@h4ad/dependency-extractor
Advanced tools
Retrieves the (flat) list of package dependencies from the package manager lock file.
Currently, we support these package managers:
First, install the library with:
npm i @h4ad/dependency-extractor
Then, you need to read and parse the package-lock.json:
import { NpmExtractor } from '@h4ad/dependency-extractor';
import { readFileSync } from 'fs';
const extractor = new NpmExtractor();
const packageLock = readFileSync('package-lock.json').toString('utf-8');
const dependencyContainer = extractor.parse(packageLock);
Then, you can use the information collected from your dependencies with:
const allDependencies = dependencyContainer.getAllDependencies();
const productionDependencies = dependencyContainer.getProductionDependencies();
const developmentDependencies = dependencyContainer.getDevelopmentDependencies();
const peerDependencies = dependencyContainer.getPeerDependencies();
const optionalDependencies = dependencyContainer.getOptionalDependencies();
const firstDependency = allDependencies[0];
console.log(firstDependency.name);
console.log(firstDependency.version);
console.log(firstDependency.isProduction);
console.log(firstDependency.isDevelopment);
console.log(firstDependency.isOptional);
console.log(firstDependency.isPeer);
This library was based on npm-dependencies-extractor.
FAQs
🚀 Dependency Extractor
The npm package @h4ad/dependency-extractor receives a total of 10 weekly downloads. As such, @h4ad/dependency-extractor popularity was classified as not popular.
We found that @h4ad/dependency-extractor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.