hash-for-dep
Advanced tools
Generate a hash representing the stats of this module files and all its descendents files.
var hashForDep = require('hash-for-dep');
hashForDep('rsvp'); // if RSVP is a dependency of the current project, you will get a checksum for it
hashForDep('rsvp', 'path/to/other/project'); // you will get a checksum for RSVP resolved relative to the provided root
HashForDep respects the node resolution algorithim.
For example given:
foo/package.json
foo/index.js
foo/node_modules/a/
foo/node_modules/a/package.json
foo/node_modules/a/index.js
foo/node_modules/a/node_modules/b
foo/node_modules/a/node_modules/b/package.json
foo/node_modules/a/node_modules/b/index.js
foo/node_modules/a/node_modules/f
foo/node_modules/a/node_modules/f/index.js
foo/node_modules/a/node_modules/f/package.json
foo/node_modules/c
foo/node_modules/c/index.js
foo/node_modules/c/package.json
foo/node_modules/d
foo/node_modules/d/index.js
foo/node_modules/d/package.js
where foo/package.json depends on a and c but not d
and foo/node_modules/a/package.json depends on b not f
HashForDep will consider: a c b as dependencies, and simply ignore d and f.
When HashForDep considers a dependency, it will stat each of its files and those of its dependencies.
NOTE: By default, these hashes are cached for the life of the process. As this
is the same strategy node uses for require(x) we can safely follow suit.
That being said, some scenarios may exist where this is not wanted. So just
like require._cache exists, we provide the following options:
require('hash-for-dep')._resetCache();
var hashForDep = require('hash-for-dep');
hashForDep(name, path, null, false /* this mysterious argument should be set to false */);
The hash-sum package generates a short, unique hash for any given input. It is simpler and more general-purpose compared to hash-for-dep, which is specifically designed for hashing dependencies.
The built-in Node.js crypto module can be used to generate hashes for various purposes. While it is more versatile and powerful, it requires more setup and is not specifically tailored for dependency hashing like hash-for-dep.
The object-hash package generates a hash for JavaScript objects. It is useful for hashing complex objects but does not specifically target dependencies like hash-for-dep.
FAQs
generates a hash that represents a module and its depenencies uniqueness
The npm package hash-for-dep receives a total of 264,253 weekly downloads. As such, hash-for-dep popularity was classified as popular.
We found that hash-for-dep demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.