es-dependency-graph
Advanced tools
Utility for obtaining the dependency graph from ES6 modules.
es-dependency-graph only works for source code that the Esprima parser can parse.
This does not include the whole ES6 syntax at the moment. In light of this
limitation, you should consider this module experimental until the ES6 syntax
is standardized and Esprima can parse it.
This module only analyzes imports and exports declared using the ES module syntax. Dynamic calls to the ES Loader will not be taken into account. If your application uses the System loader to load modules, you should consider using a tracer like the SystemJS build tool.
es-dependency-graph exports a single function that takes a string with source code
and returns an array of the dependencies in that module:
var depGraph = require('es-dependency-graph');
var result = depGraph('import foo from "bar"; export default foo;');
// returns an array like ['bar']
If the includeBindings option is set to true, then the depGraph function
will return an object containing all the imported and exported names of the
module:
var depGraph = require('es-dependency-graph');
var result = depGraph('import foo from "bar"; export default foo;', {
includeBindings: true
});
/* result looks like this:
{
imports: {
'foo': ['bar']
},
exports: ['default']
}
*/
Optionally, if you're already dealing with an AST that contains ES6 imports
or exports, you can pass that AST object to the depGraph function:
var esprima = require('esprima'); // Make sure your Esprima version supports ES6!
var depGraph = require('es-dependency-graph');
var ast = esprima.parse('import foo from "bar"; export default foo;');
var result = depGraph(ast);
Note: none of the dependency names are normalized. It's up to you to decide how to normalize them.
If installed with npm install es-dependency-graph -g it can be used as a global
command dep-graph paths... [options] which will generate a JSON file with
all the dependency information. Try dep-graph --help for more information.
This software is free to use under the Yahoo Inc. BSD license. See the LICENSE file for license text and copyright information.
See the CONTRIBUTING file for info.
FAQs
Utility for obtaining the dependency graph from ES6 modules
We found that es-dependency-graph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.
Research
/Security News
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.
Security News
The MCP Steering Committee has launched the official MCP Registry in preview, a central hub for discovering and publishing MCP servers.