dep-validate
Advanced tools
dep-validate is a tool used to verify the ranges on your npm dependencies. It can be used from the command line, from JavaScript, or from Gulp. It's available on npm, so just install it via:
# for gulp/node usage
$ npm install --save-dev dep-validate
# for command line usage
$ npm install -g dep-validate
Super easy, it's just the same interface as the JavaScript library (read up).
$ dep-validate --dependencies '~' --devDependencies '^' --exclude pkg1 --exclude pkg2 --hardcoded=allow --only production --only development --packageFile ./package.json
The exit code will be a 1 in case of error, with a chart displaying errors. It'll be 0 on success with no output.
You can use the JavaScript library either directly in Node.js or via Gulp:
All options are shown below and are the defaults (so they're used if not provided). The only exception is file, which will resolve the current package.json (by reading upwards in directory).
var dv = require('dep-validate');
// available options
var opts = {
dependencies: '~', // the range to enforce on all "dependencies"
devDependencies: '^', // the range to enforce on all "devDependencies"
exluded: [ 'my-package' ], // packages to exclude from validation
hardcoded: 'allow|force', // allow or force hardcoded versions
packageFile: './package.json', // the package.json file to read and validate
only: [ 'production', 'development' ] // only check prod/dev dependencies
}
// `validate()` results a results object
var results = dv.validate(opts);
// which can be printed using `log()`
if (dv.hasErrors(results)) {
dv.log(results);
}
// or use `pipe()` for a callback-style interface (it's still synchronous)
dv.pipe(opts, function (err) {
// err contains a `meta` field containing information about failures
// you can either inspect this manually, or log the entire error using `log(err)`
})
var dv = require('dep-validate');
var gulp = require('gulp');
gulp.task('deps:validate', function () {
gulp.src('./package.json', { read: false })
.pipe(dv.gulp());
})
In addition to the options accepted by the JavaScript interface, .gulp() can also accept a failOnError option which will cause your Gulp task to cause an error if your dependencies do not satisfy your rules.
FAQs
Dependency verification for npm packages with Gulp support
The npm package dep-validate receives a total of 37 weekly downloads. As such, dep-validate popularity was classified as not popular.
We found that dep-validate demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
New research reveals that LLMs often fake understanding, passing benchmarks but failing to apply concepts or stay internally consistent.
Security News
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
Security News
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.