dependency-insight
Advanced tools
dependency-insight is a tiny, powerful, and user-friendly command-line tool designed to help you audit, analyze, and manage your project's dependencies. It provides a wide range of features to ensure that your project uses the most up-to-date, secure, and efficient libraries.
You can install dependency-insight globally via npm:
npm install -g dependency-insight
Alternatively, you can install it locally in your project:
npm install --save-dev dependency-insight
Or simply npm i (but you may have to use npx before dep-insight)
npm install dependency-insight #use npx
dep-insight auditAuditing dependencies for vulnerabilities...
Summary:
Low: 1, Moderate: 0, High: 0, Critical: 0
Recommended actions:
Run 'npm audit fix' to automatically fix fixable vulnerabilities
Run 'npm audit fix --force' to force fixes (may include breaking changes)
dep-insight outdatedChecking for outdated dependencies...
Outdated dependencies: Current → Latest (Suggested)
lodash: 4.17.15 → 4.18.0 (4.17.19)
react: 16.8.0 → 17.0.4 (17.0.2)
dep-insight pruneChecking for unused dependencies...
Unused dependencies found:
- unused-package
- another-unused-package (dev)
Would you like to uninstall unused dependencies? (y/n)
dep-insight treeVisualizing dependency tree...
my-project@1.0.0
├─ lodash@4.17.19
├─ react@17.0.0
└─ axios@0.21.1
└─ lodash@4.17.19
dep-insight suggestSuggesting lightweight alternatives...
Consider using date-fns instead of moment
Consider using dayjs instead of luxon
dep-insight sizeAnalyzing dependency sizes...
lodash 2.50 MB
react 25.30 MB
axios 15.12 MB
Total packages: 3
Total size: 42.92 MB
dep-insight healthChecking dependency health...
lodash @4.17.19
Monthly downloads: 1,000,000
GitHub stars: 10,000
Open issues: 50
Last updated: 01/12/2024
dep-insight updateUpdating dependencies...
Installing lodash@4.18.0... ✓
Installing react@17.0.2... ✓
Successfully updated 2 package(s)
dep-insight clear-cacheWarning: This will clear your npm cache completely.
Are you sure you want to clear the npm cache? (y/n)
Clearing npm cache... ✓
Successfully cleared npm cache
dep-insight helpDependency Insight CLI
Usage:
audit - Audit dependencies for vulnerabilities
outdated - Check for outdated dependencies
prune - Check for unused dependencies
tree - Visualize dependency tree
suggest - Suggest lightweight alternatives for heavy dependencies
size - Analyze bundle size
health - Check project health
update - Interactive update for dependencies
clear-cache - Clear npm cache
After installation, you can run the tool from the command line by typing dep-insight followed by the desired command. For example:
dep-insight audit
dep-insight outdated
For a full list of commands, use the help command:
dep-insight help
When you run the dep-insight audit command, it will analyze your dependencies for security vulnerabilities and output a summary:
Auditing dependencies for vulnerabilities...
Low: 2, Moderate: 1, High: 3, Critical: 0
When you run dep-insight outdated, it will show any outdated dependencies:
Outdated dependencies:
express: 4.16.3 → 4.18.2 (4.18.2)
When you run the dep-insight update command, you will be presented with a list of outdated dependencies and can choose which ones to update interactively:
dep-insight update
Select dependencies to update:
[x] express: 4.16.3 → 4.18.2
The dep-insight health command checks the health of each dependency, showing you GitHub statistics and download information:
Checking dependency health...
──────────────────────────────────────────────────
express @4.16.3
Monthly downloads: 5,000,000
GitHub stars: 12,345
Open issues: 25
Last updated: 15/12/2023
──────────────────────────────────────────────────
This tool uses the following libraries:
chalk: For colorful and easy-to-read outputs in the terminal.depcheck: For identifying unused dependencies in your project.inquirer: For prompting users during interactive commands.filesize: For displaying file sizes in human-readable formats.Feel free to fork this project, submit issues, or create pull requests. Contributions are welcome!
This project is licensed under the MIT License. See the LICENSE file for more information.
Note: GitHub API is rate-limited to 60 requests per hour for unauthenticated requests, which may affect the health command.
FAQs
A CLI tool to audit and analyze your project's dependencies.
The npm package dependency-insight receives a total of 574 weekly downloads. As such, dependency-insight popularity was classified as not popular.
We found that dependency-insight demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.