Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
npm-bundled
Advanced tools
Package description
The npm-bundled package is a utility that lists all the packages that have been bundled in a given package. It is particularly useful for analyzing and managing dependencies in Node.js projects, ensuring that you understand which packages are included in your bundle.
List bundled packages
This feature allows you to list all npm packages that are bundled within a specific project. The function takes a path to the project and a callback function that receives an error or the list of bundled packages.
const npmBundled = require('npm-bundled');
npmBundled({ path: '/path/to/your/project' }, function (err, list) {
if (err) {
console.error('Error:', err);
return;
}
console.log('Bundled packages:', list);
});
Depcheck is a tool for analyzing the dependencies in your Node.js project to see which ones are used, unused, or missing. It differs from npm-bundled in that it provides a broader analysis of dependency usage rather than just listing bundled packages.
Npm-check provides a way to check for outdated, incorrect, and unused dependencies. It is similar to npm-bundled in that it helps manage dependencies, but it also offers features to update them and provides more detailed reports on the status of each dependency.
Changelog
Readme
Run this in a node package, and it'll tell you which things in node_modules are bundledDependencies, or transitive dependencies of bundled dependencies.
To get the list of deps at the top level that are bundled (or transitive deps of a bundled dep) run this:
const bundled = require('npm-bundled')
// async version
bundled({ path: '/path/to/pkg/defaults/to/cwd'}, (er, list) => {
// er means it had an error, which is _hella_ weird
// list is a list of package names, like `fooblz` or `@corp/blerg`
// the might not all be deps of the top level, because transitives
})
// async promise version
bundled({ path: '/path/to/pkg/defaults/to/cwd'}).then(list => {
// so promisey!
// actually the callback version returns a promise, too, it just
// attaches the supplied callback to the promise
})
// sync version, throws if there's an error
const list = bundled.sync({ path: '/path/to/pkg/defaults/to/cwd'})
That's basically all you need to know. If you care to dig into it,
you can also use the bundled.Walker
and bundled.WalkerSync
classes to get fancy.
This library does not write anything to the filesystem, but it may
have undefined behavior if the structure of node_modules
changes
while it's reading deps.
All symlinks are followed. This means that it can lead to surprising results if a symlinked bundled dependency has a missing dependency that is satisfied at the top level. Since package creation resolves symlinks as well, this is an edge case where package creation and development environment are not going to be aligned, and is best avoided.
FAQs
list things in node_modules that are bundledDependencies, or transitive dependencies thereof
We found that npm-bundled demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).