Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

gather-dependencies

Package Overview
Dependencies
Maintainers
4
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

gather-dependencies

Gather dependencies similar to shrinkwrap, but with full dependencies.

  • 1.1.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
2
decreased by-33.33%
Maintainers
4
Weekly downloads
 
Created
Source

gather-dependencies

Similar in API to npm shrinkwrap producing a object structure with each type of dependency installed.

  • dependencies
  • devDependencies
  • optionalDependencies
  • peerDependencies

See the sample npm-shrinkwrap.json in ./test/fixtures/with-npm-install. With a shrinkwrapped file, dependencies saved with npm shrinkwrap --dev are grouped with other dependencies.

npm-shrinkwrap.json

{
  "name": "without-npm-install",
  "version": "1.0.0",
  "dependencies": {
    "client-request": {
      "version": "1.0.1",
      "from": "client-request@*",
      "resolved": "https://registry.npmjs.org/client-request/-/client-request-1.0.1.tgz"
    },
    "tape": {
      "version": "4.2.0",
      "from": "tape@*",
      "resolved": "https://registry.npmjs.org/tape/-/tape-4.2.0.tgz",
    ...

gather-dependencies does not care about the resolved registry URI.

gather-dependencies adds the field requestedVersion for the user specified version in package.json.

Leaf nodes that do not have version or from already have the dependency satisfied. npm shrinkwrap ignores these entries.

Examples

See examples.

gather-dependencies-report.json

{
  "name": "gather-dependencies",
  "version": "1.0.0",
  "dependencies": {
    "read-package-tree": {
      "requestedVersion": "~5.1.0",
      "version": "5.1.0",
      "from": "read-package-tree@*",
      "dependencies": {
        "debuglog": {
          "requestedVersion": "^1.0.1",
          "version": "1.0.1",
          "from": "debuglog@>=1.0.1 <2.0.0"
        },
    ...

Authors and Contributors

Dan ShawGitHub/dshawTwitter/@dshaw
Julian DuqueGitHub/julianduqueTwitter/@julian_duque
Daniel AristizabalGitHub/cronopioTwitter/@cronopio2
Adrian EstradaGitHub/edsadrTwitter/@edsadr

Contributions are welcomed from anyone wanting to improve this project!

License & Copyright

gather-dependencies is Copyright (c) 2016 NodeSource and licensed under the MIT licence. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.

Keywords

FAQs

Package last updated on 07 Jun 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven Cybersecurity and Supply Chain Transparency

Security News

Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven Cybersecurity and Supply Chain Transparency

Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.

By Sarah Gooding  -  Jan 21, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc