es-dependency-graph
Advanced tools
Utility for obtaining the dependency graph from ES6 modules.
es-dependency-graph only works for source code that the Esprima parser can parse.
This does not include the whole ES6 syntax at the moment. In light of this
limitation, you should consider this module experimental until the ES6 syntax
is standardized and Esprima can parse it.
This module only analyzes imports and exports declared using the ES module syntax. Dynamic calls to the ES Loader will not be taken into account. If your application uses the System loader to load modules, you should consider using a tracer like the SystemJS build tool.
es-dependency-graph exports a single function that takes a string with source code
and returns an array of the dependencies in that module:
var depGraph = require('es-dependency-graph');
var result = depGraph('import foo from "bar"; export default foo;');
// returns an array like ['bar']
If the includeBindings option is set to true, then the depGraph function
will return an object containing all the imported and exported names of the
module:
var depGraph = require('es-dependency-graph');
var result = depGraph('import foo from "bar"; export default foo;', {
includeBindings: true
});
/* result looks like this:
{
imports: {
'foo': ['bar']
},
exports: ['default']
}
*/
Optionally, if you're already dealing with an AST that contains ES6 imports
or exports, you can pass that AST object to the depGraph function:
var esprima = require('esprima'); // Make sure your Esprima version supports ES6!
var depGraph = require('es-dependency-graph');
var ast = esprima.parse('import foo from "bar"; export default foo;');
var result = depGraph(ast);
Note: none of the dependency names are normalized. It's up to you to decide how to normalize them.
If installed with npm install es-dependency-graph -g it can be used as a global
command dep-graph paths... [options] which will generate a JSON file with
all the dependency information. Try dep-graph --help for more information.
This software is free to use under the Yahoo Inc. BSD license. See the LICENSE file for license text and copyright information.
See the CONTRIBUTING file for info.
FAQs
Utility for obtaining the dependency graph from ES6 modules
We found that es-dependency-graph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.