@vltpkg/graph
Advanced tools
This is the graph library responsible for representing the packages that are involved in a given install.
actual.load({ projectRoot: string }): GraphRecursively loads the node_modules folder found at projectRoot in
order to create a graph representation of the current installed
packages.
async ideal.build({ projectRoot: string }): Promise<Graph>This method returns a new Graph object, reading from the
package.json file located at projectRoot dir and building up the
graph representation of nodes and edges from the files read from the
local file system.
lockfile.load({ mainManifest: Manifest, projectRoot: string }): GraphLoads the lockfile file found at projectRoot and returns the graph.
Here's a quick example of how to use the @vltpkg/graph.ideal.build
method to build a graph representation of the install defined at the
projectRoot directory.
import { ideal } from '@vltpkg/graph'
const graph = await ideal.build({ projectRoot: process.cwd() })
FAQs
A library that helps understanding & expressing what happens on an install
The npm package @vltpkg/graph receives a total of 26 weekly downloads. As such, @vltpkg/graph popularity was classified as not popular.
We found that @vltpkg/graph demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
OpenVSX releases of Aqua Trivy 1.8.12 and 1.8.13 contained injected natural-language prompts that abuse local AI coding agents for system inspection and potential data exfiltration.
Security News
minimatch patched three high-severity ReDoS vulnerabilities that can stall the Node.js event loop, and Socket has released free certified patches.
Research
/Security News
Socket uncovered 26 malicious npm packages tied to North Korea's Contagious Interview campaign, retrieving a live 9-module infostealer and RAT from the adversary's C2.