		@@ -14,5 +14,4 @@ module.exports = loadModules;
		// FIXME only supports dependancies & dev deps not opt-deps
		function loadModules(root) {
		var options = { dev: true };
		return loadModulesInternal(root, null, options).then(function (tree) {
		function loadModules(root, depType) {
		return loadModulesInternal(root, depType \|\| null).then(function (tree) {
		// ensure there's no missing packages our known root deps
		@@ -24,3 +23,5 @@ var missing = [];
		missing.push(resolve(name, root).then(function (dir) {
		return loadModulesInternal(dir, depTypes.PROD, options);
		return loadModulesInternal(dir, depTypes.PROD, {
		__from: [tree.name, name],
		});
		}).catch(function (e) {
		@@ -53,3 +54,3 @@ if (e.code === 'NO_PACKAGE_FOUND') {

		function loadModulesInternal(root, rootDepType, options, parent) {
		function loadModulesInternal(root, rootDepType, parent) {
		if (!rootDepType) {
		@@ -96,12 +97,2 @@ rootDepType = depTypes.EXTRANEOUS;

		// only read the dev deps on the first pass, don't go any further (which is
		// why we set `options.dev = false`), and we merge them into the
		// pkg.dependencies property.
		if (options.dev) {
		// _.merge(modules.__dependencies, pkg.devDependencies \|\| {});
		}

		options.dev = false;


		// 2. check actual installed deps
		@@ -199,3 +190,3 @@ return fs.readdir(path.resolve(root, 'node_modules')).then(function (dirs) {
		var dir = path.resolve(root, 'node_modules', dep);
		return loadModulesInternal(dir, depType, options, pkg);
		return loadModulesInternal(dir, depType, pkg);
		});
		@@ -202,0 +193,0 @@

lib/logical.js

		@@ -48,3 +48,2 @@ module.exports = logicalTree;
		if (!options.dev && dep.depType === depTypes.DEV) {
		// console.log('deleting %s', name);
		// since dev deps are only ever on the root, we know we can remove it
		@@ -58,5 +57,5 @@ // directly from the logicalRoot.dependencies
		dep.extraneous = true;
		dep.version += ' ' + dep.dep;
		dep.depType = depTypes.EXTRANEOUS;
		var issue = ext + ': ' + dep.__from.join(' > ') + ' > ' + dep.full;
		var issue = ext + ': ' + (dep.__from \|\| []).join(' > ') +
		' > ' + dep.full;
		dep.problems = [issue];
		@@ -71,3 +70,3 @@ problem(logicalRoot, issue);
		function insertLeaf(tree, leaf) {
		var path = leaf.__from.slice(1, -1); // remove the root of the path
		var path = (leaf.__from \|\| []).slice(1, -1); // remove the root of the path
		var entry = tree.dependencies;
		@@ -74,0 +73,0 @@ for (var i = 0; i < path.length; i++) {

lib/pluck.js

		@@ -6,4 +6,4 @@ module.exports = pluck;

		function pluck(root, path, name, version) {
		debug('plucking %s@%s', name, version);
		function pluck(root, path, name, range) {
		debug('plucking %s@%s', name, range);

		@@ -23,11 +23,19 @@ // Cycle through the tree path via the root tree object ala node require.

		if (leaf.dependencies && leaf.dependencies[name]) {
		debug('pluck match on name...checking version: %s ~= %s',
		leaf.dependencies[name].version, version);
		var dep = getDependency(leaf, name);

		if (dep) {
		var version = dep.version;
		debug('pluck match on name...checking version: %s ~= %s', version, range);
		// make sure it matches our range
		if (semver.satisfies(leaf.dependencies[name].version, version) \|\|
		// OR the version could be a github url, which is basically: * range
		(!semver.valid(version) && version.indexOf('/') !== -1)) {
		var semverMatch = semver.validRange(range) &&
		semver.valid(version) &&
		semver.satisfies(version, range);

		var externalPackage = !semver.validRange(version) &&
		version.indexOf(':/') !== -1;

		if (semverMatch \|\| externalPackage) {
		debug('pluck match');
		return leaf.dependencies[name];
		dep.dep = range;
		return dep;
		}
		@@ -40,2 +48,9 @@ }

		function getDependency(leaf, name) {
		if (!leaf \|\| !leaf.dependencies) {
		return null;
		}
		return leaf.dependencies[name] \|\| null;
		}

		function findDependencyLeaf(acc, curr) {
		@@ -42,0 +57,0 @@ if (acc.dependencies[curr]) {

package.json

		@@ -23,3 +23,3 @@ {
		"semantic-release": "^4.3.5",
		"snyk-resolve-deps-fixtures": "^1.1.0",
		"snyk-resolve-deps-fixtures": "1.1.1",
		"tap": "^5.1.1",
		@@ -45,3 +45,3 @@ "tap-only": "0.0.5",
		},
		"version": "1.0.1"
		"version": "1.0.2"
		}

README.md

		@@ -1,7 +0,58 @@
		# snyk-resolve
		# snyk-resolve-deps

		Resolves a node package tree with combined support for both npm@2 and npm@3.
		This package will create a virtual tree representation of a node package's dependencies, supporting both npm@2 and npm@3 directory structures.

		## Usage
		Note that the output differs from the `npm ls` output in that deduped packages are resolved to their owners.

		...
		## Programatical usage

		```js
		var resolveDeps = require('snyn-resolve-deps');
		var asTree = require('@remy/npm-tree');

		resolveDeps(process.cwd(), { dev: true }).then(function (tree) {
		console.log(asTree(tree));
		}).catch(function (error) {
		// error is usually limited to unknown directory
		console.log(error.stack);
		process.exit(1);
		});
		```

		## CLI usage

		Note that the installed module name differs from the CLI tool (no `-deps` on the end).

		```bash
		$ npm install -g snyk-resolve-deps
		$ snyk-resolve path-to-node-project
		```

		The CLI also supports the `--dev` (or `-d`) flag to include dev dependencies and an optional `--json` to show the output as JSON instead of the ascii tree.

		## How it works

		To fully support npm@2 and npm@3 two passes of the tree are required:

		### 1. The physical pass on the directory structure

		The module will start by reading the `package.json` from the target directory, capture the metadata and then read through each recursive `node_modules` directory.

		This creates the `physicalTree` object. In npm@3 this will usually yield an object with the root metadata (name, version, etc) and then a `dependencies` object that contains every dependency across the entire code base. This is not the true representation of the package relationships so we need to make the second pass.

		There are also edge cases that need to be handled, particularly when a dev or prod dependency hasn't been loaded into the physical tree because it has been missed. This can be either because the package is missing from the project, or (more likely) because the dependencies is much higher up and outside of the original directory that was scanned. So a second check is run to find those missing modules, using the [snyk-resolve](https://www.npmjs.com/package/snyk-resolve) module.

		Note: code found in `lib/deps.js`

		### 2. The virtual pass using package metadata

		The next pass uses the `physicalTree` as the starting point, but uses the `dependencies` and `devDependencies` properties from the `package.json` metadata. It will iterate through the dependencies and resolve the correct dependency package from the physical tree based on similar methods that the `require` module loading system will use (this is in `lib/pluck.js`).

		Finally, once the virtual tree is constructed, a pass is made to check for unused packages from the original `physicalTree`, which are marked as `extraneous: true`, and if the optional `dev` flag is `false`, all `devDependencies` are stripped.

		Note: code found in `lib/logical.js`

		## Misc

		* [CONTRIBUTING.md](CONTRIBUTING.md)
		* [License: Apache License, Version 2.0](LICENSE)

.nyc_output/2525.json

.nyc_output/2531.json

.nyc_output/2541.json

.nyc_output/2551.json

.nyc_output/2559.json

.nyc_output/2569.json

.nyc_output/2575.json

.nyc_output/2585.json

snyk-resolve-deps - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics