npm-logical-tree
Advanced tools
npm-logical-tree is a Node.js
library that takes the contents of a package.json and package-lock.json (or
npm-shrinkwrap.json) and returns a nested tree data structure representing the
logical relationships between the different dependencies.
$ npm install npm-logical-tree
const fs = require('fs')
const logicalTree = require('npm-logical-tree')
const pkg = require('./package.json')
const pkgLock = require('./package-lock.json')
logicalTree(pkg, pkgLock)
// returns:
LogicalTree {
name: 'npm-logical-tree',
version: '1.0.0',
address: null,
optional: false,
dev: false,
bundled: false,
resolved: undefined,
integrity: undefined,
requiredBy: Set { },
dependencies:
Map {
'foo' => LogicalTree {
name: 'foo',
version: '1.2.3',
address: 'foo',
optional: false,
dev: true,
bundled: false,
resolved: 'https://registry.npmjs.org/foo/-/foo-1.2.3.tgz',
integrity: 'sha1-rYUK/p261/SXByi0suR/7Rw4chw=',
dependencies: Map { ... },
requiredBy: Set { ... },
},
...
}
}
The npm team enthusiastically welcomes contributions and project participation! There's a bunch of things you can do if you want to contribute! The Contributor Guide has all the information you need for everything from reporting bugs to contributing entire new features. Please don't hesitate to jump in if you'd like to, or even ask us questions if something isn't clear.
All participants and maintainers in this project are expected to follow Code of Conduct, and just generally be excellent to each other.
Please refer to the Changelog for project history details, too.
Happy hacking!
> logicalTree(pkg, lock) -> LogicalTreeCalculates a logical tree based on a matching package.json and
package-lock.json pair. A "logical tree" is a fully-nested dependency graph
for an npm package, as opposed to a physical tree which might be flattened.
logical-tree will represent deduplicated/flattened nodes using the same object
throughout the tree, so duplication can be checked by object identity.
const pkg = require('./package.json')
const pkgLock = require('./package-lock.json')
logicalTree(pkg, pkgLock)
// returns:
LogicalTree {
name: 'npm-logical-tree',
version: '1.0.0',
address: null,
optional: false,
dev: false,
bundled: false,
resolved: undefined,
integrity: undefined,
requiredBy: Set { },
dependencies:
Map {
'foo' => LogicalTree {
name: 'foo',
version: '1.2.3',
address: 'foo',
optional: false,
dev: true,
bundled: false,
resolved: 'https://registry.npmjs.org/foo/-/foo-1.2.3.tgz',
integrity: 'sha1-rYUK/p261/SXByi0suR/7Rw4chw=',
requiredBy: Set { ... },
dependencies: Map { ... }
},
...
}
}
> logicalTree.node(name, [address, [opts]]) -> LogicalTreeManually creates a new LogicalTree node.
opts.version - version of the node.opts.optional - is this node an optionalDep?opts.dev - is this node a devDep?opts.bundled - is this bundled?opts.resolved - resolved address.opts.integrity - SRI string.logicalTree.node('hello', 'subpath:to:@foo/bar', {dev: true})
FAQs
Calculate 'logical' trees from a package.json + package-lock
The npm package npm-logical-tree receives a total of 93,641 weekly downloads. As such, npm-logical-tree popularity was classified as popular.
We found that npm-logical-tree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.