Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
detective
Advanced tools
detective
find all calls to require() by walking the AST
example
strings
strings_src.js:
var a = require('a');
var b = require('b');
var c = require('c');
strings.js:
var detective = require('detective');
var fs = require('fs');
var src = fs.readFileSync(__dirname + '/strings_src.js');
var requires = detective(src);
console.dir(requires);
output:
$ node examples/strings.js
[ 'a', 'b', 'c' ]
methods
var detective = require('detective');
detective(src, opts)
Give some source body src, return an array of all the require() calls with
string arguments.
The options parameter opts is passed along to detective.find().
var found = detective.find(src, opts)
Give some source body src, return found with:
found.strings- an array of each string found in arequire()found.expressions- an array of each stringified expression found in arequire()callfound.nodes(whenopts.nodes === true) - an array of AST nodes for each argument found in arequire()call
Optionally:
opts.word- specify a different function name instead of"require"opts.nodes- whentrue, populatefound.nodesopts.isRequire(node)- a function returning whether an ASTCallExpressionnode is a require callopts.parse- supply options directly to acorn with some support for esprima-style optionsrangeandlocopts.ecmaVersion- default: 9
install
With npm do:
npm install detective
license
MIT
Other packages similar to detective
precinct
Precinct is a tool similar to detective but with broader capabilities. It supports detecting dependencies from multiple module types including CommonJS, AMD, ES6, and TypeScript. Compared to detective, which requires different variants for different module systems, Precinct provides a more unified and versatile approach.
madge
Madge is a more comprehensive tool that builds on the functionality provided by detective. It not only finds dependencies but also creates visual graphs of module dependencies and can detect circular dependencies. This makes Madge suitable for larger projects where understanding the module structure visually can be particularly beneficial.
FAQs
find all require() calls by walking the AST
The npm package detective receives a total of 2,076,463 weekly downloads. As such, detective popularity was classified as popular.
We found that detective demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 40 open source maintainers collaborating on the project.
Package last updated on 27 May 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026