Code Monkey home page Code Monkey logo

dependency-check's Introduction

dependency-check

checks which modules you have used in your code and then makes sure they are listed as dependencies in your package.json, or vice-versa

dat Travis

js-standard-style

how it works

dependency-check parses your module code starting from the default entry files (e.g. index.js or main and any bin commands defined in package.json) and traverses through all relatively required JS files, ultimately producing a list of non-relative modules

  • relative - e.g. require('./a-relative-file.js'), if one of these are encountered the required file will be recursively parsed by the dependency-check algorithm
  • non-relative - e.g. require('a-module'), if one of these are encountered it will get added to the list of dependencies, but subdependencies of the module will not get recursively parsed

the goal of this module is to simply check that all non-relative modules that get require()'d are in package.json, which prevents people from getting 'module not found' errors when they install your module that has missing deps which was accidentally published to NPM (happened to me all the time, hence the impetus to write this module).

CLI usage

$ npm install dependency-check -g
$ dependency-check <package.json file or module folder path>

# e.g.

$ dependency-check ./package.json
Success! All dependencies used in the code are listed in package.json
$ dependency-check ./package.json --unused
Success! All dependencies in package.json are used in the code

dependency-check exits with code 1 if there are discrepancies, in addition to printing them out

To always exit with code 0 pass --ignore

--missing (default)

running dependency-check ./package.json will check to make sure that all modules in your code are listed in your package.json

--unused, --extra

running dependency-check ./package.json --unused will do the inverse of the default missing check and will tell you which modules in your package.json dependencies were not used in your code

--no-dev

running dependency-check ./package.json --unused --no-dev will not tell you if any devDependencies in your package.json were not used in your code. Only usable with --unused

--ignore-module, -i

running dependency-check ./package.json --unused --ignore-module foo will not tell you if the foo module was not used in your code. You can specify as many separate --ignore-module arguments as you want. Only usable with --unused

--entry

by default your main and bin entries from package.json will be parsed, but you can add more the list of entries by passing them in as --entry, e.g.:

dependency-check package.json --entry tests.js

in the above example tests.js will get added to the entries that get parsed + checked in addition to the defaults. You can specify as many separate --entry arguments as you want

--no-default-entries

running dependency-check package.json --no-default-entries --entry tests.js won't parse any entries other than tests.js. None of the entries from your package.json main and bin will be parsed

--help

shows above options and all other available options

auto check before every npm publish

add this to your .bash_profile/.bashrc

# originally from https://gist.github.com/mafintosh/405048d304fbabb830b2
npm () {
  ([ "$1" != "publish" ] || dependency-check .) && command npm "$@"
}

now when you do npm publish and you have missing dependencies it won't publish, e.g.:

$ npm publish
Fail! Dependencies not listed in package.json: siblings
$ npm install --save siblings
$ npm publish # works this time

grunt usage

dependency-check also contains a small grunt task to ease integration into existing grunt setups

install dependency-check as a development dependency:

$ npm install dependency-check --save-dev

then load the task:

grunt.loadNpmTasks('dependency-check');

then configure a task or sub-task, example values are the defaults:

'dependency-check': {
  files: ['lib/**/*.js'],     // required grunt attribute, same as --entry
  options: {
    missing: true,            // same as --missing
    unused: true,             // same as --unused
    excludeUnusedDev: false,  // same as --no-dev
    noDefaultEntries: true,   // same as --no-default-entries
    ignoreUnused: [],         // same as --ignore-module
    package: '.'              // package.json file or module folder path
  }
}

protips

  • detective is used for parsing require() statements, which means it only does static requires. this means you should convert things like var foo = "bar"; require(foo) to be static, e.g. require("bar")
  • you can specify as many entry points as you like with multiple --entry foo.js arguments

dependency-check's People

Contributors

jasonpincin avatar jxson avatar mafintosh avatar matiassingers avatar mauricebutler avatar max-mapper avatar parshap avatar richardlitt avatar rvagg avatar voxpelli avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.