Security News
Vite+ Joins the Push to Consolidate JavaScript Tooling
Evan You announces Vite+, a commercial, Rust-powered toolchain built on the Vite ecosystem to unify JavaScript development and fund open source.
By Sarah Gooding - Oct 15, 2025
Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More →
package-transfer
Advanced tools
package-transfer
Simple utility to transfer packages from your dependencies or devDependencies lists into new project.
package-transfer
Simple utility to transfer packages from your dependencies or devDependencies lists into new project.
Install
npm install -g package-transfer
Usage
pkg-transfer [options]
Transfer dependencies from old-project to current project (my-new-project):
cd my-new-project
pkg-transfer -s ../old-project
The command detects which packages need to be transferred and offers to auto install them into target package.
This command does exactly the same thing only for devDependencies:
pkg-transfer -s ../old-project --dev
If you prefer yarn over npm:
pkg-transfer -s ../old-project --yarn
Strict mode
Most of the time you are locking your package.json dependencies to exact version. If you wish to transfer those exact versions to target package.json then just use --strict argument.
pkg-transfer -s ../my-project --strict
Help
Usage: pkg-transfer [options]
Options:
-v, --version Print version
--verbose Increase logging verbosity
-h, --help Output help and usage information
-s, --source Source package (from where you want to transfer dependencies)
-t, --target Target package (defaults to current directory)
--yarn Use yarn instead of npm
--dev Transfer devDependencies
--dry-run Just prints install command, does NOT really install anything
--strict Use exact versions from source package.json when installing dependencies
Keywords
FAQs
Simple utility to transfer packages from your dependencies or devDependencies lists into new project.
We found that package-transfer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Oct 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Ruby Central Faces Backlash After Publishing Incident Timeline on RubyGems Access Dispute
Ruby Central’s incident report on the RubyGems.org access dispute sparks backlash from former maintainers and renewed debate over project governance.
By Sarah Gooding - Oct 14, 2025
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
By Olivia Brown - Oct 11, 2025