dependency-cruiser
Advanced tools
dependency-cruiser is a tool to analyze and visualize the dependencies in your JavaScript and TypeScript projects. It helps you understand the structure of your codebase, identify potential issues, and enforce architectural rules.
Dependency Graph Generation
Generates a dependency graph for the specified source directory. This helps in visualizing the dependencies between different modules in your project.
const depCruiser = require('dependency-cruiser');
const result = depCruiser.cruise(['src']);
console.log(result.output);Enforcing Architectural Rules
Allows you to define and enforce architectural rules, such as preventing circular dependencies. This helps maintain a clean and manageable codebase.
const depCruiser = require('dependency-cruiser');
const config = {
forbidden: [
{
name: 'no-circular',
severity: 'error',
comment: 'Circular dependencies are not allowed',
from: {},
to: {
circular: true
}
}
]
};
const result = depCruiser.cruise(['src'], config);
console.log(result.output);Reporting
Generates reports in various formats (e.g., JSON, HTML) to help you analyze the dependency structure and identify potential issues.
const depCruiser = require('dependency-cruiser');
const result = depCruiser.cruise(['src'], {}, { outputType: 'json' });
console.log(JSON.stringify(result.output, null, 2));Madge is a JavaScript library that visualizes the module dependency graph of your project. It can detect circular dependencies and generate visual graphs. Compared to dependency-cruiser, Madge is more focused on visualization and less on enforcing architectural rules.
Depcheck is a tool that helps you find unused dependencies in your project. While it doesn't provide the same level of dependency graph visualization as dependency-cruiser, it is useful for cleaning up your package.json file by identifying dependencies that are no longer in use.
Webpack Bundle Analyzer is a tool that visualizes the size of webpack output files with an interactive zoomable treemap. It is more focused on analyzing the size and composition of your webpack bundles rather than the dependency structure of your source code.
Visualize and validate javascript dependencies. With your rules. ES6, CommonJS, AMD.
Dependency cruiser works most comfortably if you install it globally
npm install --global dependency-cruiser
Head over to Daphne's dependencies to get an overview of all the output formats. And how Daphne uses it all. And how she uses the awesome validation in her workflow. Go on. Read it. Or would you rather prefer continue the boring recount of a README written with reference doc in mind?
To dump all the dependencies in src to into a dependency matrix you can
open in your browser:
dependency-cruise -T html -f deps.html src
Running with no parameters gets you help:
Usage: dependency-cruise [options] <directory-or-file>
Options:
-h, --help output usage information
-V, --version output the version number
-f, --output-to <file> file to write output to; - for stdout (default: -)
-x, --exclude <regex> a regular expression for excluding modules
-M, --system <items> list of module systems (default: amd,cjs,es6)
-T, --output-type <type> output type - html|dot|csv|err|json (default:json)
-v, --validate validate against rules in .dependency-cruiser.json
-r, --rules-file <file> read rules from <file> (default: .dependency-cruiser.json)
Write it to html with a dependency matrix instead:
dependency-cruise -T html -f dependencies.html src
If you supply csv it will write the dependency matrix to a comma
separated file - so you can import it into a spreadsheet program
and analyze from there.
Supplying dot as output type will make dependency-cruiser write
a GraphViz dot format directed graph.
For use in build scripts, in combination with --validate and/ or
--rules-file e.g.
dependency-cruise -T err --rules-file my-depcruise-rules.json src
This will:
See the dependency-cruise target in the Makefile for a real world example.
Validates against a list of rules in a rules file. This defaults to a file
called .dependency-cruiser.json, but you can specify your own rules file
with --rules-file.
The file specifies a bunch of regular expressions pairs your dependencies should adhere to.
A simple validation configuration that forbids modules in src to use stuff
in the test folder and allows everything else:
{
"forbidden": [{
"from": "^src",
"to": "^test"
}]
}
A more elaborate configuration:
src can get stuff from src and node_modulessrc can not get stuff from testnode_modules can call anything, except stuff
we wrote ourselves (in src, bin and lib)no-deps-at-all-plz in their name
can't have dependencies to any module.no-external-deps-plz can't have
dependencies to stuff in node_modules.{
"allowed": [{
"from": "^src",
"to": "^(src|node_modules)"
},{
"from": "^src",
"to": "^(fs|path)$",
"comment": "other core modules don't make sense for the current project"
},{
"from": "^node_modules",
"to": ".+",
"comment": "outside our circle of influence"
}
],
"forbidden": [{
"from": "^src",
"to": "^test"
},{
"from": "no-deps-at-all-plz",
"to": ".+"
},{
"from": "no-external-deps-plz",
"to": "node_modules"
},{
"from": "node_modules",
"to": "^(src|test|lib)",
"comment": "well, you never know ..."
}
]
}
Because if you supply a rules file, you probably intend them to
be used in validation, dependency-cruiser assumes --validate
to be passed even if it wasn't.
FAQs
Validate and visualize dependencies. With your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.
The npm package dependency-cruiser receives a total of 308,449 weekly downloads. As such, dependency-cruiser popularity was classified as popular.
We found that dependency-cruiser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.