Skip to content
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
Branch: master
Clone or download
Latest commit 6cbe9d3 Jan 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib
.editorconfig
.eslintrc.json
.gitignore
.travis.yml
LICENSE
README.md
cli.js
jest-setup.js
package-lock.json
package.json

README.md

npm version Dependency Status devDependency Status Build Status Coverage

check-packages

CLI tool to check your npm dependencies against a list of allowed/forbidden packages.

Install

To use it in your project:

$ npm install --save-dev check-packages

To use it globally:

$ npm install --global check-packages

It requires Node.js (v6 or higher).

Usage

$ check-packages <checklist.json> [options]

Checklist JSON File

The content of the checklist file must be an array of package names (with optional semver ranges), e.g.:

[
  "react",
  "react-dom",
  "redux@>=1.0.0-rc.0 <1.0.1",
  "react-redux@^2 <2.2 || > 2.3"
]

By default check-packages uses the checklist path packages-whitelist.json (respectively packages-blacklist.json when called with option --blacklist), but you can also call check-packages with a different checklist path as first argument, e.g.:

$ check-packages "./config/whitelisted-dev-dependencies.json" --dev

Options

Option Alias Description
topLevelOnly Checks only direct dependencies listed in the top level package.json (equivalent to depth=0).
Note: You cannot use topLevelOnly together with depth.
depth Max depth of the dependency tree analysis (default: inifity).
Note: You cannot use depth together with topLevelOnly.
blacklist black Interpret content of checklist as blacklist.
development dev Analyze the dependency tree for devDependencies.
production prod Analyze the dependency tree for dependencies.
verbose Lists unallowed dependencies.
version v Displays the version number.
help h Displays the help.

Examples

$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist

License

MIT © Christian Kühl

You can’t perform that action at this time.