dependency-auditor

dependency-auditor

Fast, lightweight dependency scanner for Node.js projects. Scans local folders or GitHub repos and reports outdated packages. Supports JSON/Markdown output and private repos with tokens.

Repository: mallvirus/dependency-auditor

Quick start

Global install and run:

npm install -g dependency-auditor

# Show JSON in the terminal
dependency-auditor https://github.com/owner/repo --format json

Local usage:

npm install
npm start              # scans current folder
npm run scan -- https://github.com/owner/repo

Include devDependencies or everything (JavaScript):

dependency-auditor https://github.com/owner/repo --dev --format json
dependency-auditor https://github.com/owner/repo --all --format json

Strict mode (flag even when range satisfies latest):

dependency-auditor https://github.com/owner/repo --all --strict --format json

Python, Java, Ruby, C#, Go:

# Python only (requirements*.txt / pyproject.toml)
dependency-auditor https://github.com/owner/python-repo --lang py --format json

# Java only (pom.xml / Gradle)
dependency-auditor https://github.com/owner/java-repo --lang java --format json

# Ruby only (Gemfile)
dependency-auditor https://github.com/owner/ruby-repo --lang rb --format json

# C# only (.csproj)
dependency-auditor https://github.com/owner/csharp-repo --lang cs --format json

# Go only (go.mod)
dependency-auditor https://github.com/owner/go-repo --lang go --format json

Programmatic:

const { runCli } = require('./src/index');

(async () => {
  await runCli(['https://github.com/owner/repo', '--all', '--format', 'json', '--out', './outdated.json']);
})();

Features

• Reads package.json from local path or GitHub URL
• Checks against npm registry latest versions
• Sections: dependencies, devDependencies, peerDependencies, optionalDependencies
• Outputs: console (default), JSON (--format json), Markdown (--format md)
• Private GitHub repos via GITHUB_TOKEN or GH_TOKEN

CLI usage

dep-scan <path-or-github-url> [--lang auto|js|py|java] [--dev] [--peer] [--optional] [--all] \
  [--strict] [--format console|json|md] [--out path]

• --dev: include devDependencies
• --peer: include peerDependencies
• --optional: include optionalDependencies
• --all: include all sections
• --strict: mark as outdated unless exactly equal to latest
• --format: output type (default: console)
• --out: output file for json/md
• --lang: choose which ecosystems to scan (default: auto)

Examples:

# Console, include dev deps
npm run scan -- . --dev

# All sections, JSON report
npm run scan -- . --all --format json --out ./outdated.json

# Markdown report for a GitHub repo
npm run scan -- https://github.com/owner/repo --format md --out ./report.md

Public & private repos

Public GitHub:

npm run scan -- https://github.com/owner/repo

Private GitHub (set a token first):

export GITHUB_TOKEN=YOUR_TOKEN   # or: export GH_TOKEN=YOUR_TOKEN
npm run scan -- https://github.com/owner/private-repo

Local folder:

npm run scan -- /absolute/path/to/repo

Tip: If globally linked/published:

dep-scan <path-or-github-url>
# or
npx dep-scan <path-or-github-url>

How it works

• Resolve repo (local path or GitHub tarball)
• Read package.json
• Fetch latest versions from npm
• Compare with requested ranges
• Print console or write JSON/Markdown

License

MIT