New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

dependency-lint

Package Overview
Dependencies
Maintainers
1
Versions
42
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dependency-lint

Lints npm dependencies and devDependencies

  • 1.4.2
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
1.4K
decreased by-15.09%
Maintainers
1
Weekly downloads
 
Created
Source

dependency-lint

Build Status Dependency Status NPM Version

Lints your NPM dependencies and devDependencies reporting which node modules are

  • missing and should be added to your dependencies or devDependencies
  • unused and should be removed from your dependencies or devDependencies
  • mislabeled and should be moved from dependencies to devDependencies or vice versa

Installation

npm install dependency-lint

Usage

On the command line:

dependency-lint

How it works

dependency-lint compares the node modules listed in your package.json and the node modules it determines are used. A node module is used if:

  • it is required in a javascript or coffeescript file
  • one of its executables is used in a script in your package.json

If you run into an example where dependency-lint marks a node module as unused, and you are using it, please create an issue describing the situation. As a short-term solution, configure dependency-lint to allow that node module to be unused.

Configuration

Create a configuration file with

dependency-lint --generate-config
Options
  • allowUnused
    • array of strings to match against a module name to determine if it is allowed to be unused
    • default: []
    • Please create an issue anytime you need to use this
  • devFiles
    • array of strings to match againt a filename to determine if it is used only for development
    • default: ["^(features|spec|test)/", "_(spec|test).(coffee|js)$"]
  • devScripts
    • array of strings to match against a script name in your package.json to determine if it is used only for development
    • default: ["test", "publish"]
  • ignoreFiles
    • array of strings to match against a filename to determine if it should be ignored
    • default: []
    • the node_modules folder is always ignored

Keywords

FAQs

Package last updated on 26 May 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc