Skip to content

CLI tool to check your npm dependencies against a list of allowed/forbidden packages.

License

Notifications You must be signed in to change notification settings

micromata/check-packages

Repository files navigation

npm version Dependency Status devDependency Status Build Status Coverage

check-packages

CLI tool to check your npm dependencies against a list of allowed/forbidden packages.

Install

To use it in your project:

$ npm install --save-dev check-packages

To use it globally:

$ npm install --global check-packages

It requires Node.js (v6 or higher).

Usage

$ check-packages <checklist.json> [options]

Checklist JSON File

The content of the checklist file must be an array of package names (with optional semver ranges), e.g.:

[
  "react",
  "react-dom",
  "redux@>=1.0.0-rc.0 <1.0.1",
  "react-redux@^2 <2.2 || > 2.3"
]

By default check-packages uses the checklist path packages-whitelist.json (respectively packages-blacklist.json when called with option --blacklist), but you can also call check-packages with a different checklist path as first argument, e.g.:

$ check-packages "./config/whitelisted-dev-dependencies.json" --dev

Options

Option Alias Description
topLevelOnly Checks only direct dependencies listed in the top level package.json (equivalent to depth=0).
Note: You cannot use topLevelOnly together with depth.
depth Max depth of the dependency tree analysis (default: inifity).
Note: You cannot use depth together with topLevelOnly.
blacklist black Interpret content of checklist as blacklist.
development dev Analyze the dependency tree for devDependencies.
production prod Analyze the dependency tree for dependencies.
verbose Lists unallowed dependencies.
exitCode Exit code in case of unallowed dependencies. Default: 1
version v Displays the version number.
help h Displays the help.

Examples

$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist

License

MIT © Christian Kühl

About

CLI tool to check your npm dependencies against a list of allowed/forbidden packages.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •