
Security News
New Website “Is It Really FOSS?” Tracks Transparency in Open Source Distribution Models
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
installed-check
Advanced tools
Verifies that installed modules comply with the requirements specified in package.json
Verifies that installed modules comply with the requirements specified in package.json
.
By default checks engine ranges, peer dependency ranges and installed versions and, in mono-repos using workspaces, by default checks all workspaces as well as the workspace root.
npm install -g installed-check
Then run it at the root of your project to validate the installed dependencies:
installed-check
npm install --save-dev installed-check
"scripts": {
"test": "installed-check"
}
--engine-check
/ -e
– if set installed-check
will check that the installed modules doesn't have stricter engines
ranges than those in the package.json
and suggests an alternative requirement if they do. If set, the default checks will be overriden.--peer-check
/ -p
– if set installed-check
will check that the installed modules doesn't have stricter peerDependencies
ranges than those in the package.json
and suggests an alternative requirement if they do. If set, the default checks will be overriden.--version-check
/ -c
– if set installed-check
will check that the installed modules comply with the version requirements set for them the package.json
. If set, the default checks will be overriden.--ignore ARG
/ -i ARG
– excludes the named dependency from non-version checks. Supports picomatch
globbing syntax, eg. @types/*
(but be sure to provide the pattern in a way that avoids your shell from matching it against files first)--ignore-dev
/ -d
– if set then dev dependencies won't be included in the non-version checks.--strict
/ -s
– treats warnings as errors--fix
– tries to apply all suggestions and write them back to disk--no-include-workspace-root
– excludes the workspace root package. Negated equivalent of npm's --include-workspace-root
--no-workspaces
– excludes workspace packages. Negated equivalent of npm's --workspaces
--workspace=ARG
/ -w ARG
– excludes all workspace packages not matching these names / paths. Equivalent to npm's --workspace
/ -w
--workspace-ignore=ARG
– xcludes the specified paths from workspace lookup. (Supports globs)--debug
– prints debug info--verbose
/ -v
– prints warnings and notices--help
/ -h
– prints help and exits--version
– prints current version and exitsknip
– finds unused files, dependencies and exports in your JavaScript and TypeScript projects – a great companion module to installed-check
FAQs
Verifies that installed modules comply with the requirements specified in package.json
The npm package installed-check receives a total of 20,839 weekly downloads. As such, installed-check popularity was classified as popular.
We found that installed-check demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.