gather-dependencies
Advanced tools
Gather dependencies similar to shrinkwrap, but with full dependencies.
Similar in API to npm shrinkwrap producing a object structure with each type of dependency installed.
See the sample npm-shrinkwrap.json in ./test/fixtures/with-npm-install. With a shrinkwrapped file, dependencies saved with npm shrinkwrap --dev are grouped with other dependencies.
npm-shrinkwrap.json
{
"name": "without-npm-install",
"version": "1.0.0",
"dependencies": {
"client-request": {
"version": "1.0.1",
"from": "client-request@*",
"resolved": "https://registry.npmjs.org/client-request/-/client-request-1.0.1.tgz"
},
"tape": {
"version": "4.2.0",
"from": "tape@*",
"resolved": "https://registry.npmjs.org/tape/-/tape-4.2.0.tgz",
...
gather-dependencies does not care about the resolved registry URI.
gather-dependencies adds the field requestedVersion for the user specified version in package.json.
Leaf nodes that do not have version or from already have the dependency satisfied. npm shrinkwrap ignores these entries.
See examples.
gather-dependencies-report.json
{
"name": "gather-dependencies",
"version": "1.0.0",
"dependencies": {
"read-package-tree": {
"requestedVersion": "~5.1.0",
"version": "5.1.0",
"from": "read-package-tree@*",
"dependencies": {
"debuglog": {
"requestedVersion": "^1.0.1",
"version": "1.0.1",
"from": "debuglog@>=1.0.1 <2.0.0"
},
...
| Dan Shaw | GitHub/dshaw | Twitter/@dshaw |
|---|---|---|
| Julian Duque | GitHub/julianduque | Twitter/@julian_duque |
| Daniel Aristizabal | GitHub/cronopio | Twitter/@cronopio2 |
| Adrian Estrada | GitHub/edsadr | Twitter/@edsadr |
Contributions are welcomed from anyone wanting to improve this project!
gather-dependencies is Copyright (c) 2016 NodeSource and licensed under the MIT licence. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.
FAQs
Gather dependencies similar to shrinkwrap, but with full dependencies.
The npm package gather-dependencies receives a total of 2 weekly downloads. As such, gather-dependencies popularity was classified as not popular.
We found that gather-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.