pulling-deps
Advanced tools
Pull CJS require, AMD define, as well as ESM dynamic and static imports.
pulling-deps accomplishes this by building and traversing an AST leveraging acorn.
npm install pulling-deps
To run the cli command directly in your console, you will need to install pulling-deps globally. Alternatively, you can create npm scripts in your package json, or use npx. Running npm scripts or npx are the preferred methods for using the CLI.
pull-deps which will extract the dependencies in the files you specify$ pull-deps src/*.js
$ echo "import('./src/index.js')" | pull-deps
pull-vendor which will extract only node module dependencies$ pull-vendor src/*.js
$ echo "import('./src/index.js')" | pull-vendor
pull-tree which will generate a flat map of all the dependencies$ pull-tree src/*.js
$ echo "import('./src/index.js')" | pull-tree
is a method that takes in a JavaScript string source as the first parameter, and an optional object as the second paramter. The second parameter is an object that is pass straight to acorn.
const pullDeps = require('pullig-deps');
// This gets us an object that has a property `dependencies`, which is an array
// of all the dependencies found.
const result = pullDeps.fromSource(`
import a from "esmdep";
const b = require("cjsdep");
import("dynamicESM");
`);
// Print to console the dependencies, which will have `esmdep`, `cjsdep`, and `dynamicESM`.
console.log(result.dependencies);
is a method that takes in as its only parameter an AST as created by acorn.
const acorn = require('acorn-dynamic-import/lib/inject').default(require('acorn'));
const pullDeps = require('pulling-deps');
// Walk the AST to get all the dependencies out
const result = pullDeps.fromAST(acorn(`
import a from "esmdep";
const b = require("cjsdep");
import("dynamicESM");
`));
// Print to console the dependencies, which will have `esmdep`, `cjsdep`, and `dynamicESM`.
console.log(result.dependencies);
grunt build
grunt test
MIT
FAQs
Pull CJS require, AMD define, and ES2015 import JavaScript dependencies
The npm package pulling-deps receives a total of 52 weekly downloads. As such, pulling-deps popularity was classified as not popular.
We found that pulling-deps demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.