dependency-lint
Advanced tools
Lints your NPM dependencies and devDependencies reporting which node modules are
dependencies or devDependenciesdependencies or devDependenciesdependencies to devDependencies or vice versaSupported on Node.js versions 12, 14, 16
$ npm install dependency-lint
$ dependency-lint
To automatically remove unused dependencies and move mislabeled dependencies:
$ dependency-lint --auto-correct
dependency-lint compares the node modules listed in your package.json and
the node modules it determines are used. A node module is used if:
package.json or in a shell scriptSince this does not cover all the possible ways that a node module can be used,
dependency-lint can be configured
to ignore specific errors. Please create an
issue
anytime you need to use this, so we can discuss new ways to determine if and
how a node module is used.
Please see here for an explanation of all the options.
Custom configuration should be placed at dependency-lint.yml in your project directory.
You can create a configuration file by running
dependency-lint --generate-config
Any options not set in your configuration file will be given there default value.
Three formatters are available and can be switched between with the --format option
dependency-lint --format <format>
minimal (default) - prints only the modules with errorssummary - prints all modulesjson - prints JSON of the form {dependencies, devDependencies} where each is array of objects with the keys
name - name of the modulefiles - list of the files that require the module or execute the modulescripts - list of scripts in your package.json that execute the moduleerror - null or one of the following strings: "missing", "should be dependency", "should be dev dependency", "unused"errorIgnored - if dependency lint has been configured to ignore this error.7.1.0 (2021-07-24)
package.json files of your dependencies and devDependecies. Thus it is no longer possible to find missing modules via executable usage.FAQs
Lints package.json dependencies and devDependencies
The npm package dependency-lint receives a total of 4,003 weekly downloads. As such, dependency-lint popularity was classified as popular.
We found that dependency-lint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.