Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
@namchee/dependent
Advanced tools
Simple utility CLI tool to analyze which files are using a Node dependency π
Dependent is a simple utility CLI to find out which files in your NodeJS-based projects are using a certain dependency. π
dependent
is able to parse files with the following extensions:
.js
.cjs
.mjs
.ts
More language support are incoming! Submit your language support ideas here
Want to help dependent
to be able to parse your favorite files? Submit a pull request
You can install dependent
globally with your favorite package manager. Below is the example of installation with npm
.
npm install -g @namchee/dependent
Make sure that you have a working NodeJS installation! Refer to this instruction about how to setup NodeJS on your machine
dependent
can be executed by your favorite terminal by executing dependent
or deps
and supplying the name of the package that you want to analyze. For example:
# Which files that requires `express` in my project?
dependent express
By default, dependent
will try to parse all supported files - except node_modules
- in your project directory. To configure dependent
to only scan specific files, dependent
accepts an extra argument called files
which is a list of glob patterns that you want to analyze. For example
# Only analyze TypeScript files in the `src` directory
dependent express src/**/*.ts
After the command is given, dependent
will produce a list of dependant files in your terminal. For example
β Analysis completed successfully
π¦ There are 17 files in this project that depends on 'phaser'
βββ index.ts:1 β src/index.ts
βββ cherry.ts:1 β src/objects/cherry.ts
βββ flyer.ts:1 β src/objects/flyer.ts
βββ mushroom.ts:1 β src/objects/mushroom.ts
βββ player.ts:1 β src/objects/player.ts
βββ saw.ts:1 β src/objects/saw.ts
βββ spike.ts:1 β src/objects/spike.ts
βββ trophy.ts:1 β src/objects/trophy.ts
βββ game.ts:1 β src/scenes/game.ts
βββ pause.ts:1 β src/scenes/pause.ts
βββ preload.ts:1 β src/scenes/preload.ts
βββ result.ts:1 β src/scenes/result.ts
βββ splash.ts:1 β src/scenes/splash.ts
βββ title.ts:1 β src/scenes/title.ts
βββ assets.ts:1 β src/utils/assets.ts
βββ background.ts:1 β src/utils/background.ts
βββ ui.ts:1 β src/utils/ui.ts
Congratulation, you've used dependent
successfully! π
package
string
Dependency name to be analyzed. Must be defined in package.json
and installed in node_modules
.
files
string[]
A list of glob patterns that specifies the directories to be analyzed. Space separated.
For example, the argument below will make dependent
to analyze all JavaScript files that dependes on express
in src
and lib
directory.
dependent express src/**/*.js lib/**/*.js
--help
, -h
Show the help menu
--module
, -m
Parse all JavaScript files as ES Modules. May not be defined at the same time with require
. All require
calls will still be supported in this mode.
--require
, -r
Parse all JavaScript files as scripts, which only supports dependency imports with require
. All import
statement will be classified as error if require
is defined.
May not be defined at the same time with require
.
--silent
, -s
Suppress all parsing errors.
--table
, -t
Outputs the result in table-style format.
module
and require
are not defined, how does dependent
handle dependency imports?By default, dependent
will take a look on your package.json
. If "type": "module"
is defined, all JavaScript files will be parsed as ES Modules. Otherwise, it will be parsed as CommonJS scripts.
.cjs
will always be parsed as CommonJS scripts while .mjs
will always be parsed as ES Modules.
It's Friday! Since tomorrow is free, you want to finish your work as soon as possible and enjoy your temporary holiday.After some refactoring, you realized package x
is not used anymore in the files your refactored in your NodeJS based project. Realizing this, you proceed to execute npm uninstall x
and then the uninstallation completed successfully.
Sadly, you don't realize that x
is actually imported by another files that you didn't touch at all. Your project now breaks by your careless mistake π₯.
The above scenario is fine for small projects since they are easier to test and execute (and compile, if you're using a superset of JavaScript). But, what about big projects where it took so long to execute and compile? What about dynamic imports in not-fully-tested projects where the code may fail silently? What if there's a new team member who want to get onboard quickly but getting stuck on understanding why and where a dependency is needed?
This utility aims to fix those issues by automatically analyzing dependency usage in your projects and produce human-readable logs. Focus on your actual code, not on your dependency management. Let dependent
analyze what dependency is actually needed and what isn't.
This project is licensed under the MIT License.
FAQs
Simple utility CLI tool to analyze which files are using a Node dependency π
The npm package @namchee/dependent receives a total of 0 weekly downloads. As such, @namchee/dependent popularity was classified as not popular.
We found that @namchee/dependent demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.Β It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISAβs 2024 report highlights the EUβs top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.