{"id":14971403,"url":"https://github.com/thomas-darling/gulp-dependents","last_synced_at":"2025-09-09T18:11:21.338Z","repository":{"id":40830552,"uuid":"50063856","full_name":"thomas-darling/gulp-dependents","owner":"thomas-darling","description":"Gulp plugin that tracks dependencies between files and adds any files that depend on the files currently in the stream, thus enabling incremental build.","archived":false,"fork":false,"pushed_at":"2022-12-06T07:22:45.000Z","size":247,"stargazers_count":16,"open_issues_count":13,"forks_count":5,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-07T08:49:36.485Z","etag":null,"topics":["build","dependencies","gulp","gulp-plugin","incremental","less","pcss","postcss","sass","scss"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thomas-darling.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-01-20T22:08:28.000Z","updated_at":"2024-11-29T14:32:31.000Z","dependencies_parsed_at":"2023-01-24T06:30:10.914Z","dependency_job_id":null,"html_url":"https://github.com/thomas-darling/gulp-dependents","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/thomas-darling/gulp-dependents","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomas-darling%2Fgulp-dependents","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomas-darling%2Fgulp-dependents/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomas-darling%2Fgulp-dependents/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomas-darling%2Fgulp-dependents/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thomas-darling","download_url":"https://codeload.github.com/thomas-darling/gulp-dependents/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomas-darling%2Fgulp-dependents/sbom","scorecard":{"id":882156,"data":{"date":"2025-08-11","repo":{"name":"github.com/thomas-darling/gulp-dependents","commit":"dbc6cbc2b4ca85c9d9a326a242595a813292d68a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.3,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 1/16 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-897m-rjf5-jp39","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T08:36:54.927Z","repository_id":40830552,"created_at":"2025-08-24T08:36:54.928Z","updated_at":"2025-08-24T08:36:54.928Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274340467,"owners_count":25267294,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["build","dependencies","gulp","gulp-plugin","incremental","less","pcss","postcss","sass","scss"],"created_at":"2024-09-24T13:45:08.989Z","updated_at":"2025-09-09T18:11:21.315Z","avatar_url":"https://github.com/thomas-darling.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"gulp-dependents\n===============\n\n[![Version](https://img.shields.io/npm/v/gulp-dependents.svg)](https://www.npmjs.org/package/gulp-dependents)\n[![Downloads](https://img.shields.io/npm/dm/gulp-dependents.svg)](https://www.npmjs.com/package/gulp-dependents)\n\nGulp plugin that tracks dependencies between files and adds any files that depend\non the files currently in the stream, thus enabling incremental build of `pcss`,\n`less`, `scss` and `sass` files, with extensibility points to support other file\ntypes.\n\n## Problem\nGulp makes it easy to build all your files, but as the code base grows, so does\nthe build time, significantly slowing down your workflow. The solution is\nincremental building - i.e. to rebuild only the files that have actually changed.\nUnfortunately Gulp is agnostic about the depenencies between your files, making\nit hard to incrementally build files that depend on other files - it doesn't know,\nthat when a dependency changes, so does the files that depend on it.\n\n## Solution\nThis plugin tracks the dependencies of all the files that pass trough it, building\nand maintaining an in-memory dependency tree describing the dependencies between\nthe files. For each file that passes through, it will add any files that directly\nor indirectly depend on that file to the stream, thus ensuring that they will also\nbe rebuild. Combined with e.g. the [gulp-cached](https://www.npmjs.com/package/gulp-cached)\nplugin, or the \"since last run\" option in Gulp 4, this enables fast and reliable\nincremental builds.\n\n## Usage\nThis example shows how the plugin may be used to watch and incrementally build\n`less` files. The `gulp-cached` plugin will pass all files through on the first\nrun, thus allowing `gulp-dependents` to set up the initial dependency graph. On\nsubsequent runs, only changed files will be passed through, and `gulp-dependents`\nwill then ensure that any dependent files are also pulled into the stream.\n\n```javascript\n\nvar gulp = require('gulp'),\n    less = require('gulp-less'),\n    cached = require('gulp-cached'),\n    dependents = require('gulp-dependents');\n\ngulp.task('watch', function() {\n    gulp.watch('src/**/*.less', ['build']);\n});\n\ngulp.task('build', function() {\n    return gulp\n        .src('src/**/*.less')\n        .pipe(cached('less'))\n        .pipe(dependents())\n        .pipe(less())\n        .pipe(gulp.dest('dist'))\n});\n\n```\n\nPlease note that although they serve a similar pourpose, `gulp-cached` and `gulp-changed`\nhave different behavior - `gulp-changed` will *not* nessesarily pass all files through on first run.