depcheck - npm Package Compare versions

Comparing version 0.4.7 to 0.5.9

package.json

 {
   "name": "depcheck",
-  "version": "0.4.7",
+  "version": "0.5.9",
   "description": "Check dependencies in your node module",
-  "main": "index",
+  "main": "dist/index.js",
   "bin": {
@@ -11,22 +11,42 @@ "depcheck": "bin/depcheck"
     "type": "git",
-    "url": "git://github.com/rumpl/depcheck.git"
+    "url": "git://github.com/lijunle/depcheck-es6.git"
   },
   "scripts": {
-    "test": "mocha test/index.js"
+    "component": "babel-node ./build/component.js > ./dist/component.json",
+    "compile": "babel --optional runtime src/ -d dist/",
+    "depcheck": "node ./bin/depcheck --ignore-bin-package=false --specials=bin,eslint",
+    "depcheck-web": "node ./bin/depcheck --ignore-bin-package=false --specials=bin,eslint --web-report",
+    "patch-version": "babel-node ./build/patch-version.js",
+    "prepublish": "npm run compile && npm run component",
+    "lint": "eslint ./src ./test ./build",
+    "test": "mocha --compilers js:babel/register ./test ./test/special",
+    "test-coverage": "babel-node ./node_modules/.bin/isparta cover node_modules/mocha/bin/_mocha -- ./test ./test/special"
   },
-  "author": "Djordje Lukic",
+  "author": [
+    "Djordje Lukic <lukic.djordje@gmail.com>",
+    "Junle Li <lijunle@gmail.com>"
+  ],
   "license": "MIT",
   "readmeFilename": "README.md",
   "dependencies": {
-    "detective": "^4.0.0",
-    "lodash": "^3.3.0",
-    "minimatch": "^2.0.1",
-    "optimist": "~0.6.0",
-    "q": "^1.0.1",
-    "walkdir": "0.0.7"
+    "babel-runtime": "^5.8.25",
+    "babylon": "^5.8.29",
+    "deps-regex": "^0.1.4",
+    "js-yaml": "^3.4.2",
+    "minimatch": "^3.0.0",
+    "request": "^2.65.0",
+    "require-package-name": "^2.0.1",
+    "walkdir": "0.0.10",
+    "yargs": "^3.26.0"
   },
   "devDependencies": {
+    "babel": "^5.8.23",
+    "babel-eslint": "^4.1.3",
+    "codecov.io": "^0.1.6",
+    "eslint": "^1.7.3",
+    "eslint-config-airbnb": "0.1.0",
+    "isparta": "^3.0.4",
     "mocha": "^2.1.0",
-    "should": "^5.0.1"
+    "should": "^7.1.0"
   }
 }

README.md

@@ -1,66 +0,89 @@
-# depcheck [![build status](https://secure.travis-ci.org/rumpl/depcheck.png)](http://travis-ci.org/rumpl/depcheck)
+# depcheck
 
-Keeping track of your dependencies is not an easy task, especially if you have a big application.
-Are you sure you are using all of the dependencies you define in your `package.json` file? One way to find out is to
-look at all your files and check which modules you are using, but that's too time consuming. Or maybe you can do a
-`grep` on all the files of your project, and then some `grep -v` to remove the junk. But that's a hassle too.
+Keeping track of your dependencies is not an easy task, especially if you have a big project. Are you sure you are using all of the dependencies you define in your `package.json` file? One way to find out is to look at all your files and check which modules you are using, but that's too time consuming. Or maybe you can do a `grep` on all the files of your project, and then some `grep -v` to remove the junk. But that's a hassle too.
 
-And that is why `depcheck` exists.
+And that is why `depcheck` exists - it's a nifty little tool that looks at your project files and scans your code in order to find any unused dependencies.
 
-It's a nifty little tool that looks at your `package.json` file and scans your code in order to find any unused
-dependencies.
+## Build Status
 
-Using grunt ? Checkout the [grunt plugin](https://github.com/rumpl/grunt-depcheck).
+[![Build Status](https://travis-ci.org/depcheck/depcheck.svg?branch=master)](https://travis-ci.org/depcheck/depcheck)
+[![Build status](https://ci.appveyor.com/api/projects/status/xbooh370dinuyi0y/branch/master?svg=true)](https://ci.appveyor.com/project/lijunle/depcheck/branch/master)
+[![codecov.io](https://codecov.io/github/depcheck/depcheck/coverage.svg?branch=master)](https://codecov.io/github/depcheck/depcheck?branch=master)
 
+[![Dependency Status](https://david-dm.org/depcheck/depcheck.svg)](https://david-dm.org/depcheck/depcheck)
+[![devDependency Status](https://david-dm.org/depcheck/depcheck/dev-status.svg)](https://david-dm.org/depcheck/depcheck#info=devDependencies)
+
 ## Installation
 
-`npm install depcheck -g`
+```
+npm install depcheck -g
+```
 
 ## Usage
 
-As easy as **depcheck [DIRECTORY]**.
+```
+depcheck [directory] [arguments]
+```
 
-Where DIRECTORY is the root directory of your application (where the package.json is).
-This will list all the unused dependencies in your code if any.
+The `directory` argument is the root directory of your project (where the `package.json` file is). It will be the current directory when not specified.
 
-### Options
+All the arguments are optional:
 
-`--no-dev` : by default `depcheck` looks at `dependencies` and `devDependencies`, this flag will tell it not to look at "devDependencies".
-`--json` : output results to JSON
+`--dev=[true|false]`: A flag indicates if depcheck looks at `devDependencies`. By default, it is `true`. It means, depcheck looks at both `dependencies` and `devDependencies`.
 
-Or, as a lib:
-```javascript
-var path = require("path");
-var depcheck = require("depcheck");
+`--ignore-bin-package=[true|false]`: A flag indicates if depcheck ignores the packages containing bin entry. The default value is `true`.
+
+`--json`: Output results to JSON. When not specified, depcheck outputs in human friendly format.
+
+`--ignores`: A comma separated array containing package names to ignore. It can be glob expressions. Example, `--ignores=eslint,babel`.
+
+`--ignores-dirs`: A comma separated array containing directory names to ignore. Example, `--ignore-dirs=dist,coverage`.
+
+`--help`: Show the help message.
+
+`--parsers`, `--detectors` and `--specials`: These arguments are for advanced usage. They provide an easy way to customize the file parser and dependency detection. Check [the pluggable design document](https://github.com/depcheck/depcheck/blob/master/doc/pluggable-design.md) for more information.
+
+## API
+
+Want to call depcheck from code? See the example:
+
+```js
+var path = require('path');
+var depcheck = require('depcheck');
+
 var options = {
-  "withoutDev": false, // Check against devDependencies too
-  "ignoreDirs": [      // Pathnames to ignore
-    "sandbox",
-    "dist",
-    "bower_components"
+  withoutDev: false, // check against devDependencies
+  ignoreBinPackage: false, // ignore the packages with bin entry
+  ignoreDirs: [ // folder with these names will be ignored
+    'sandbox',
+    'dist',
+    'bower_components'
   ],
-  "ignoreMatches": [  // Ignore dependencies that match these minimatch patterns
-    "grunt-*"
+  ignoreMatches: [ // ignore dependencies that matches these globs
+    'grunt-*'
+  ],
+  parsers: { // the target parsers
+    '*.js': depcheck.parser.es6,
+    '*.jsx': depcheck.parser.jsx
+  },
+  detectors: [ // the target detectors
+    depcheck.detector.requireCallExpression,
+    depcheck.detector.importDeclaration
+  ],
+  specials: [ // the target special parsers
+    depcheck.special.eslint,
+    depcheck.special.webpack
   ]
 };
-var root = path.resolve("some path");
 
