False unused alert for local CLI tools/ binaries.

[Zerim]

For example, I am using depcheck in our project in the following manner:

npm install depcheck #installed locally for better developer experience
./node_modules/depcheck/bin/depcheck #saved as npm script in package.json

I'm not sure what the best solution is here. Perhaps not trigger alerts on local binaries that are used by npm scripts, grunt, etc.

[lijunle]

Hi, @Zerim, thanks for reporting issue.

There is a simple detector for CLI command, however, it does not cover all test cases. Could you please more details about your case, which binary is reported as false alert?

[Zerim]

Actually just ran depcheck again on our project and not seeing any of these. I think it may be because I switched from npm 3.x back down to 2.x.

In 3.x since peer dependencies must exist in one flat node_modules folder, I think it's possible to end up with dependencies in your package.json that are actually peer dependencies of a CLI tool or other module. I think a good example of this might be eslint-watch... Look at the difference between their 2.x and 3.x installation instructions as local dependencies. I think with their 3.x installation - if all you ever use in your npm scripts is esw, then eslint would show up as an unused dependency.

[mnkhouri]

I'm doing a little cleanup of older issues, it appears this issue was resolved as of the latest comment. Please feel free to open a new issue if you see something similar to this!