UNPKG

check-packages

Version:

CLI tool to check your npm dependencies against a list of allowed/forbidden packages.

github.com/micromata/check-packages

micromata/check-packages

78 lines (60 loc) 4.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
[![npm version](https://img.shields.io/npm/v/check-packages.svg?style=flat)](https://www.npmjs.org/package/check-packages) [![Dependency Status](https://david-dm.org/micromata/check-packages.svg)](https://david-dm.org/micromata/check-packages) [![devDependency Status](https://david-dm.org/micromata/check-packages/dev-status.svg)](https://david-dm.org/micromata/check-packages#info=devDependencies) [![Build Status](https://travis-ci.org/micromata/check-packages.svg?branch=master)](https://travis-ci.org/micromata/check-packages) [![Coverage](https://coveralls.io/repos/github/micromata/check-packages/badge.svg?branch=master)](https://coveralls.io/github/micromata/check-packages?branch=master) # check-packages > CLI tool to check your npm dependencies against a list of allowed/forbidden packages. ## Install To use it in your project: ```shell $ npm install --save-dev check-packages ``` To use it globally: ```shell $ npm install --global check-packages ``` *It requires Node.js (v6 or higher).* ## Usage ```shell $ check-packages <checklist.json> [options] ``` ### Checklist JSON File The content of the checklist file must be an array of package names (with optional [semver ranges](https://semver.npmjs.com/)), e.g.: ```json [ "react", "react-dom", "redux@>=1.0.0-rc.0 <1.0.1", "react-redux@^2 <2.2 || > 2.3" ] ``` By default `check-packages` uses the checklist path `packages-whitelist.json` (respectively `packages-blacklist.json` when called with option `--blacklist`), but you can also call `check-packages` with a different checklist path as first argument, e.g.: ```shell $ check-packages "./config/whitelisted-dev-dependencies.json" --dev ``` ### Options | Option | Alias | Description | |----------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `topLevelOnly` | | Checks only direct dependencies listed in the top level package.json (equivalent to `depth=0`).<br />Note: You cannot use `topLevelOnly` together with `depth`. | | `depth` | | Max depth of the dependency tree analysis (default: inifity).<br />Note: You cannot use `depth` together with `topLevelOnly`. | | `blacklist` | `black` | Interpret content of checklist as blacklist. | | `development` | `dev` | Analyze the dependency tree for devDependencies. | | `production` | `prod` | Analyze the dependency tree for dependencies. | | `verbose` | | Lists unallowed dependencies. | | `exitCode` | | Exit code in case of unallowed dependencies. Default: 1 | | `version` | `v` | Displays the version number. | | `help` | `h` | Displays the help. | ### Examples ```shell $ check-packages $ check-packages --blacklist $ check-packages my-whitelist.json --dev --depth=10 $ check-packages my-whitelist.json --dev --topLevelOnly --verbose $ check-packages my-blacklist.json --prod --blacklist ``` ## License MIT © [Christian Kühl](https://micromata.de)