Socket
Socket
Sign inDemoInstall

npm-bundled

Package Overview
Dependencies
1
Maintainers
3
Versions
13
Alerts
File Explorer

Advanced tools

Install Socket

Protect your apps from supply chain attacks

Install

npm-bundled

list things in node_modules that are bundledDependencies, or transitive dependencies thereof

    3.0.0latest
    GitHub
    npm

Version published
Maintainers
3
Weekly downloads
8,738,061
increased by3.96%

Weekly downloads

Changelog

Source

3.0.0 (2022-10-14)

⚠️ BREAKING CHANGES

  • npm-bundled is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

  • 7682b9e #23 postinstall for dependabot template-oss PR (@lukekarrys)

Dependencies

  • 3a21cbe #30 bump npm-normalize-package-bin from 2.0.0 to 3.0.0

Readme

Source

npm-bundled

Run this in a node package, and it'll tell you which things in node_modules are bundledDependencies, or transitive dependencies of bundled dependencies.

Build Status

USAGE

To get the list of deps at the top level that are bundled (or transitive deps of a bundled dep) run this:

const bundled = require('npm-bundled')

// async version
bundled({ path: '/path/to/pkg/defaults/to/cwd'}, (er, list) => {
  // er means it had an error, which is _hella_ weird
  // list is a list of package names, like `fooblz` or `@corp/blerg`
  // the might not all be deps of the top level, because transitives
})

// async promise version
bundled({ path: '/path/to/pkg/defaults/to/cwd'}).then(list => {
  // so promisey!
  // actually the callback version returns a promise, too, it just
  // attaches the supplied callback to the promise
})

// sync version, throws if there's an error
const list = bundled.sync({ path: '/path/to/pkg/defaults/to/cwd'})

That's basically all you need to know. If you care to dig into it, you can also use the bundled.Walker and bundled.WalkerSync classes to get fancy.

This library does not write anything to the filesystem, but it may have undefined behavior if the structure of node_modules changes while it's reading deps.

All symlinks are followed. This means that it can lead to surprising results if a symlinked bundled dependency has a missing dependency that is satisfied at the top level. Since package creation resolves symlinks as well, this is an edge case where package creation and development environment are not going to be aligned, and is best avoided.

FAQs

Last updated on 14 Oct 2022

Did you know?

Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc