UNPKG

dependency-insight

Version:

A CLI tool to audit and analyze your project's dependencies.

github.com/s000ik/dependency-insight

s000ik/dependency-insight

269 lines (195 loc) 7.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
# Dependency Insight CLI Tool ![dep-insight](https://satwiks-media.s3.ap-south-1.amazonaws.com/dep-insight.png) ## Overview `dependency-insight` is a tiny, powerful, and user-friendly command-line tool designed to help you audit, analyze, and manage your project's dependencies. It provides a wide range of features to ensure that your project uses the most up-to-date, secure, and efficient libraries. ## Installation You can install `dependency-insight` globally via npm: ```bash npm install -g dependency-insight ``` Alternatively, you can install it locally in your project: ```bash npm install --save-dev dependency-insight ``` Or simply npm i (but you may have to use npx before dep-insight) ```bash npm install dependency-insight #use npx ``` --- ## Features ### 1. **Audit Dependencies** - **Command**: `dep-insight audit` - **Description**: Audits your project's dependencies for known vulnerabilities and displays the severity of each. - **Output**: ``` Auditing dependencies for vulnerabilities... Summary: Low: 1, Moderate: 0, High: 0, Critical: 0 Recommended actions: Run 'npm audit fix' to automatically fix fixable vulnerabilities Run 'npm audit fix --force' to force fixes (may include breaking changes) ``` ### 2. **Check Outdated Dependencies** - **Command**: `dep-insight outdated` - **Description**: Identifies outdated dependencies and checks for newer versions. - **Output**: ``` Checking for outdated dependencies... Outdated dependencies: Current Latest (Suggested) lodash: 4.17.15 4.18.0 (4.17.19) react: 16.8.0 17.0.4 (17.0.2) ``` ### 3. **Prune Unused Dependencies** - **Command**: `dep-insight prune` - **Description**: Detects unused dependencies and helps keep your project lean. - **Output**: ``` Checking for unused dependencies... Unused dependencies found: - unused-package - another-unused-package (dev) Would you like to uninstall unused dependencies? (y/n) ``` ### 4. **Visualize Dependency Tree** - **Command**: `dep-insight tree` - **Description**: Visualizes the complete dependency tree of your project. - **Output**: ``` Visualizing dependency tree... my-project@1.0.0 ├─ lodash@4.17.19 ├─ react@17.0.0 └─ axios@0.21.1 └─ lodash@4.17.19 ``` ### 5. **Suggest Lightweight Alternatives** - **Command**: `dep-insight suggest` - **Description**: Suggests lightweight alternatives for heavy dependencies. - **Output**: ``` Suggesting lightweight alternatives... Consider using date-fns instead of moment Consider using dayjs instead of luxon ``` ### 6. **Analyze Bundle Size** - **Command**: `dep-insight size` - **Description**: Analyzes the size of your project's dependencies and provides a summary. - **Output**: ``` Analyzing dependency sizes... lodash 2.50 MB react 25.30 MB axios 15.12 MB Total packages: 3 Total size: 42.92 MB ``` ### 7. **Check Project Health** - **Command**: `dep-insight health` - **Description**: Checks the health of your dependencies by reviewing download statistics, GitHub activity, and more. - **Output**: ``` Checking dependency health... lodash @4.17.19 Monthly downloads: 1,000,000 GitHub stars: 10,000 Open issues: 50 Last updated: 01/12/2024 ``` ### 8. **Interactive Update for Dependencies** - **Command**: `dep-insight update` - **Description**: Allows you to interactively update outdated dependencies in your project. - **Output**: ``` Updating dependencies... Installing lodash@4.18.0... Installing react@17.0.2... Successfully updated 2 package(s) ``` ### 9. **Clear npm Cache** - **Command**: `dep-insight clear-cache` - **Description**: Clears the npm cache completely after confirming with the user. - **Output**: ``` Warning: This will clear your npm cache completely. Are you sure you want to clear the npm cache? (y/n) Clearing npm cache... Successfully cleared npm cache ``` ### 10. **Default/Help Command** - **Command**: No command or `dep-insight help` - **Description**: Displays the available commands and their descriptions when no command is provided or the help flag is used. - **Output**: ``` Dependency Insight CLI Usage: audit - Audit dependencies for vulnerabilities outdated - Check for outdated dependencies prune - Check for unused dependencies tree - Visualize dependency tree suggest - Suggest lightweight alternatives for heavy dependencies size - Analyze bundle size health - Check project health update - Interactive update for dependencies clear-cache - Clear npm cache ``` --- ## Usage After installation, you can run the tool from the command line by typing `dep-insight` followed by the desired command. For example: - To audit dependencies: ```bash dep-insight audit ``` - To check for outdated dependencies: ```bash dep-insight outdated ``` For a full list of commands, use the help command: ```bash dep-insight help ``` --- ## Example Output When you run the `dep-insight audit` command, it will analyze your dependencies for security vulnerabilities and output a summary: ```bash Auditing dependencies for vulnerabilities... Low: 2, Moderate: 1, High: 3, Critical: 0 ``` When you run `dep-insight outdated`, it will show any outdated dependencies: ```bash Outdated dependencies: express: 4.16.3 4.18.2 (4.18.2) ``` ### Interactive Update When you run the `dep-insight update` command, you will be presented with a list of outdated dependencies and can choose which ones to update interactively: ```bash dep-insight update Select dependencies to update: [x] express: 4.16.3 4.18.2 ``` ### Health Check The `dep-insight health` command checks the health of each dependency, showing you GitHub statistics and download information: ```bash Checking dependency health... ────────────────────────────────────────────────── express @4.16.3 Monthly downloads: 5,000,000 GitHub stars: 12,345 Open issues: 25 Last updated: 15/12/2023 ────────────────────────────────────────────────── ``` --- ## Dependencies This tool uses the following libraries: - `chalk`: For colorful and easy-to-read outputs in the terminal. - `depcheck`: For identifying unused dependencies in your project. - `inquirer`: For prompting users during interactive commands. - `filesize`: For displaying file sizes in human-readable formats. --- ## Contributing Feel free to fork this project, submit issues, or create pull requests. Contributions are welcome! --- ## License This project is licensed under the **MIT** License. See the [LICENSE](LICENSE) file for more information. --- **Note:** GitHub API is rate-limited to 60 requests per hour for unauthenticated requests, which may affect the `health` command.