Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details →

Book a Demo Install Sign in

@vltpkg/query

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@vltpkg/query

Query syntax parser that retrieves items from a graph

latest

Source

npm

Version: 1.0.0-rc.18

Version published: last week

Weekly downloads: 203

Maintainers: 6

Weekly downloads

Created: last year

Source

query

@vltpkg/query

The vlt query syntax engine.

Usage · Examples

Usage

import { Query } from '@vltpkg/query'

const query = new Query({ nodes, specOptions, securityArchive })
const res = await query.search(':root > *')

Examples

Querying against an ideal/virtual graph

import { ideal } from '@vltpkg/graph'
import { Query } from '@vltpkg/query'
import { PackageJson } from '@vltpkg/package-json'
const signal = new AbortController().signal
const projectRoot = process.cwd()
const packageJson = new PackageJson()
const graph = await ideal.build({ projectRoot, packageJson })
const query = new Query({ graph })
const res = await query.search(':root > *', { signal })

Querying against a local `node_modules` folder

import { actual } from '@vltpkg/graph'
import { Query } from '@vltpkg/query'
import { PackageJson } from '@vltpkg/package-json'
import { PathScurry } from 'path-scurry'
const signal = new AbortController().signal
const projectRoot = process.cwd()
const scurry = new PathScurry(projectRoot)
const packageJson = new PackageJson()
const graph = await actual.load({ projectRoot, packageJson, scurry })
const query = new Query({ graph })
const res = await query.search(':root > *', { signal })

Querying against a lockfile

import { lockfile } from '@vltpkg/graph'
import { Query } from '@vltpkg/query'
const signal = new AbortController().signal
const projectRoot = process.cwd()
const graph = await lockfile.load({
  mainManifest: 'package.json',
  projectRoot,
})
const query = new Query({ graph })
const res = await query.search(':root > *', { signal })

FAQs

What is @vltpkg/query?

Is @vltpkg/query popular?

Is @vltpkg/query well maintained?

Package last updated on 04 Feb 2026

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@vltpkg/query

@vltpkg/query

Usage

Examples

Querying against an ideal/virtual graph

Querying against a local node_modules folder

Querying against a lockfile

Related posts

OpenClaw Skill Marketplace Emerges as Active Malware Vector

The Next Open Source Security Race: Triage at Machine Speed

Querying against a local `node_modules` folder