Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem - Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
@rushstack/package-deps-hash
Advanced tools
@rushstack/package-deps-hash
The `package-deps-hash` library generates a JSON object containing the git hashes of all files used to produce a given package. This is useful for scenarios where you want to define a "change receipt" file to be published with a package. The [Rush](http
@rushstack/package-deps-hash
The package-deps-hash library generates a JSON object containing the git hashes of all files used to produce
a given package. This is useful for scenarios where you want to define a "change receipt" file to be published
with a package. The Rush tool uses this library to implement incremental build detection.
Only files in a git repo that are not in .gitignore will be considered in building the hash. The file content and the current state of the package can be compared then to determine whether the package needs to be rebuilt.
Internally it uses the GIT hashes to derive the hashes for package content. This allows the process to leverage Git's hash optimizations, as opposed to creating a more elaborate diffing scheme.
NOTE: Git is required to be accessible in the command line path.
Usage
let _ = require('lodash');
let { getPackageDeps } = require('@rushstack/package-deps-hash');
// Gets the current deps object for the current working directory
let deps = getPackageDeps();
let existingDeps = JSON.parse(fs.readFileSync('package-deps.json'));
if (_.isEqual(deps, existingDeps)) {
// Skip re-building package.
} else {
// Rebuild package.
}
Links
- CHANGELOG.md - Find out what's new in the latest version
- API Reference
@rushstack/package-deps-hash is part of the Rush Stack family of projects.
Other packages similar to @rushstack/package-deps-hash
hasha
hasha is a package for hashing files and strings using various algorithms. It is more general-purpose compared to @rushstack/package-deps-hash, which is specifically designed for hashing package dependencies.
crypto
crypto is a built-in Node.js module that provides cryptographic functionality, including hashing. While it can be used to hash files and strings, it does not provide the same level of convenience for hashing package dependencies as @rushstack/package-deps-hash.
webpack
webpack is a module bundler that includes functionality for hashing the contents of bundles. While it can be used to achieve similar goals, it is a much larger and more complex tool compared to @rushstack/package-deps-hash.
FAQs
The `package-deps-hash` library generates a JSON object containing the git hashes of all files used to produce a given package. This is useful for scenarios where you want to define a "change receipt" file to be published with a package. The [Rush](http
The npm package @rushstack/package-deps-hash receives a total of 388,666 weekly downloads. As such, @rushstack/package-deps-hash popularity was classified as popular.
We found that @rushstack/package-deps-hash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 24 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding - Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt - Nov 20, 2025