🚀 Launch Week Day 3:Introducing Supply Chain Attack Campaigns Tracking.Learn More →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

dependency-db

Package Overview
Dependencies
Maintainers
1
Versions
14
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dependency-db

A database for querying which packages depend on a specific package within a specific range

latest
Source
npmnpm
Version
5.1.4
Version published
Maintainers
1
Created
Source

dependency-db

A database for querying which packages depend on a specific package within a specific range.

Build status js-standard-style

Installation

npm install dependency-db --save

When upgrading from version 4, remember to purge the LevelDB index.

Usage

var memdb = require('memdb')
var DependencyDb = require('dependency-db')

var db = new DependencyDb(memdb())

// pkg should be a package.json style object
var pkg = {
  name: 'foo',
  version: '1.2.3',
  dependencies: {
    bar: '^2.3.4'
  }
}

db.store(pkg, function (err) {
  if (err) throw err

  db.query('bar', '^2.0.0', function (err, pkgs) {
    if (err) throw err

    console.log('Found %d dependents:', pkgs.length)

    pkgs.forEach(function (pkg) {
      console.log('- %s@%s', pkg.name, pkg.version)
    })
  })
})

API

var db = new DependencyDb(levelup)

Initialize the DependencyDb constructor with a levelup database instance.

db.store(pkg, callback)

Store a package in the database.

The first argument is a package.json style JavaScript object. Only the name and version properties are required. If dependencies is present, it should adhere the the regular package.json format.

The callback will be called with an optional error object as the first arguement when the package have been processed and stored correctly in the database.

var stream = db.query(name, range[, options][, callback])

Query the database for packages that depend on name within the given range.

The optional options argument can contain the following properties:

  • devDependencies - Look up dev-dependencies instead of dependencies (default: false)
  • all - Return all versions of all packages that matches the queried dependency
  • gt - Used for pagination. Only return results greater than the given dependent (format: dependent or dependent@version)
  • limit - Used for pagination. Max number of results to return (default: -1, no limit)

If provided, the callback will be called with an optional error object as the first arguement and an array of packages that match the query as the second.

Alternatively you can use the returned object-stream to stream the results:

db.query('roundround', '*').on('data', function (result) {
  console.log(result)
})

Warning: OR-queries are not supported. This means that the range argument must not contain a double pipe operator (||). If an OR-range is given an error is thrown.

License

MIT

Keywords

npm
module
modules
package
packages
dependency

FAQs

Package last updated on 27 Mar 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard

Product

Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard

Campaign-level threat intelligence in Socket now shows when active supply chain attacks affect your repositories and packages.

By Philipp Burckhardt  -  Jan 21, 2026