Security News
New CVE Forecasting Tool Predicts 47,000 Disclosures in 2025
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.
By Sarah Gooding - Jul 07, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
gitify-dependencies
Advanced tools
gitify-dependencies
CLI tool for replacing node dependencies with their respective git repositories
gitify-dependencies 
CLI tool for replacing node dependencies with their respective git repositories.
Installation
npm install -g gitify-dependencies
Usage
gitify-deps [--options]
Options
| Flag | Environment variable | Description | Allowed values | Default value |
|---|---|---|---|---|
| --checkout-tags -c | CHECKOUT_TAGS | If a dependency is already a git repo, the CLI will just "git checkout" the version specified in npm-shrinkwrap.json. | 'yes', 'no' | 'no' |
| --gitify-url-pattern -p | GITIFY_URL_PATTERN | Specify a pattern that gets matched against the package's url. Please note, that you must either set this flag or the environment variable! | none | none |
| --node-projects-dir -d | NODE_PROJECTS_DIR | Set a path which will keep the git repository's data. | none | $HOME/.gitify |
Idea
This tool walks through your npm-shrinkwrap.json file and does the following things for every dependency (and it's sub-dependencies):
- Clone or update the package's repo in
{NODE_PROJECTS_DIR}/{name of the dependency}. - Back up the package's private
node_modulesdirectory if present. - Remove any existing package.
- Create a new git "workdir" in it's place that shares the same repository as
{NODE_PROJECTS_DIR}/{name of the dependency}. - Restore the package's private
node_modules.
In practice you can treat this like a sort of "linked clone" of the original repo. Objects and refs (branches and tags) will be shared between all workdirs, but each one will have it's own working tree, HEAD, and index (staging area). One caveat is that only the git repository is synced, making changes and commiting in one workdir doesn't affect the files in another workdir. Use feature branches
More information about workdirs:
v1.0.1 - 2016-06-14
Fixed
- Handling of public git URLs
Keywords
FAQs
CLI tool for replacing node dependencies with their respective git repositories
The npm package gitify-dependencies receives a total of 7 weekly downloads. As such, gitify-dependencies popularity was classified as not popular.
We found that gitify-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 13 open source maintainers collaborating on the project.
Package last updated on 14 Jun 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Browserslist-rs Gets Major Refactor, Cutting Binary Size by Over 1MB
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
By Sarah Gooding - Jul 04, 2025
Research
Security News
8 More Malicious Firefox Extensions: Exploiting Popular Game Recognition, Hijacking User Sessions, and Stealing OAuth Credentials
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
By Kush Pandya - Jul 04, 2025