Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
module-deps
Advanced tools
walk the dependency graph to generate json output that can be fed into browser-pack
The module-deps npm package is a tool for analyzing the dependency graph of Node.js modules. It parses the require() calls in a given entry file and recursively resolves the dependencies, providing a detailed graph of all the modules and their interconnections.
Dependency Graph Generation
This feature allows you to generate a JSON file that represents the dependency graph of a given entry file. The code sample demonstrates how to use module-deps to analyze 'entry.js' and output the dependency graph to 'deps.json'.
const mdeps = require('module-deps');
const JSONStream = require('JSONStream');
const fs = require('fs');
const md = mdeps();
md.pipe(JSONStream.stringify()).pipe(fs.createWriteStream('deps.json'));
md.end({ file: 'entry.js' });
Custom Resolvers
This feature allows you to provide custom resolution logic for resolving module paths. The code sample shows how to use a custom resolver function to handle module resolution.
const mdeps = require('module-deps');
const JSONStream = require('JSONStream');
const fs = require('fs');
const md = mdeps({
resolve: (id, parent, cb) => {
// Custom resolution logic
cb(null, id);
}
});
md.pipe(JSONStream.stringify()).pipe(fs.createWriteStream('deps.json'));
md.end({ file: 'entry.js' });
Transform Streams
This feature allows you to apply transform streams to the source files before they are parsed. The code sample demonstrates how to replace all instances of 'require' with 'customRequire' in the source files.
const mdeps = require('module-deps');
const through = require('through2');
const JSONStream = require('JSONStream');
const fs = require('fs');
const md = mdeps({
transform: (file) => {
return through(function (buf, enc, next) {
this.push(buf.toString('utf8').replace(/require/g, 'customRequire'));
next();
});
}
});
md.pipe(JSONStream.stringify()).pipe(fs.createWriteStream('deps.json'));
md.end({ file: 'entry.js' });
Browserify is a tool that allows you to bundle up all of your JavaScript dependencies for the browser. It also provides a way to analyze the dependency graph of your modules. Compared to module-deps, Browserify offers a more comprehensive solution for bundling and dependency management, including support for various plugins and transforms.
Webpack is a powerful module bundler for JavaScript applications. It analyzes the dependency graph of your modules and bundles them into a single file or multiple chunks. Webpack provides a rich ecosystem of plugins and loaders, making it more versatile than module-deps for complex build processes.
Rollup is a module bundler for JavaScript that focuses on ES6 modules. It provides tree-shaking capabilities to remove unused code from the final bundle. While module-deps focuses on dependency graph analysis, Rollup is more geared towards optimizing and bundling ES6 modules.
walk the dependency graph to generate json output that can be fed into browser-pack
var mdeps = require('module-deps');
var JSONStream = require('JSONStream');
var stringify = JSONStream.stringify();
stringify.pipe(process.stdout);
var file = __dirname + '/files/main.js';
mdeps(file).pipe(stringify);
output:
$ node example/deps.js
[
{"id":"/home/substack/projects/module-deps/example/files/main.js","source":"var foo = require('./foo');\nconsole.log('main: ' + foo(5));\n","entry":true,"deps":{"./foo":"/home/substack/projects/module-deps/example/files/foo.js"}}
,
{"id":"/home/substack/projects/module-deps/example/files/foo.js","source":"var bar = require('./bar');\n\nmodule.exports = function (n) {\n return n * 111 + bar(n);\n};\n","deps":{"./bar":"/home/substack/projects/module-deps/example/files/bar.js"}}
,
{"id":"/home/substack/projects/module-deps/example/files/bar.js","source":"module.exports = function (n) {\n return n * 100;\n};\n","deps":{}}
]
and you can feed this json data into browser-pack:
$ node example/deps.js | browser-pack | node
main: 1055
usage: module-deps [files]
generate json output from each entry file
var mdeps = require('module-deps')
Return a readable stream of javascript objects from an array of filenames
files
.
Optionally pass in some opts
:
opts.transform - a string or array of string transforms (see below)
opts.transformKey - an array path of strings showing where to look in the package.json for source transformations. If falsy, don't look at the package.json at all.
opts.resolve - custom resolve function using the
opts.resolve(id, parent, cb)
signature that
browser-resolve has
opts.packageFilter - transform the parsed package.json contents before using
the values. opts.packageFilter(pkg)
should return the new pkg
object to use.
module-deps can be configured to run source transformations on files before
parsing them for require()
calls. These transforms are useful if you want to
compile a language like coffeescript on the fly or
if you want to load static assets into your bundle by parsing the AST for
fs.readFileSync()
calls.
If the transform is a function, it should take the file
name as an argument
and return a through stream that will be written file contents and should output
the new transformed file contents.
If the transform is a string, it is treated as a module name that will resolve to a module that is expected to follow this format:
var through = require('through');
module.exports = function (file) { return through() };
You don't necessarily need to use the through module to create a readable/writable filter stream for transforming file contents, but this is an easy way to do it.
When you call mdeps()
with an opts.transform
, the transformations you
specify will not be run for any files in node_modules/. This is because modules
you include should be self-contained and not need to worry about guarding
themselves against transformations that may happen upstream.
Modules can apply their own transformations by setting a transformation pipeline
in their package.json at the opts.transformKey
path. These transformations
only apply to the files directly in the module itself, not to the module's
dependants nor to its dependencies.
With npm, to get the module do:
npm install module-deps
and to get the module-deps
command do:
npm install -g module-deps
MIT
FAQs
walk the dependency graph to generate json output that can be fed into browser-pack
We found that module-deps demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 40 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.