npm-bundled
Advanced tools
list things in node_modules that are bundledDependencies, or transitive dependencies thereof
The npm-bundled package is a utility that lists all the packages that have been bundled in a given package. It is particularly useful for analyzing and managing dependencies in Node.js projects, ensuring that you understand which packages are included in your bundle.
List bundled packages
This feature allows you to list all npm packages that are bundled within a specific project. The function takes a path to the project and a callback function that receives an error or the list of bundled packages.
const npmBundled = require('npm-bundled');
npmBundled({ path: '/path/to/your/project' }, function (err, list) {
if (err) {
console.error('Error:', err);
return;
}
console.log('Bundled packages:', list);
});Depcheck is a tool for analyzing the dependencies in your Node.js project to see which ones are used, unused, or missing. It differs from npm-bundled in that it provides a broader analysis of dependency usage rather than just listing bundled packages.
Npm-check provides a way to check for outdated, incorrect, and unused dependencies. It is similar to npm-bundled in that it helps manage dependencies, but it also offers features to update them and provides more detailed reports on the status of each dependency.
Run this in a node package, and it'll tell you which things in node_modules are bundledDependencies, or transitive dependencies of bundled dependencies.
To get the list of deps at the top level that are bundled (or transitive deps of a bundled dep) run this:
const bundled = require('npm-bundled')
// async version
bundled({ path: '/path/to/pkg/defaults/to/cwd'}, (er, list) => {
// er means it had an error, which is _hella_ weird
// list is a list of package names, like `fooblz` or `@corp/blerg`
// the might not all be deps of the top level, because transitives
})
// async promise version
bundled({ path: '/path/to/pkg/defaults/to/cwd'}).then(list => {
// so promisey!
// actually the callback version returns a promise, too, it just
// attaches the supplied callback to the promise
})
// sync version, throws if there's an error
const list = bundled.sync({ path: '/path/to/pkg/defaults/to/cwd'})
That's basically all you need to know. If you care to dig into it,
you can also use the bundled.Walker and bundled.WalkerSync
classes to get fancy.
This library does not write anything to the filesystem, but it may
have undefined behavior if the structure of node_modules changes
while it's reading deps.
All symlinks are followed. This means that it can lead to surprising results if a symlinked bundled dependency has a missing dependency that is satisfied at the top level. Since package creation resolves symlinks as well, this is an edge case where package creation and development environment are not going to be aligned, and is best avoided.
4.0.0 (2024-09-24)
npm-bundled now supports node ^18.17.0 || >=20.5.0FAQs
list things in node_modules that are bundledDependencies, or transitive dependencies thereof
The npm package npm-bundled receives a total of 7,452,770 weekly downloads. As such, npm-bundled popularity was classified as popular.
We found that npm-bundled demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.