npm-dependency-db
Advanced tools
Query npm dependents of a certain version or version range of a given package
Use npm-dependency-db to list which npm packages depends on a given
version (or version range) of a given npm package.
A hosted web version of this module exists at: dependency.land.
npm install npm-dependency-db -g
If you are upgrading from versions older than v6.0.0, you need to
completely purge the cache by deleting the entire ~/.npm-dependency-db
directory and reimport everything by running npm-dependency-db --update.
npm-dependency-db [<name> [range]] [options]
First time you use npm-dependency-db you need to sync the npm
dependency tree to a local cache by running:
$ npm-dependency-db --update
Do this every time you want to get up-to-date with the latest changes from the npm database.
To perform a query, run:
$ npm-dependency-db <name> [range] [options]
Where <name> is a name of the module you want to query and [range]
is an optional semver range similar to what you would write in a
package.json file.
E.g. to ask who depends on bluebird within the 2.x version range, you could run:
$ npm-dependency-db bluebird 2.x
E.g. to ask who depends on standard as a dev-dependency within the 7.x version range, you could run:
$ npm-dependency-db --dev standard 7
Run with --help option to see a complete list of options.
var Updater = require('npm-dependency-db/updater')
var level = require('level')
var db = level('./test.db')
var updater = new Updater(db, {live: true})
updater.on('processed', function (n) {
console.log('processed npm change number %d', n)
})
Updater(db[, options])Initialize the Updater with a LevelDB compatible database and an
optional options object.
The following options are supported:
key - The hypercore key to create a feed from. Will default to a
hard-coded keylive - If true, the feed will be kept open while waiting for new
changes. Ignored if indexOnly is true. Defaults to falsehypercorePath - Path where to store the raw npm feed. Defaults to
./npm-dependency-db.coreindexOnly - Only build database index (do not download new blocks).
Defaults to falseEvent: initEmitted when updater.processed, updater.startBlock and
updater.currentBlock have been populated.
Event: runningEmitted when the updater.feed is ready.
Event: processedEmitted when a change object have been completely processed.
The first argument is the hypercore block number containing the change that have been processed.
Event: endEmitted when there is nothing more to process. Will not be emitted if
options.live is true unless an error occurs.
Event: errorEmitted if an error occurs.
The first arguemnt is the error.
updater.feedA hypercore feed. Contains all npm change objects. Each change is a block in the feed.
updater.startBlockThe change (i.e. hypercore block number) where the feed will start to
process in this instance of the Updater.
updater.currentBlockThe change (i.e. hypercore block number) that is currently beeing processed.
updater.processedThe number of changes processed so far in the feed.
MIT
FAQs
Query npm dependents of a certain version or version range of a given package
We found that npm-dependency-db demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Node.js patched a crash bug where AsyncLocalStorage could cause stack overflows to bypass error handlers and terminate production servers.
Research
/Security News
A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.
Security News
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.