{"id":51119033,"url":"https://github.com/sulthonzh/dep-drift","last_synced_at":"2026-06-25T00:30:39.016Z","repository":{"id":365103810,"uuid":"1268078036","full_name":"sulthonzh/dep-drift","owner":"sulthonzh","description":"Detect dependency drift between package.json ranges and installed versions. Zero deps.","archived":false,"fork":false,"pushed_at":"2026-06-15T21:27:30.000Z","size":7,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-15T23:14:30.939Z","etag":null,"topics":["audit","dependencies","drift","lockfile","npm","package-json","yarn"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sulthonzh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-13T05:49:27.000Z","updated_at":"2026-06-15T21:18:05.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sulthonzh/dep-drift","commit_stats":null,"previous_names":["sulthonzh/dep-drift"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/sulthonzh/dep-drift","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sulthonzh%2Fdep-drift","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sulthonzh%2Fdep-drift/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sulthonzh%2Fdep-drift/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sulthonzh%2Fdep-drift/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sulthonzh","download_url":"https://codeload.github.com/sulthonzh/dep-drift/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sulthonzh%2Fdep-drift/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34755061,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-24T02:00:07.484Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","dependencies","drift","lockfile","npm","package-json","yarn"],"created_at":"2026-06-25T00:30:38.950Z","updated_at":"2026-06-25T00:30:39.009Z","avatar_url":"https://github.com/sulthonzh.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dep-drift\n\nDetect dependency drift between `package.json` ranges and actually installed versions.\n\nEver run `npm install` and wonder if your `node_modules` is still in sync with what `package.json` says? This tool tells you.\n\n## Why?\n\n- `npm ls` shows you the tree, but doesn't clearly flag **drift** — packages that are installed at versions outside your declared range\n- CI pipelines break silently when local `node_modules` drifts from `package.json`\n- Lockfile conflicts can leave you with unexpected versions\n- You want a quick health check, not a full audit\n\n## Install\n\n```bash\nnpm install -g dep-drift\n# or use without installing\nnpx dep-drift\n```\n\n## Usage\n\n```bash\n# Full report in current directory\ndep-drift\n\n# Only show problems (great for CI)\ndep-drift --drift-only\n\n# JSON output for scripts\ndep-drift --json\n\n# Check a different project\ndep-drift --dir ../other-project\n\n# Only check production deps\ndep-drift --deps-only\n\n# Quiet mode — hide in-range deps\ndep-drift --quiet\n```\n\n## Output\n\n```\n  dep-drift report\n\n  Total deps:    24\n  In range:      20\n  Out of range:  2\n  Not installed: 2\n\n  Drifted / Out of range:\n    🟠 lodash 4.18.0 (wanted ^4.17.0) — high [dependencies]\n    🟡 jest 29.7.0 (wanted ^29.0.0) — medium [devDependencies]\n\n  Missing:\n    ❌ axios (wanted ^1.6.0) [dependencies]\n    ❌ typescript (wanted ^5.3.0) [devDependencies]\n```\n\n### Drift Levels\n\n| Icon | Level | Meaning |\n|------|-------|---------|\n| 🟢 | low | Minor patch drift, probably fine |\n| 🟡 | medium | 3-5 versions ahead, worth checking |\n| 🟠 | high | 6+ versions ahead, investigate |\n| 🔴 | major | Different major version, likely breaking |\n| ❌ | missing | Not installed at all |\n\n## Programmatic API\n\n```js\nconst { analyzeDeps, jsonReport } = require('dep-drift');\n\nconst results = analyzeDeps(pkgJson, './node_modules', {\n  depTypes: ['dependencies', 'devDependencies']\n});\n\nconst report = jsonReport(results);\nconsole.log(`${report.outOfRange} packages out of range`);\n```\n\n### API\n\n- `analyzeDeps(pkgJson, nodeModulesDir, opts)` — returns array of dep results\n- `jsonReport(results)` — structured report object\n- `textReport(results, opts)` — prints text report to stdout\n- `satisfiesRange(version, range)` — check if version satisfies a semver range\n- `cmpVersions(a, b)` — compare two versions\n- `parseVersion(v)` — parse version string to `{major, minor, patch}`\n\n## CI Integration\n\n```yaml\n# GitHub Actions\n- name: Check dependency drift\n  run: npx dep-drift --drift-only\n```\n\nExit code is `1` if any packages are out of range or missing, `0` if everything is clean.\n\n## Features\n\n- **Zero dependencies** — no supply chain risk\n- **All major range types** — caret, tilde, exact, comparators, x-ranges, hyphens, or-ranges\n- **Drift severity** — not just \"in/out\" but how far\n- **JSON output** — pipe into jq, scripts, dashboards\n- **CI ready** — non-zero exit on drift, `--drift-only` for clean reports\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsulthonzh%2Fdep-drift","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsulthonzh%2Fdep-drift","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsulthonzh%2Fdep-drift/lists"}