check-packages
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
Install
To use it in your project:
$ npm install --save-dev check-packages
To use it globally:
$ npm install --global check-packages
It requires Node.js (v6 or higher).
Usage
$ check-packages <checklist.json> [options]
Checklist JSON File
The content of the checklist file must be an array of package names (with optional semver ranges), e.g.:
[
"react",
"react-dom",
"redux@>=1.0.0-rc.0 <1.0.1",
"react-redux@^2 <2.2 || > 2.3"
]
By default check-packages
uses the checklist path packages-whitelist.json
(respectively packages-blacklist.json
when called with option --blacklist
),
but you can also call check-packages
with a different checklist path as
first argument, e.g.:
$ check-packages "./config/whitelisted-dev-dependencies.json" --dev
Options
Option | Alias | Description |
---|
topLevelOnly | | Checks only direct dependencies listed in the top level package.json (equivalent to depth=0 ). Note: You cannot use topLevelOnly together with depth . |
depth | | Max depth of the dependency tree analysis (default: inifity). Note: You cannot use depth together with topLevelOnly . |
blacklist | black | Interpret content of checklist as blacklist. |
development | dev | Analyze the dependency tree for devDependencies. |
production | prod | Analyze the dependency tree for dependencies. |
verbose | | Lists unallowed dependencies. |
exitCode | | Exit code in case of unallowed dependencies. Default: 1 |
version | v | Displays the version number. |
help | h | Displays the help. |
Examples
$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist
License
MIT © Christian Kühl