kamiazya

pahen

madge

Error

Ignore

Warn

License

Maintenance

Miscellaneous

Quality

Supply chain risk

Vulnerability

Admins only

Organization members

Dashboard

<upgradeLink>Upgrade</upgradeLink> to access this feature

About

Blog

Socket CLI

Customers

Socket Dependency Search

Docs

Socket for GitHub

Love

Impersonation Mode Active

Update your browser to the latest version for the best experience.

Your web browser is outdated

Use another browser for the best experience.

Your web browser is unsupported

{{count, number}} commits last two months

{{count, number}} critical severity alert

{{count, number}} critical severity alerts

{{count, number}} dependency vulnerability

{{count, number}} dependency vulnerabilities

{{count, number}} development dependencies

{{count, number}} transitive dependencies

{{count, number}} version published last month

{{count, number}} versions published last month

{{count, number}} version published in last two months

{{count, number}} versions published in last two months

{{count, number}} version published last week

{{count, number}} versions published last week

{{count, number}} version published last year

{{count, number}} versions published last year

Socket undergoes annual SOC2 Type II audits. Socket customers can request a copy of the full SOC2 Type II report.

Allows organization owners and admins to access detailed records of actions taken by members of their organization, complete with timestamps.

Prevent compromised packages from infiltrating your supply chain by monitoring for changes in real-time.

Join our Discord community to get help from Socket engineers and other Socket users.

Compare millions of open source packages on socket.dev

Detect malicious code and risky behavior (e.g. network) in your dependencies using "deep package inspection"

All data is encrypted in transit and at rest using industry standard encryption algorithms.

Get a dedicated Socket account manager and access to Socket’s Customer Success team.

Get dedicated support from Socket engineers via email and Slack.

"Shift left" with the Socket Chrome extension and give intervene early, before developers choose risky or low quality dependencies.

Catch developers using risky dependencies and give them a "speed bump" to encourage good behavior

Install the Socket GitHub app to receive real-time dependency scanning and reports with every pull request.

Integrate Socket into your GitHub SCM to prevent risky dependencies from being installed.

Socket scans for vulnerabilities in your dependencies, including CVEs, security advisories, and more.

Socket supports dependencies in many languages, with most popular ecosystems coming in 2024. We've got you covered no matter what languages you use.

Enforce license policies across your organization

Receive a Microsoft Teams message to the channel of your choice anytime Socket runs a new analysis, has a new finding, or a policy has changed.

Get help migrating from Socket's free plan to Socket's paid plans.

Run Socket on-premises or in your own cloud environment.

Query for any dependency (at any version) across your entire organization

Integrate Socket into your CI/CD pipeline to prevent risky dependencies from being deployed to production.

Analyze an entire project to find supply chain risks

Tag projects to organize and filter your projects

Restrict access based on the roles of individual users within an organization.

Receive a Slack message to the channel of your choice anytime Socket runs a new analysis, has a new finding, or a policy has changed.

Socket is SOC2 Type II compliant and undergoes annual audits.

The Socket CLI allows teams to prevent risky dependencies from being installed, and to get dependency insights from the command line.

Socket supports SAML SSO for single sign-on and identity management.

Integrate Socket into your VS Code IDE to prevent risky dependencies from being installed.

Get a POST request anytime Socket runs a new analysis, has a new finding, or a policy has changed.

Socket will analyzed your SBOMs up to a maximum number of dependencies.

API that allows you to analyze a project, lookup package scores and alerts, and more.

Create API tokens to authenticate with the Socket API and CLI.

The number of developers in your team. A developer is someone who made a commit to your organization's repositories scanned by Socket in the past month.

Use Socket to protect your private repositories.

Socket is always free for open source projects.

Socket retains all reporting data for 3 months, 1 year, or a custom term of your choice.

Access the threat feed that powers Socket.

Unlimited scale, self-hosting, and priority support for large teams.

For open-source projects, individuals, and small teams.

