check-packages
Advanced tools
Readme
Checks the dependencies inside package.json against a list of allowed/forbidden packages.
To use it in your project:
$ npm install --save-dev check-packages
To use it globally:
$ npm install --global check-packages
It requires Node.js (v6 or higher).
$ check-packages <checklist.json> [options]
The content of the checklist file must be an array of package names, e.g.:
[ "react", "react-dom", "redux", "react-redux" ]
By default check-packages uses the checklist path packages-whitelist.json (respectively packages-blacklist.json when called with option --blacklist),
but you can also call check-packages with a different checklist path as first argument, e.g.:
$ check-packages "./config/whitelisted-dev-dependencies.json" --dev
| Option | Alias | Description |
|---|---|---|---|
| --topLevelOnly || Checks only direct dependencies listed in the top level package.json (equivalent to --depth=0).
Note: You cannot use --topLevelOnly together with --depth. |
| --depth || Max depth of the dependency tree analysis (default: inifity).
Note: You cannot use --depth together with --topLevelOnly. |
| --blacklist | -black | Interpret content of checklist as blacklist. |
| --development | -dev | Analyze the dependency tree for devDependencies. |
| --production | -prod | Analyze the dependency tree for dependencies. |
| --verbose || Lists unallowed dependencies. |
| --version | -v | Displays the version number. |
| --help | -h | Displays the help. |
$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist
MIT © Christian Kühl
FAQs
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
The npm package check-packages receives a total of 2,218 weekly downloads. As such, check-packages popularity was classified as popular.
We found that check-packages demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.