Launch Week Day 2: Introducing Reports: An Extensible Reporting Framework for Socket Data.Learn More
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@11ty/dependency-tree-esm

Package Overview
Dependencies
Maintainers
2
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@11ty/dependency-tree-esm

Finds all JavaScript ES Module dependencies from a filename.

latest
Source
npmnpm
Version
2.0.4
Version published
Weekly downloads
115K
0.94%
Maintainers
2
Weekly downloads
 
Created
Source

dependency-tree-esm

Returns an unordered array of local paths to dependencies of a Node ES module JavaScript file.

  • See also: dependency-tree for the CommonJS version.

This is used by Eleventy to find dependencies of a JavaScript file to watch for changes to re-run Eleventy’s build.

Installation

npm install --save-dev @11ty/dependency-tree-esm

Features

  • Ignores bare specifiers (e.g. import "my-package")
  • Ignores Node’s built-ins (e.g. import "path")
  • Handles circular dependencies
  • Returns an empty set if the file does not exist.

Usage

// my-file.js

// if my-local-dependency.js has dependencies, it will include those too
import "./my-local-dependency.js";


// ignored, is a built-in
import path from "path";

import { find } from "@11ty/dependency-tree-esm";
// CommonJS is fine too
// const { find } = require("@11ty/dependency-tree-esm");

await find("./my-file.js");
// returns ["./my-local-dependency.js"]

Return a dependency-graph instance:

import { findGraph } from "@11ty/dependency-tree-esm";
// CommonJS is fine too
// const { find } = require("@11ty/dependency-tree-esm");

(await findGraph("./my-file.js")).overallOrder();
// returns ["./my-local-dependency.js", "./my-file.js"]

FAQs

Package last updated on 19 Dec 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Research

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.

By Socket Research Team  -  Apr 22, 2026
Socket for Jira Is Now Available

Product

Socket for Jira Is Now Available

Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.

By Jeppe Hasseriis  -  Apr 20, 2026