detective
Advanced tools
find all calls to require() by walking the AST
strings_src.js:
var a = require('a');
var b = require('b');
var c = require('c');
strings.js:
var detective = require('detective');
var fs = require('fs');
var src = fs.readFileSync(__dirname + '/strings_src.js');
var requires = detective(src);
console.dir(requires);
output:
$ node examples/strings.js
[ 'a', 'b', 'c' ]
var detective = require('detective');
Give some source body src, return an array of all the require() calls with
string arguments.
The options parameter opts is passed along to detective.find().
Give some source body src, return found with:
found.strings - an array of each string found in a require()found.expressions - an array of each stringified expression found in a
require() callfound.nodes (when opts.nodes === true) - an array of AST nodes for each
argument found in a require() callOptionally:
opts.word - specify a different function name instead of "require"opts.nodes - when true, populate found.nodesopts.isRequire(node) - a function returning whether an AST CallExpression
node is a require callopts.parse - supply options directly to
acorn with some support for esprima-style
options range and locopts.ecmaVersion - default: 9With npm do:
npm install detective
MIT
Precinct is a tool similar to detective but with broader capabilities. It supports detecting dependencies from multiple module types including CommonJS, AMD, ES6, and TypeScript. Compared to detective, which requires different variants for different module systems, Precinct provides a more unified and versatile approach.
Madge is a more comprehensive tool that builds on the functionality provided by detective. It not only finds dependencies but also creates visual graphs of module dependencies and can detect circular dependencies. This makes Madge suitable for larger projects where understanding the module structure visually can be particularly beneficial.
FAQs
find all require() calls by walking the AST
The npm package detective receives a total of 2,663,620 weekly downloads. As such, detective popularity was classified as popular.
We found that detective demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 40 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.
Security News
The remediated findings include organization permission bugs, stale project access after transfers, OIDC replay edge cases, audit logging gaps, and an IDOR in API token deletion.