how-dep
Advanced tools
Readme
how-dep is a command line tool that analyzes your TypeScript1 project and tells you which libraries you are most dependent on.
$ yarn global add how-dep
# or npm install -g how-dep
$ how-dep
97 react # react is imported 97 times
55 react-i18next # react-i18next is imported 55 times
47 classnames # etc...
...
By default, how-dep will try to find a tsconfig.json file within the current directory, it will then load the project and analyze each file, looking for import statements. It will count how many times each module (3rd party or a local file) is imported and will output a nice report.
Looking for a single library? Use this flag, passing the library's name (supports regular expressions) [default: "/.*/"]
$ how-dep -l lodash
# or
$ how-dep -l /lodash.*/ # will also catch lodash.get imports (and similar)
A path to a tsconfig.json file [default: "./tsconfig.json"]
$ how-dep -t ../../tsconfig.json
If set to true, will includes all imports (not just 3rd party libraries) [default: false]
$ how-dep -a
97 react # node module
55 react-i18next # node module
48 /example/src/hooks/use-current-user # local app module!
...
If set to true, will first print out a report of all import occurrences [default: false]
$ how-dep -f -l classnames
/example/src/App.tsx # file path
2:import cx from 'classnames'; # import statement within that file
/example/src/components/AvatarWall/index.js # another file path
3:import cx from 'classnames'; # import statement within that file
...
If set to true, will generate an HTML report (example) [default: false]
$ how-dep -h
If set to false, will treat imports of files within a 3rd party package as a different module (i.e., lodash and lodash/fp will be counted separately) [default: true]
$ how-dep -m
Clone, run yarn to install dependencies, then yarn link to have the how-dep "binary" linked globally, then:
$ yarn start
Then, after making changes to the code, test them by running how-dep in any one of your projects.
1 - Could run on plain javascript projects as well, as long as you provide a tsconfig.json file
FAQs
Unknown package
We found that how-dep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.