Use micromatch to filter npm module dependencies by name.
var matchdep = require('matchdep');
// Filter dependencies (by autoloading nearest package.json)
matchdep.filter('mini*');
// Filter devDependencies (with config string indicating file to be required)
matchdep.filterDev('grunt-contrib-*', './package.json');
// Filter peerDependencies (with config string indicating file to be required)
matchdep.filterPeer('foo-{bar,baz}', './some-other.json');
// Filter all dependencies (with explicit config provided)
matchdep.filterAll('*', require('./yet-another.json'));
// Filter all dependencies, exclude grunt (multiple matching patterns)
matchdep.filterAll(['*','!grunt']);
filter(pattern, config)
filterDev(pattern, config)
filterPeer(pattern, config)
filterAll(pattern, config)
Type: String|Array
Default: 'none'
A micromatch compatible match pattern to filter dependencies.
Type: String or Object
Default: Path to nearest package.json.
If config is a string, matchdep will attempt to require it. If it is an object, it will be used directly.
The glob package is used for matching files using the patterns the shell uses, like stars and stuff. While it is more general-purpose and not specifically for filtering dependencies, it can be used to achieve similar results by matching file paths.
The multimatch package is a flexible matching library that supports multiple glob patterns. It is more versatile than matchdep as it can be used for a variety of matching tasks beyond just dependencies.
The minimatch package is a minimal matching library that works with glob patterns. It is similar to matchdep in that it can be used to match patterns, but it is more lightweight and general-purpose.
FAQs
Use micromatch to filter npm module dependencies by name.
The npm package matchdep receives a total of 1,034,521 weekly downloads. As such, matchdep popularity was classified as popular.
We found that matchdep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Compromised intercom-client@7.0.4 npm package is tied to the ongoing Mini Shai-Hulud worm attack targeting developer and CI/CD secrets.
Research
Socket detected a malicious supply chain attack on PyPI package lightning versions 2.6.2 and 2.6.3, which execute credential-stealing malware on import.
Research
A brand-squatted TanStack npm package used postinstall scripts to steal .env files and exfiltrate developer secrets to an attacker-controlled endpoint.