (dependencies at all levels of depth).

npm config get depth

If something else than Infinity is returned, then remove the depth limitation by:

npm config delete depth
  • you should create the input json with dependencies by either: (generates package-lock.json, with both dev and prod dependencies:)
npm install

or (generates a file similar to the structure of package-lock.json, but you may control whether to only contain dev or prod dependencies:)

npm list --json --prod > inputFile.json
  • The following encodings of the input file are supported: utf8, utf16le. If the input file does not have a header containing the byte order mark, then you need to provide the encoding parameter, else the encoding is assumed to be utf8.

Installation

Install globally:

npm install -g npm-dependencies-extractor

Or you could use it without installing by running:

npx npm-dependencies-extractor [options]

Usage

extract-dependencies [options]

Supported options:

| Flag | Alias | Functionality | ------------------ |:-----:| ------------------------------------- | --input [filename] | -i | Filename of the package-lock.json file to extract dependencies from. Default value: package-lock.json | --encoding | -e | (optional) Encoding of the input file. Allowed values: utf8, utf16le. | --optionals | -io | (optional) include optional dependencies | --devdependencies | -d | (optional) ignore dev dependencies | --output [filename]| -o | Js filename to which the flat list of dependencies is written. If the file already exists, it will be overwritten. Default value: dependencies.js. One more representation of the flat dependencies is generated, in the form of text (as .txt) | --verbose | | Verbose output of commands and errors | --help | -h | Display help for command

Sample usage

npm run extract-dependencies -- -i ./test-data/input-with-optionals/package-lock-with-2-mandatory-dependencies.json --verbose

Usage scenarios

Scenario 1: You run the npm-dependencies-extractor's command without adding it as a dependency to your project

From the installation folder of npm-dependencies-extractor, run:

npm run extract-dependencies -- [options]

or, if you don't want to install it, run:

npx npm-dependencies-extractor [options]

or, if you don't want to install it from github master, run:

npx github:philips-software/npm-dependencies-extractor [options]

Scenario 2: You include the npm-dependencies-extractor as a dependency of your project, and call its command in your project's scripts, by:

extract-dependencies [options] 

FAQ

Question: I get an 'Unexpected token' error when my input JSON file is read; why?

Answer: This is most likely caused because your file is encoded in a format not supported yet, or because your file format is supported but its header does not contain a byte order mark (BOM) to describe its encoding. In the latter case, please provide to the script the encoding known by you by means of an additional parameter, like: --encoding <encodingOfTheInputFile>.

Currenlty supported values for encoding are: utf8, utf16le

Owners

See CODEOWNERS

Maintainers

See MAINTAINERS.md

Contributing

See CONTRIBUTING.md

License

See LICENSE.md

Author

Sanda Contiu

Keywords

  • dependencies
  • npm
  • sbom
  • software bill of material
  • flat list
  • extract
  • retrieve
  • dependencies flat list
  • extract dependencies
  • list dependencies