check-packages
Checks the dependencies inside package.json against a list
of allowed/forbidden packages.
Install
To use it in your project:
$ npm install --save-dev check-packages
To use it globally:
$ npm install --global check-packages
It requires Node.js (v6 or higher).
Usage
$ check-packages <checklist.json> [options]
Checklist JSON File
The content of the checklist file must be an array of package names, e.g.:
[ "react", "react-dom", "redux", "react-redux" ]
By default check-packages
uses the checklist path packages-whitelist.json
(respectively packages-blacklist.json
when called with option --blacklist
),
but you can also call check-packages
with a different checklist path as first argument, e.g.:
$ check-packages "./config/whitelisted-dev-dependencies.json" --dev
Options
| Option | Alias | Description |
|---|---|---|---|
| --topLevelOnly || Checks only direct dependencies listed in the top level package.json (equivalent to --depth=0).
Note: You cannot use --topLevelOnly
together with --depth
. |
| --depth || Max depth of the dependency tree analysis (default: inifity).
Note: You cannot use --depth
together with --topLevelOnly
. |
| --blacklist | -black | Interpret content of checklist as blacklist. |
| --development | -dev | Analyze the dependency tree for devDependencies. |
| --production | -prod | Analyze the dependency tree for dependencies. |
| --verbose || Lists unallowed dependencies. |
| --version | -v | Displays the version number. |
| --help | -h | Displays the help. |
Examples
$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist
License
MIT © Christian Kühl