New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

eslint-plugin-depend

Package Overview
Dependencies
Maintainers
0
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-depend

An ESLint plugin to suggest optimized dependencies, native alternatives and more

  • 0.12.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
130K
increased by6.6%
Maintainers
0
Weekly downloads
 
Created
Source

eslint-plugin-depend

This is an ESLint plugin to help suggest alternatives to various dependencies.

Primarily, it will help detect dependency tree bloat and redundant polyfills.

Install

npm i -D eslint-plugin-depend

Usage

If you're using the new flat config files, add to your eslint.config.js:

import * as depend from 'eslint-plugin-depend';

export default [
  depend.configs['flat/recommended'],

  // or if you want to specify `files`, or other options
  {
    ...depend.configs['flat/recommended'],
    files: ['test/**/*.js']
  }
];

For older legacy projects, add to your .eslintrc.json:

{
  "extends": [
    "plugin:depend/recommended"
  ]
}

With package.json

Some rules (e.g. ban-dependencies) can be used against your package.json.

You can achieve this by using jsonc-eslint-parser.

For example, in your .eslintrc.json:

{
  "overrides": [
    {
      "files": ["package.json"],
      "parser": "jsonc-eslint-parser",
      "plugins": ["depend"],
      "rules": {
        "depend/ban-dependencies": "error"
      }
    }
  ]
}

Read more at the jsonc-eslint-parser docs.

Rules

License

MIT

Keywords

FAQs

Package last updated on 04 Nov 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

North Korean APT Lazarus Targets Developers with Malicious npm Package

Research

Security News

North Korean APT Lazarus Targets Developers with Malicious npm Package

Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.

By Kirill Boychenko, Peter van der Zee  -  Jan 29, 2025
CISA Brings KEV Data to GitHub

Security News

CISA Brings KEV Data to GitHub

CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.

By Sarah Gooding  -  Jan 29, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc