snyk-resolve-deps
Advanced tools
Resolves a node package tree with combined support for both npm@2 and npm@3.
This package will create a virtual tree representation of a node package's dependencies, supporting both npm@2 and npm@3 directory structures.
Note that the output differs from the npm ls output in that deduped packages are resolved to their owners.
var resolveDeps = require('snyk-resolve-deps');
var asTree = require('snyk-tree');
var options = { dev: true };
resolveDeps(process.cwd(), options).then(function (tree) {
console.log(asTree(tree));
}).catch(function (error) {
// error is usually limited to unknown directory
console.log(error.stack);
process.exit(1);
});
false] report only development optionsundefined] extract extra fields from dependencies' package.json files. example: ['files']Note that the installed module name differs from the CLI tool (no -deps on the end).
$ npm install -g snyk-resolve-deps
$ snyk-resolve path-to-node-project
The CLI also supports the --dev (or -d) flag to include dev dependencies and an optional --json to show the output as JSON instead of the ascii tree.
To fully support npm@2 and npm@3 two passes of the tree are required:
The module will start by reading the package.json from the target directory, capture the metadata and then read through each recursive node_modules directory.
This creates the physicalTree object. In npm@3 this will usually yield an object with the root metadata (name, version, etc) and then a dependencies object that contains every dependency across the entire code base. This is not the true representation of the package relationships so we need to make the second pass.
There are also edge cases that need to be handled, particularly when a dev or prod dependency hasn't been loaded into the physical tree because it has been missed. This can be either because the package is missing from the project, or (more likely) because the dependencies is much higher up and outside of the original directory that was scanned. So a second check is run to find those missing modules, using the snyk-resolve module.
Note: code found in lib/deps.js
The next pass uses the physicalTree as the starting point, but uses the dependencies and devDependencies properties from the package.json metadata. It will iterate through the dependencies and resolve the correct dependency package from the physical tree based on similar methods that the require module loading system will use (this is in lib/pluck.js).
Finally, once the virtual tree is constructed, a pass is made to check for unused packages from the original physicalTree, which are marked as extraneous: true, and if the optional dev flag is false, all devDependencies are stripped.
Note: code found in lib/logical.js
FAQs
Resolves a node package tree with combined support for both npm@2 and npm@3.
The npm package snyk-resolve-deps receives a total of 13,042 weekly downloads. As such, snyk-resolve-deps popularity was classified as popular.
We found that snyk-resolve-deps demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.