For growing teams with enhanced scale, security, and support.

There is a package with a similar name that is downloaded much more often.

There are packages with similar names that are downloaded much more often.

This may not be the package you want!

Instance

Alert Locations

Package

The {{ecosystem}} package {{- packageName}} receives a total of <strong>{{numWeeklyDownloadCount, number}}</strong> weekly downloads. As such, {{- packageName}} popularity was classified as <strong>{{popularity}}</strong>.

Is {{- packageName}} popular?

Is {{- packageName}} safe to use?

Is {{- packageName}} well maintained?

What is {{- packageName}}?

{{packageDescription}}Version: {{versionString}} was published by {{publisherName}}. Start using Socket to analyze {{- packageName}} and its {{dependencyCount, number}} dependencies to secure your app from supply chain attacks.

Sorry, it seems this package was removed from the registry

Package was removed

This package version has been unpublished, mostly likely due to security reasons

Package version was removed

Provide a detailed description of the malware...

Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript, Python, and Go dependencies.

Socket - Secure your dependencies. Ship with confidence.

Compare versions

{{- packageName}} - npm Package Compare versions

const version = require('../package.json').version;

// Revert https://github.com/tj/commander.js/pull/1409

	.option('-b, --basedir <path>', 'base directory for resolving paths')

	.option('-s, --summary', 'show dependency count summary')

	.option('-c, --circular', 'show circular dependencies')

	.option('-d, --depends <name>', 'show module dependents')

	.option('-x, --exclude <regexp>', 'exclude modules using RegExp')

	.option('-i, --image <file>', 'write graph to file as an image')

	.option('-l, --layout <name>', 'layout engine to use for graph (dot/neato/fdp/sfdp/twopi/circo)')

	.option('--orphans', 'show modules that no one is depending on')

	.option('--leaves', 'show modules that have no dependencies')

	.option('--dot', 'show graph using the DOT language')

	.option('--extensions <list>', 'comma separated string of valid file extensions')

	.option('--require-config <file>', 'path to RequireJS config')

	.option('--webpack-config <file>', 'path to webpack config')

	.option('--ts-config <file>', 'path to typescript config')

	.option('--include-npm', 'include shallow NPM modules', false)

	.option('--no-color', 'disable color in output and image', false)

	.option('--no-spinner', 'disable progress spinner', false)

	.option('--stdin', 'read predefined tree from STDIN', false)

	.option('--warning', 'show warnings about skipped files', false)

	.option('--debug', 'turn on debug output', false)

if (!program.args.length && !program.stdin) {

	packageConfig = require(path.join(process.cwd(), 'package.json')).madge;

const config = Object.assign(rc, packageConfig);

	log('using runtime config %s', rc.config);

	config.excludeRegExp = [program.exclude];

	config.fileExtensions = program.extensions.split(',').map((s) => s.trim());

	config.requireConfig = program.requireConfig;

	config.webpackConfig = program.webpackConfig;

	const tsParsedConfig = ts.readJsonConfigFile(config.tsConfig, ts.sys.readFile);

* Fix issue with command line options stopped working

* Fix potential command injection vulnerability

* Upgrade core dependencies and require Node.js 10.13 (Thanks to @realityking)

* Updated to dependency-tree@7.2.2 with support for mixing TypesScript and Javascript imports

* Add support for combining `--circular` and `--dot` (Thanks to @SaeedZhiany)

* Add support for combining `--image` and `--circular` option to get a graph with only circular dependencies (Thanks to @gaspardip)

* Updated dependencies to resolve TypeScript issues

* Improved performance when reading TypeScript config (Thanks to @FauxFaux)

* Better support for TypeScript >=3.8 “import type” (Thanks to @eelco)

* Added `leaves` option to show modules that do not have dependencies (Thanks to @avahe-kellenberger)

* Support package.json config (Thanks to @zekth)

* Added support for TypeScript with mixed import syntax (Thanks to @codemonkey800)

* Reduce processing by excluding .git content (Thanks to @villelaitila)

* Exclude test folder from npm registry (Thanks to @SethDavenport)

* Updated the `dependency-tree` module to get rid of the eslint dependency

* One more fix for missing eslint dependency

* Fix peer dependency issue with typescript-eslint-parser causing error: Cannot find module 'eslint/lib/util/traverser'

* Support .tsx files and specifying a tsconfig (Thanks to @BPScott and @mrjoelkemp)

* Add --no-spinner option (Thanks to @joebowbeer)

* Plot rounded boxes, prefer left to right by default (Thanks to @paulirish)

* Fix performance issue when flattening the dependency tree (Thanks to @wjohnsto)

* Fix issue with short CLI options not working properly

  "author": "Patrik Henningsson <patrik.henningsson@gmail.com>",

  "repository": "git://github.com/pahen/madge",

  "homepage": "https://github.com/pahen/madge",

  "description": "Create graphs from module dependencies.",

    "test": "npm run lint && npm run mocha",

    "watch": "mocha --watch --growl test/*.js",

    "lint": "eslint bin/cli.js lib test/*.js",

    "debug": "node bin/cli.js --debug bin lib",

    "generate": "npm run generate:small && npm run generate:madge",

    "generate:small": "bin/cli.js --image /tmp/simple.svg test/cjs/circular/a.js",

    "generate:madge": "bin/cli.js --image /tmp/madge.svg bin lib",

**Madge** is a developer tool for generating a visual graph of your module dependencies, finding circular dependencies, and give you other useful info. Joel Kemp's awesome [dependency-tree](https://github.com/mrjoelkemp/node-dependency-tree) is used for extracting the dependency tree.

* Works for JavaScript (AMD, CommonJS, and ES6 modules)

* Also works for CSS preprocessors (Sass, Stylus, and Less)

* NPM installed dependencies are excluded by default (can be enabled)

* All core Node.js modules (assert, path, fs, etc) are excluded

* Will traverse child dependencies automatically

Read the [changelog](CHANGELOG.md) for latest changes.

> I've worked with Madge on my free time for the last couple of years and it's been a great experience. It started as an experiment but turned out to be a very useful tool for many developers. I have many ideas for the project and it would definitely be easier to dedicate more time to it with some [financial support](#donations) 🙏

> Regardless of your contribution, thanks for your support!

> Graph generated from madge's own code and dependencies.

> A graph with circular dependencies. Blue has dependencies, green has no dependencies, and red has circular dependencies.

> [Graphviz](http://www.graphviz.org/) is only required if you want to generate visual graphs (e.g. in SVG or DOT format).

		@@ -13,2 +13,5 @@ #!/usr/bin/env node

		// Revert https://github.com/tj/commander.js/pull/1409
		program.storeOptionsAsProperties();

		program
		@@ -15,0 +18,0 @@ .version(version)

		# CHANGELOG

		## v5.0.1 (June 23, 2021)

		* Fix issue with command line options stopped working

		## v5.0.0 (June 22, 2021)
		@@ -4,0 +8,0 @@

		{
		"name": "madge",
		"version": "5.0.0",
		"version": "5.0.1",
		"author": "Patrik Henningsson <patrik.henningsson@gmail.com>",
		@@ -5,0 +5,0 @@ "repository": "git://github.com/pahen/madge",

New alerts

Fixed alerts

Improved metrics

Worsened metrics

		@@ -7,3 +7,3 @@ <p align="center">
		<img alt="Last version" src="https://img.shields.io/github/tag/pahen/madge.svg?style=flat-square" />
		<a href="https://travis-ci.org/pahen/madge">
		<a href="https://travis-ci.com/pahen/madge">
		<img alt="Build Status" src="http://img.shields.io/travis/pahen/madge/master.svg?style=flat-square" />
		@@ -10,0 +10,0 @@ </a>