\nInstead, it compares the timestamps of the source and destination files, and only pass through those\nthat appear to be different. This means, that if you want to use `gulp-changed` instead of `gulp-cached`,\nyou must clean your output folder every time your watch task starts, as this plugin needs to process all\nfiles at least once, in order to determine the initial dependency tree - it won't know a file depends on\nanother, until it has parsed its dependency statements at least once.\n\n## Support and limitations\nOut of the box, this plugin supports `pcss`, `less`, `scss` and `sass` files, including\nthings like comma-separated path lists, import statements spanning multiple lines\nand `url(...)` paths. For `sass`, which is the indent-based variant of the `scss`\nsyntax, support is limited to single-line import statements. Also note, that due to the\nway tracking is implemented, it is currently not possible to support dependency\nstatements with glob patterns, referencing e.g. all files in a folder.\n\n## Configuration\nFor the file types supported out of the box, there's generally no need to\nconfigure anything, but should the need arise, a parser configuration may be\npassed to the plugin function. Note that the options are merged into the\ndefault configuration, so if you only wish to override e.g. the `basePaths`\noption for  `scss` files, then simply specify only that property.\n\nThe parser will apply each `RegExp` or `function` in the `parserSteps` array in\nsequence, such that the first receives all the file content and may e.g. extract\nwhole dependency statements, and the second one may then extract the paths from\nthose statements. This design enables parsing of complex statements that e.g.\nlist multiple, comma-separated file paths. It also enables the use of external\nparsers, by specifying a function, which simply invokes the external parser to\nget the dependency paths.\n\n```javascript\n\n// The parser configuration, in which keys represents file name\n// extensions, including the dot, and values represent the config\n// to use when parsing the file type.\nvar config = {\n\n    \".scss\": {\n\n        // The sequence of RegExps and/or functions to use when parsing\n        // dependency paths from a source file. Each RegExp must have the\n        // 'gm' modifier and at least one capture group. Each function must\n        // accept a string and return an array of captured strings. The\n        // strings captured by each RegExp or function will be passed\n        // to the next, thus iteratively reducing the file content to an\n        // array of dependency file paths.\n        parserSteps: [\n\n            // PLEASE NOTE:\n            // The parser steps shown here are only meant as an example to\n\t\t\t// illustrate the concept of the matching pipeline.\n            // The default config used for scss files is pure RegExp and\n            // reliably supports the full syntax of scss import statements.\n\n            // Match the import statements and capture the text\n            // between '@import' and ';'.\n            /^\\s*@import\\s+(.+?);/gm,\n\n            // Split the captured text on ',' to get each path.\n            function (text) { return text.split(\",\"); },\n\n            // Match the balanced quotes and capture only the file path.\n            /\"([^\"]+)\"|'([^']+)'/m\n        ],\n\n        // The file name prefixes to try when looking for dependency\n        // files, if the syntax does not require them to be specified in\n        // dependency statements. This could be e.g. '_', which is often\n        // used as a naming convention for mixin files.\n        prefixes: ['_'],\n\n        // The file name postfixes to try when looking for dependency\n        // files, if the syntax does not require them to be specified in\n        // dependency statements. This could be e.g. file name extensions.\n        postfixes: ['.scss', '.sass'],\n\n        // The additional base paths to try when looking for dependency\n        // files referenced using relative paths.\n        basePaths: [],\n    }\n};\n\n// Pass the config object to the plugin function.\n.pipe(dependents(config))\n\n// You can also pass a second config argument to enable logging.\n.pipe(dependents(config, { logDependents: true }))\n\n```\n\nEnjoy, and please report any issues in the issue tracker :-)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomas-darling%2Fgulp-dependents","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomas-darling%2Fgulp-dependents","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomas-darling%2Fgulp-dependents/lists"}