-depcheck(root, options, function(unused) {
-  console.log(unused.dependencies);
-  console.log(unused.devDependencies);
-  console.log(unused.invalidFiles); // JS files that couldn't be parsed
+depcheck('/path/to/your/project', options, function(unused) {
+  console.log(unused.dependencies); // an array containing the unused dependencies
+  console.log(unused.devDependencies); // an array containing the unused devDependencies
+  console.log(unused.invalidFiles); // files that cannot access or parse
+  console.log(unused.invalidDirs); // directories that cannot access
 });
 ```
 
-## TODOs
-
-Well, it's more of a "What do you think guys?".
-
-There are a couple of things I would like to do if anyone is interested:
-
- - There could be false positives, we could have a white list of modules that
-you know you are using and that `depcheck` can't find in your code
-
 ## License
 
-[MIT](http://rumpl.mit-license.org)
+MIT License.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

40825

increased by39.2%

Lines of code

598

increased by169.37%

Number of lines in readme file

90

increased by34.33%

Worsened metrics

Dependency count

9

increased by50%

Dev dependency count

8

increased by300%

Number of package files

25

decreased by-37.5%

Number of low maintenance alerts

2

increased by100%

Number of low supply chain risk alerts

6

increased by100%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Addedbabel-runtime@^5.8.25

• + Addedbabylon@^5.8.29

• + Addeddeps-regex@^0.1.4

• + Addedjs-yaml@^3.4.2

• + Addedrequest@^2.65.0

• + Addedrequire-package-name@^2.0.1

• + Addedyargs@^3.26.0

• + Addedajv@6.12.6(transitive)

• + Addedansi-regex@2.1.1(transitive)

• + Addedargparse@1.0.10(transitive)

• + Addedasn1@0.2.6(transitive)

• + Addedassert-plus@1.0.0(transitive)

• + Addedasynckit@0.4.0(transitive)

• + Addedaws-sign2@0.7.0(transitive)

• + Addedaws4@1.13.2(transitive)

• + Addedbabel-runtime@5.8.38(transitive)

• + Addedbabylon@5.8.38(transitive)

• + Addedbcrypt-pbkdf@1.0.2(transitive)

• + Addedcamelcase@2.1.1(transitive)

• + Addedcaseless@0.12.0(transitive)

• + Addedcliui@3.2.0(transitive)

• + Addedcode-point-at@1.1.0(transitive)

• + Addedcombined-stream@1.0.8(transitive)

• + Addedcore-js@1.2.7(transitive)

• + Addedcore-util-is@1.0.2(transitive)

• + Addeddashdash@1.14.1(transitive)

• + Addeddecamelize@1.2.0(transitive)

• + Addeddelayed-stream@1.0.0(transitive)

• + Addeddeps-regex@0.1.4(transitive)

• + Addedecc-jsbn@0.1.2(transitive)

• + Addedesprima@4.0.1(transitive)

• + Addedextend@3.0.2(transitive)

• + Addedextsprintf@1.3.0(transitive)

• + Addedfast-deep-equal@3.1.3(transitive)

• + Addedfast-json-stable-stringify@2.1.0(transitive)

• + Addedforever-agent@0.6.1(transitive)

• + Addedform-data@2.3.3(transitive)

• + Addedgetpass@0.1.7(transitive)

• + Addedhar-schema@2.0.0(transitive)

• + Addedhar-validator@5.1.5(transitive)

• + Addedhttp-signature@1.2.0(transitive)

• + Addedinvert-kv@1.0.0(transitive)

• + Addedis-fullwidth-code-point@1.0.0(transitive)

• + Addedis-typedarray@1.0.0(transitive)

• + Addedisstream@0.1.2(transitive)

• + Addedjs-yaml@3.14.1(transitive)

• + Addedjsbn@0.1.1(transitive)

• + Addedjson-schema@0.4.0(transitive)

• + Addedjson-schema-traverse@0.4.1(transitive)

• + Addedjson-stringify-safe@5.0.1(transitive)

• + Addedjsprim@1.4.2(transitive)

• + Addedlcid@1.0.0(transitive)

• + Addedmime-db@1.52.0(transitive)

• + Addedmime-types@2.1.35(transitive)

• + Addedminimatch@3.1.2(transitive)

• + Addednumber-is-nan@1.0.1(transitive)

• + Addedoauth-sign@0.9.0(transitive)

• + Addedos-locale@1.4.0(transitive)

• + Addedperformance-now@2.1.0(transitive)

• + Addedpsl@1.15.0(transitive)

• + Addedpunycode@2.3.1(transitive)

• + Addedqs@6.5.3(transitive)

• + Addedrequest@2.88.2(transitive)

• + Addedrequire-package-name@2.0.1(transitive)

• + Addedsafe-buffer@5.2.1(transitive)

• + Addedsafer-buffer@2.1.2(transitive)

• + Addedsprintf-js@1.0.3(transitive)

• + Addedsshpk@1.18.0(transitive)

• + Addedstring-width@1.0.2(transitive)

• + Addedstrip-ansi@3.0.1(transitive)

• + Addedtough-cookie@2.5.0(transitive)

• + Addedtunnel-agent@0.6.0(transitive)

• + Addedtweetnacl@0.14.5(transitive)

• + Addeduri-js@4.4.1(transitive)

• + Addeduuid@3.4.0(transitive)

• + Addedverror@1.10.0(transitive)

• + Addedwalkdir@0.0.10(transitive)

• + Addedwindow-size@0.1.4(transitive)

• + Addedwrap-ansi@2.1.0(transitive)

• + Addedy18n@3.2.2(transitive)

• + Addedyargs@3.32.0(transitive)

• - Removeddetective@^4.0.0

• - Removedlodash@^3.3.0

• - Removedoptimist@~0.6.0

• - Removedq@^1.0.1

• - Removedacorn@5.7.4(transitive)

• - Removeddefined@1.0.1(transitive)

• - Removeddetective@4.7.1(transitive)

• - Removedlodash@3.10.1(transitive)

• - Removedminimatch@2.0.10(transitive)

• - Removedminimist@0.0.10(transitive)

• - Removedoptimist@0.6.1(transitive)

• - Removedq@1.5.1(transitive)

• - Removedwalkdir@0.0.7(transitive)

• - Removedwordwrap@0.0.3(transitive)

• Updatedminimatch@^3.0.0

• Updatedwalkdir@0.0.10