Statically parse dependency trees of JavaScript and TypeScript projects.
Supports CommonJS and ES6 imports, and TSX.
hawthorn is a static analyzer that can build a dependency tree data structure
out of a JavaScript or TypeScript project by recursively parsing and scanning
for require() calls and import expressions.
The easiest way to use hawthorn is with its example CLI that you can install
with:
npm install --global hawthorn
The CLI takes a --directory/-d option which is the base directory of the
project you want to scan, and one or more glob patterns to use as entry points
(defaults to lib/**/*.js).
You can test hawthorn on itself by running:
$ git clone https://github.com/jviotti/hawthorn.git
$ hawthorn --directory ./hawthorn 'lib/*.js' > tree.json
See an example of the generated output here: https://github.com/jviotti/hawthorn/blob/master/example.json.
If you install hawthorn as a dependency, you can require('hawthorn') and
the module will export a top level function that takes an array of path globs,
an options object, and resolves a JavaScript object with the resulting
dependency tree.
hawthorn(String[] paths, Object options) -> ObjectThe available options are:
directory: The base directory to use when scanning. Should be usually set
to the root directory of the project you want to scantypes: The types of dependencies to consider. Defaults to [ 'module', 'local', 'internal' ]Example:
const hawthorn = require('hawthorn')
const tree = hawthorn([
'lib/**/*.js'
], {
directory: '~/projects/hawthorn'
})
If you're having any problem, please raise an issue on GitHub and I'll be happy to help.
Run the test suite by doing:
npm test
Before submitting a PR, please make sure that you include tests, and that the linter runs without any warning
The project is licensed under the Apache 2.0 license.
FAQs
Statically parse dependency trees of JavaScript and TypeScript projects
The npm package hawthorn receives a total of 339 weekly downloads. As such, hawthorn popularity was classified as not popular.
We found that hawthorn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentials and wallets, and enable remote access.
Security News
Microsoft has released an open source toolkit for enforcing runtime security policies on AI agents as adoption accelerates faster than governance controls.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.