{"id":21874774,"url":"https://github.com/dpck/static-analysis","last_synced_at":"2025-10-11T15:38:16.343Z","repository":{"id":57370039,"uuid":"169886604","full_name":"dpck/static-analysis","owner":"dpck","description":"Performs Static Analysis On JavaScript Programs To Find Out All Dependencies That Stem From The Given File.","archived":false,"fork":false,"pushed_at":"2020-02-26T13:52:18.000Z","size":311,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-11T15:38:12.618Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://artd.eco","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dpck.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-02-09T16:26:10.000Z","updated_at":"2020-02-26T13:52:21.000Z","dependencies_parsed_at":"2022-09-16T22:51:09.871Z","dependency_job_id":null,"html_url":"https://github.com/dpck/static-analysis","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/dpck/static-analysis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpck%2Fstatic-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpck%2Fstatic-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpck%2Fstatic-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpck%2Fstatic-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dpck","download_url":"https://codeload.github.com/dpck/static-analysis/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dpck%2Fstatic-analysis/sbom","scorecard":{"id":354267,"data":{"date":"2025-08-11","repo":{"name":"github.com/dpck/static-analysis","commit":"33f3eb241778c4f75eb3ebed65b8b04c15686a65"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T09:09:36.907Z","repository_id":57370039,"created_at":"2025-08-18T09:09:36.907Z","updated_at":"2025-08-18T09:09:36.907Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279007599,"owners_count":26084334,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-28T07:13:18.790Z","updated_at":"2025-10-11T15:38:16.327Z","avatar_url":"https://github.com/dpck.png","language":"JavaScript","readme":"# static-analysis\n\n[![npm version](https://badge.fury.io/js/static-analysis.svg)](https://www.npmjs.com/package/static-analysis)\n\n`static-analysis` Performs Static Analysis On JavaScript Programs To Find Out All Dependencies That Stem From The Given File.\n\n```sh\nyarn add static-analysis\n```\n\n## Table Of Contents\n\n- [Table Of Contents](#table-of-contents)\n- [API](#api)\n- [`async staticAnalysis(path, config): !Array\u003c!Detection\u003e`](#async-staticanalysispath-stringarraystringconfig-config-arraydetection)\n  * [`Config`](#type-config)\n  * [`Detection`](#type-detection)\n  * [Ignore Node_Modules](#ignore-node_modules)\n  * [Shallow Node_Modules](#shallow-node_modules)\n  * [Soft Mode](#soft-mode)\n  * [Fields](#fields)\n  * [Multiple Entries](#multiple-entries)\n- [`sort(detected): SortReturn`](#sortdetected-arraydetection-sortreturn)\n  * [`SortReturn`](#type-sortreturn)\n- [License \u0026 Copyright](#license--copyright)\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/0.svg?sanitize=true\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n## API\n\nThe package is available by importing its default function:\n\n```js\nimport staticAnalysis from 'static-analysis'\n```\n\nThe types and [externs](externs.js) for _Google Closure Compiler_ via [**_Depack_**](https://github.com/dpck/depack) are defined in the `_staticAnalysis` namespace.\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/1.svg?sanitize=true\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n## \u003ccode\u003easync \u003cins\u003estaticAnalysis\u003c/ins\u003e(\u003c/code\u003e\u003csub\u003e\u003cbr/\u003e\u0026nbsp;\u0026nbsp;`path: string|!Array\u003cstring\u003e,`\u003cbr/\u003e\u0026nbsp;\u0026nbsp;`config: !Config,`\u003cbr/\u003e\u003c/sub\u003e\u003ccode\u003e): \u003ci\u003e!Array\u003c!Detection\u003e\u003c/i\u003e\u003c/code\u003e\nDetects all dependencies in a file and their dependencies recursively. Returns the array with detections.\n\n - \u003ckbd\u003e\u003cstrong\u003epath*\u003c/strong\u003e\u003c/kbd\u003e \u003cem\u003e\u003ccode\u003e(string \\| !Array\u0026lt;string\u0026gt;)\u003c/code\u003e\u003c/em\u003e: The path to the file in which to detect dependencies.\n - \u003ckbd\u003e\u003cstrong\u003econfig*\u003c/strong\u003e\u003c/kbd\u003e \u003cem\u003e\u003ccode\u003e\u003ca href=\"#type-config\" title=\"The configuration options for `staticAnalysis`.\"\u003e!Config\u003c/a\u003e\u003c/code\u003e\u003c/em\u003e: The configuration options for `staticAnalysis`.\n\nIt is possible to pass multiple paths or a path to the directory which has `index.js` or `index.jsx` files. If the package exports `main` over `module`, the `hasMain` property will be added. This function can be useful to find out all files to pass to the Google Closure Compiler, for example, which is what [_Depack_](https://github.com/dpck/depack) does to bundle frontend code and compile Node.js packages.\n\n- The package does not build an AST, it just looks for `import` and `require` statements using regular expressions. Therefore, there's also no tree-shaking or complete analysis of the real dependencies.\n- If a source is imported like `import fn from '@idio/preact/build/fn`, then the analysis will not contain `@idio/preact` as a `node_module` dependency with the `packageJson`, `name` and `version` fields, it will only appear as an entry file.\n\n__\u003ca name=\"type-config\"\u003e`Config`\u003c/a\u003e__: The configuration options for `staticAnalysis`.\n\u003ctable\u003e\n \u003cthead\u003e\u003ctr\u003e\n  \u003cth\u003eName\u003c/th\u003e\n  \u003cth\u003eType \u0026amp; Description\u003c/th\u003e\n  \u003cth\u003eDefault\u003c/th\u003e\n \u003c/tr\u003e\u003c/thead\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003enodeModules\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003eboolean\u003c/em\u003e\u003c/td\u003e\n  \u003ctd rowSpan=\"3\"\u003e\u003ccode\u003etrue\u003c/code\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\n   Whether to include packages from \u003ccode\u003enode_modules\u003c/code\u003e in the output.\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003eshallow\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003eboolean\u003c/em\u003e\u003c/td\u003e\n  \u003ctd rowSpan=\"3\"\u003e\u003ccode\u003efalse\u003c/code\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\n   Only report on the entries of \u003ccode\u003enode_module\u003c/code\u003e dependencies, without analysing their own dependencies.\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003esoft\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003eboolean\u003c/em\u003e\u003c/td\u003e\n  \u003ctd rowSpan=\"3\"\u003e\u003ccode\u003efalse\u003c/code\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\n   Do not throw an error when the dependency cannot be found in \u003ccode\u003enode_modules\u003c/code\u003e.\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003emergeSameNodeModules\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003eboolean\u003c/em\u003e\u003c/td\u003e\n  \u003ctd rowSpan=\"3\"\u003e\u003ccode\u003etrue\u003c/code\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\n   For situation when inner \u003ccode\u003enode_modules\u003c/code\u003e contain already referenced \u003ccode\u003enode_modules\u003c/code\u003e, this will ensure that only the top-level ones with the same version are matched.\n   For example, there can be \u003ccode\u003enode_modules/a\u003c/code\u003e \u0026amp; \u003ccode\u003enode_modules/b\u003c/code\u003e packages, and the later one can contain \u003ccode\u003enode_modules/b/node_modules/a\u003c/code\u003e of the same version as \u003ccode\u003ea\u003c/code\u003e (e.g., if the structure wasn't flattened by something like \u003ccode\u003eyarn upgrade\u003c/code\u003e). In this case, only the top one is returned.\n  \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003efields\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n  \u003ctd rowSpan=\"3\"\u003e-\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\n   Any additional fields from \u003ccode\u003epackage.json\u003c/code\u003e files to return.\n  \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/table\u003e\n\n_For example, for the given file_:\n```js\nimport read from '@wrote/read'\nimport { resolve } from 'path'\nimport { render } from 'preact'\nimport Fixture from '@idio/preact-fixture/src/Test'\n\nconst Component = require('./Component');\n\n(async () =\u003e {\n  const file = await read(resolve('example'))\n  render(\u003cComponent\u003e\n    {file}\n    \u003cFixture /\u003e\n  \u003c/Component\u003e, document.body)\n})()\n```\n\n_Static Analysis can detect matches using the following script_:\n```js\n/* yarn example/ */\nimport staticAnalysis from 'static-analysis'\n\n(async () =\u003e {\n  const res = await staticAnalysis('example/source.js')\n  console.log(res)\n})()\n```\n```js\n[ { entry: 'node_modules/@wrote/read/src/index.js',\n    packageJson: 'node_modules/@wrote/read/package.json',\n    version: '1.0.4',\n    name: '@wrote/read',\n    from: [ 'example/source.js' ] },\n  { internal: 'path', from: [ 'example/source.js' ] },\n  { entry: 'node_modules/preact/dist/preact.mjs',\n    packageJson: 'node_modules/preact/package.json',\n    version: '8.5.2',\n    name: 'preact',\n    from: [ 'example/source.js' ] },\n  { package: '@idio/preact-fixture',\n    entry: 'node_modules/@idio/preact-fixture/src/Test.jsx',\n    from: [ 'example/source.js' ] },\n  { entry: 'example/Component.jsx',\n    required: true,\n    from: [ 'example/source.js' ] },\n  { internal: 'fs',\n    from: [ 'node_modules/@wrote/read/src/index.js' ] },\n  { entry: 'node_modules/catchment/src/index.js',\n    packageJson: 'node_modules/catchment/package.json',\n    version: '3.3.0',\n    name: 'catchment',\n    from: [ 'node_modules/@wrote/read/src/index.js' ] },\n  { internal: 'stream',\n    from: [ 'node_modules/catchment/src/index.js' ] },\n  { entry: 'node_modules/erotic/src/index.js',\n    packageJson: 'node_modules/erotic/package.json',\n    version: '2.1.1',\n    name: 'erotic',\n    from: [ 'node_modules/catchment/src/index.js' ] },\n  { entry: 'node_modules/@artdeco/clean-stack/src/index.js',\n    packageJson: 'node_modules/@artdeco/clean-stack/package.json',\n    version: '1.1.1',\n    name: '@artdeco/clean-stack',\n    from:\n     [ 'node_modules/catchment/src/index.js',\n       'node_modules/erotic/src/callback.js' ] },\n  { package: 'catchment',\n    entry: 'node_modules/catchment/src/lib/index.js',\n    from: [ 'node_modules/catchment/src/index.js' ] },\n  { package: 'erotic',\n    entry: 'node_modules/erotic/src/lib.js',\n    from:\n     [ 'node_modules/erotic/src/index.js',\n       'node_modules/erotic/src/callback.js' ] },\n  { package: 'erotic',\n    entry: 'node_modules/erotic/src/callback.js',\n    from: [ 'node_modules/erotic/src/index.js' ] },\n  { internal: 'os',\n    from: [ 'node_modules/@artdeco/clean-stack/src/index.js' ] } ]\n```\n\n__\u003ca name=\"type-detection\"\u003e`Detection`\u003c/a\u003e__: The module detection result.\n\n|    Name     |             Type              |                                                               Description                                                               |\n| ----------- | ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |\n| entry       | \u003cem\u003estring\u003c/em\u003e               | The path to the JavaScript file to be required. If an internal Node.js package is required, it's name is found in the `internal` field. |\n| __from*__   | \u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e | The file in which the dependency was found.                                                                                             |\n| packageJson | \u003cem\u003estring\u003c/em\u003e               | The path to the `package.json` file of the dependency if it's a module.                                                                 |\n| name        | \u003cem\u003estring\u003c/em\u003e               | The name of the package.                                                                                                                |\n| version     | \u003cem\u003estring\u003c/em\u003e               | The version of the package.                                                                                                             |\n| internal    | \u003cem\u003estring\u003c/em\u003e               | If it's an internal NodeJS dependency, such as `fs` or `path`, contains its name.                                                       |\n| hasMain     | \u003cem\u003eboolean\u003c/em\u003e              | Whether the entry from the package was specified via the `main` field and not `module` field.                                           |\n| package     | \u003cem\u003estring\u003c/em\u003e               | If the entry is a library file withing a package, this field contains its name. Same as the `name` field for the _main/module_ entries. |\n| required    | \u003cem\u003eboolean\u003c/em\u003e              | Whether the package was required using the `require` statement.                                                                         |\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/2.svg?sanitize=true\" width=\"15\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n### Ignore Node_Modules\n\nIt is possible to ignore `node_modules` folders. In this case, only dependencies that start with `./` or `/` will be included in the output.\n\n```js\nimport staticAnalysis from 'static-analysis'\n\n(async () =\u003e {\n  const res = await staticAnalysis('example/source.js', {\n    nodeModules: false,\n  })\n  console.log(res)\n})()\n```\n```js\n[ { entry: 'example/Component.jsx',\n    required: true,\n    from: [ 'example/source.js' ] } ]\n```\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/3.svg?sanitize=true\" width=\"15\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n### Shallow Node_Modules\n\nTo only report the entry to the dependency from `node_modules` without analysing its dependency, the `shallow` options can be set.\n\n```js\nimport staticAnalysis from 'static-analysis'\n\n(async () =\u003e {\n  const res = await staticAnalysis('example/source.js', {\n    shallow: true,\n  })\n  console.log(res)\n})()\n```\n```js\n[ { entry: 'node_modules/@wrote/read/src/index.js',\n    packageJson: 'node_modules/@wrote/read/package.json',\n    version: '1.0.4',\n    name: '@wrote/read',\n    from: [ 'example/source.js' ] },\n  { internal: 'path', from: [ 'example/source.js' ] },\n  { entry: 'node_modules/preact/dist/preact.mjs',\n    packageJson: 'node_modules/preact/package.json',\n    version: '8.5.2',\n    name: 'preact',\n    from: [ 'example/source.js' ] },\n  { package: '@idio/preact-fixture',\n    entry: 'node_modules/@idio/preact-fixture/src/Test.jsx',\n    from: [ 'example/source.js' ] },\n  { entry: 'example/Component.jsx',\n    required: true,\n    from: [ 'example/source.js' ] } ]\n```\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/4.svg?sanitize=true\" width=\"15\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n### Soft Mode\n\n_Static Analysis_ will try to figure out entry points of package dependencies by looking up their `package.json` in the `node_modules` folder. If it cannot find this file, an error will be throw. To prevent the error, and exclude the module from appearing the results, the `soft` mode can be activated.\n\n_With the following file being analysed:_\n\n```jsx\nimport missing from 'missing'\nimport { render } from 'preact'\n\nrender(\u003cdiv\u003eHello World\u003c/div\u003e)\n```\n\n_The program will throw initially, but will skip the missing dependency in **soft mode**:_\n\n```js\nimport staticAnalysis from 'static-analysis'\n\n(async () =\u003e {\n  try {\n    const res = await staticAnalysis('example/missing-dep')\n    console.log(res)\n  } catch (err) {\n    console.log(err)\n  }\n})()\n\n;(async () =\u003e {\n  const res = await staticAnalysis('example/missing-dep', {\n    soft: true,\n  })\n  console.log('Soft mode on.')\n  console.log(res)\n})()\n```\n```js\nError: example/missing-dep.jsx\n [!] Package.json for module missing not found.\n    at staticAnalysis (src/index.js:12:13)\n    at example/soft.js:5:23\n    at Object.\u003canonymous\u003e (example/soft.js:10:3)\n    at Module.p._compile (node_modules/alamode/compile/depack.js:49:18)\n    at Object.k.(anonymous function).y._extensions.(anonymous function) [as .js] (node_modules/alamode/compile/depack.js:51:7)\nSoft mode on.\n[ { entry: 'node_modules/preact/dist/preact.mjs',\n    packageJson: 'node_modules/preact/package.json',\n    version: '8.5.2',\n    name: 'preact',\n    from: [ 'example/missing-dep.jsx' ] } ]\n```\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/5.svg?sanitize=true\" width=\"25\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n### Fields\n\nTo make _Static Analysis_ return any additional fields from _package.json_ files on detected dependencies, they should be specified in the `fields` config property.\n\n```js\nimport staticAnalysis from 'static-analysis'\n\n(async () =\u003e {\n  const res = await staticAnalysis('example/source', {\n    fields: ['license', 'homepage'],\n    shallow: true,\n  })\n  console.log(res)\n})()\n```\n```js\n[ { entry: 'node_modules/@wrote/read/src/index.js',\n    packageJson: 'node_modules/@wrote/read/package.json',\n    version: '1.0.4',\n    name: '@wrote/read',\n    license: 'MIT',\n    homepage: 'https://github.com/wrote/read#readme',\n    from: [ 'example/source.js' ] },\n  { internal: 'path', from: [ 'example/source.js' ] },\n  { entry: 'node_modules/preact/dist/preact.mjs',\n    packageJson: 'node_modules/preact/package.json',\n    version: '8.5.2',\n    name: 'preact',\n    license: 'MIT',\n    homepage: 'https://github.com/developit/preact',\n    from: [ 'example/source.js' ] },\n  { package: '@idio/preact-fixture',\n    entry: 'node_modules/@idio/preact-fixture/src/Test.jsx',\n    from: [ 'example/source.js' ] },\n  { entry: 'example/Component.jsx',\n    required: true,\n    from: [ 'example/source.js' ] } ]\n```\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/6.svg?sanitize=true\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n### Multiple Entries\n\nIt's possible to scan multiple files at ones, taking advantage of intermediate caching of results (i.e., after a file has been read ones, it won't be read again, but its `from` field will contain all files that required it).\n\n```js\nconst res = await staticAnalysis([\n  'test/fixture/multiple/a.js',\n  'test/fixture/multiple/b.js',\n])\nconsole.log(res)\n```\n```js\n[ { entry: 'test/fixture/multiple/index.js',\n    from:\n     [ 'test/fixture/multiple/a.js', 'test/fixture/multiple/b.js' ] },\n  { entry: 'node_modules/preact/dist/preact.mjs',\n    packageJson: 'node_modules/preact/package.json',\n    version: '8.5.2',\n    name: 'preact',\n    from: [ 'test/fixture/multiple/a.js' ] } ]\n```\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/7.svg?sanitize=true\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n## \u003ccode\u003e\u003cins\u003esort\u003c/ins\u003e(\u003c/code\u003e\u003csub\u003e\u003cbr/\u003e\u0026nbsp;\u0026nbsp;`detected: !Array\u003c!Detection\u003e,`\u003cbr/\u003e\u003c/sub\u003e\u003ccode\u003e): \u003ci\u003eSortReturn\u003c/i\u003e\u003c/code\u003e\nSorts the detected dependencies into commonJS modules, packageJsons and internals.\n\n - \u003ckbd\u003e\u003cstrong\u003edetected*\u003c/strong\u003e\u003c/kbd\u003e \u003cem\u003e\u003ccode\u003e!Array\u0026lt;\u003ca href=\"#type-detection\" title=\"The module detection result.\"\u003e!Detection\u003c/a\u003e\u0026gt;\u003c/code\u003e\u003c/em\u003e: The detected matches.\n\n__\u003ca name=\"type-sortreturn\"\u003e`SortReturn`\u003c/a\u003e__: The return of the sort function.\n\u003ctable\u003e\n \u003cthead\u003e\u003ctr\u003e\n  \u003cth\u003eName\u003c/th\u003e\n  \u003cth\u003eType \u0026amp; Description\u003c/th\u003e\n \u003c/tr\u003e\u003c/thead\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003e\u003cstrong\u003epackageJsons*\u003c/strong\u003e\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003e\u003cstrong\u003ecommonJsPackageJsons*\u003c/strong\u003e\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003e\u003cstrong\u003ecommonJs*\u003c/strong\u003e\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003e\u003cstrong\u003ejs*\u003c/strong\u003e\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003e\u003cstrong\u003einternals*\u003c/strong\u003e\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd rowSpan=\"3\" align=\"center\"\u003e\u003cstrong\u003edeps*\u003c/strong\u003e\u003c/td\u003e\n  \u003ctd\u003e\u003cem\u003e!Array\u0026lt;string\u0026gt;\u003c/em\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\u003c/tr\u003e\n \u003ctr\u003e\n  \u003ctd\u003e\u003c/td\u003e\n \u003c/tr\u003e\n\u003c/table\u003e\n\n```js\nimport staticAnalysis, { sort } from 'static-analysis'\n\n(async () =\u003e {\n  const d = await staticAnalysis('example/source.js')\n  const sorted = sort(d)\n  console.log(sorted)\n})()\n```\n```js\n{ commonJsPackageJsons: [],\n  packageJsons:\n   [ 'node_modules/@wrote/read/package.json',\n     'node_modules/preact/package.json',\n     'node_modules/catchment/package.json',\n     'node_modules/erotic/package.json',\n     'node_modules/@artdeco/clean-stack/package.json' ],\n  commonJs: [],\n  js:\n   [ 'node_modules/@wrote/read/src/index.js',\n     'node_modules/preact/dist/preact.mjs',\n     'node_modules/@idio/preact-fixture/src/Test.jsx',\n     'example/Component.jsx',\n     'node_modules/catchment/src/index.js',\n     'node_modules/erotic/src/index.js',\n     'node_modules/@artdeco/clean-stack/src/index.js',\n     'node_modules/catchment/src/lib/index.js',\n     'node_modules/erotic/src/lib.js',\n     'node_modules/erotic/src/callback.js' ],\n  internals: [ 'path', 'fs', 'stream', 'os' ],\n  deps:\n   [ '@wrote/read',\n     'preact',\n     'catchment',\n     'erotic',\n     '@artdeco/clean-stack' ] }\n```\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/8.svg?sanitize=true\"\u003e\n\u003c/a\u003e\u003c/p\u003e\n\n## License \u0026 Copyright\n\n```\nDual licensed under Affero GPL and a commercial license.\n\n- Within the UK: no commercial use is allowed until the\n  organisation signs up at\n  https://www.technation.sucks/license/.\n- Across the globe: Affero GPL. No companies affiliated\n  with Tech Nation in any way (e.g., participation in\n  their programs, being part of their network, hiring\n  their directors), are allowed to use the software\n  unless they sign up.\n\n(c) 2019 Art Deco Code Limited\n\nThe COPYING file contains the full text of the public license.\n```\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003e\n      \u003ca href=\"https://artd.eco\"\u003e\n        \u003cimg width=\"100\" src=\"https://raw.githubusercontent.com/wrote/wrote/master/images/artdeco.png\"\n          alt=\"Art Deco\"\u003e\n      \u003c/a\u003e\n    \u003c/th\u003e\n    \u003cth\u003e© \u003ca href=\"https://artd.eco\"\u003eArt Deco\u003c/a\u003e for \u003ca href=\"https://artd.eco/depack\"\u003eDepack\u003c/a\u003e 2019\u003c/th\u003e\n    \u003cth\u003e\n      \u003ca href=\"https://www.technation.sucks\" title=\"Tech Nation Visa\"\u003e\n        \u003cimg width=\"100\" src=\"https://raw.githubusercontent.com/idiocc/cookies/master/wiki/arch4.jpg\"\n          alt=\"Tech Nation Visa\"\u003e\n      \u003c/a\u003e\n    \u003c/th\u003e\n    \u003cth\u003e\u003ca href=\"https://www.technation.sucks\"\u003eTech Nation Visa Sucks\u003c/a\u003e\u003c/th\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n\u003cp align=\"center\"\u003e\u003ca href=\"#table-of-contents\"\u003e\n  \u003cimg src=\"/.documentary/section-breaks/-1.svg?sanitize=true\"\u003e\n\u003c/a\u003e\u003c/p\u003e","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdpck%2Fstatic-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdpck%2Fstatic-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdpck%2Fstatic-analysis/lists"}