Skip to content

sulthonzh/codechurn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
codechurn
codechurn
 
 
depwalk
depwalk
 
 
dist
dist
 
 
src
src
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.js
build.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

depwalk

Why is this package in my node_modules?

depwalk traces dependency paths — it tells you exactly how a package ended up in your node_modules. No more guessing which of your 200+ transitive dependencies pulled in that mystery package.

Features

  • 🔍 Trace dependency paths: See the exact chain from your package.json to any package
  • 📊 Explain dependencies: Find out which packages depend on a specific package
  • 📈 Package size analysis: Visual breakdown of your node_modules
  • 🔒 Security awareness: Detect potentially problematic dependencies
  • 📋 CI/CD integration: JSON output for automation pipelines
  • 📝 Multiple output formats: Human-friendly, JSON, and Markdown

Install

npm install -g depwalk

Usage

Trace a dependency path

depwalk body-parser

Output:

Dependency paths to body-parser:

  Root (dependencies)
  └─┬ express@4.18.2
    └── body-parser@1.20.2

Found 1 path

Why does this transitive dependency exist?

depwalk content-type

Shows you the full chain: your package → express → body-parser → content-type.

Who depends on this package?

depwalk explain lodash
lodash@4.17.21
3 dependants

  express@4.18.2 (dependencies) requires ^4.17.0
  webpack@5.89.0 (dependencies) requires ^4.17.21
  (root)@1.0.0 (dependencies) requires ^4.17.0

List all packages

depwalk list

Size breakdown

depwalk size

Shows the biggest packages in your node_modules with a visual bar chart.

Output formats

depwalk express --json       # JSON for scripting/CI
depwalk express --markdown   # Markdown for docs

Commands

Command Description
depwalk <pkg> Trace why a package exists
depwalk why <pkg> Same as above
depwalk explain <pkg> Who depends on this package
depwalk list List all packages in node_modules
depwalk size Package size breakdown
depwalk audit Security audit for dependencies
depwalk duplicates Find duplicate dependencies

Programmatic API

const { buildGraph, tracePaths, explain, listPackages } = require('depwalk');

const graph = buildGraph(process.cwd());
const { paths } = tracePaths(graph, process.cwd(), 'lodash');
console.log(paths);

How it works

  1. Reads your package.json to find direct dependencies
  2. Walks node_modules to build a complete dependency graph
  3. Resolves packages using Node's actual resolution algorithm (walk up directories)
  4. BFS from each direct dependency to find paths to your target

Handles scoped packages (@jest/core), nested node_modules, peer/dev/optional dependencies, and the flat hoisting that npm/yarn/pnpm use.

Zero dependencies

No runtime dependencies. Just Node.js >= 14.

License

MIT

About

Measure if your AI-written code actually lasts — or gets rewritten

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages