https://github.com/micromata/check-packages
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
https://github.com/micromata/check-packages
cli cli-utilities dependencies packages
Last synced: 5 months ago
JSON representation
CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
- Host: GitHub
- URL: https://github.com/micromata/check-packages
- Owner: micromata
- License: mit
- Created: 2018-09-24T09:05:32.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2023-05-19T06:47:26.000Z (about 3 years ago)
- Last Synced: 2025-08-09T03:09:22.061Z (11 months ago)
- Topics: cli, cli-utilities, dependencies, packages
- Language: JavaScript
- Homepage:
- Size: 1.47 MB
- Stars: 14
- Watchers: 11
- Forks: 1
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://www.npmjs.org/package/check-packages)
[](https://david-dm.org/micromata/check-packages)
[](https://david-dm.org/micromata/check-packages#info=devDependencies)
[](https://travis-ci.org/micromata/check-packages)
[](https://coveralls.io/github/micromata/check-packages?branch=master)
# check-packages
> CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
## Install
To use it in your project:
```shell
$ npm install --save-dev check-packages
```
To use it globally:
```shell
$ npm install --global check-packages
```
*It requires Node.js (v6 or higher).*
## Usage
```shell
$ check-packages [options]
```
### Checklist JSON File
The content of the checklist file must be an array of package names (with optional [semver ranges](https://semver.npmjs.com/)), e.g.:
```json
[
"react",
"react-dom",
"redux@>=1.0.0-rc.0 <1.0.1",
"react-redux@^2 <2.2 || > 2.3"
]
```
By default `check-packages` uses the checklist path `packages-whitelist.json`
(respectively `packages-blacklist.json` when called with option `--blacklist`),
but you can also call `check-packages` with a different checklist path as
first argument, e.g.:
```shell
$ check-packages "./config/whitelisted-dev-dependencies.json" --dev
```
### Options
| Option | Alias | Description |
|----------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `topLevelOnly` | | Checks only direct dependencies listed in the top level package.json (equivalent to `depth=0`).
Note: You cannot use `topLevelOnly` together with `depth`. |
| `depth` | | Max depth of the dependency tree analysis (default: inifity).
Note: You cannot use `depth` together with `topLevelOnly`. |
| `blacklist` | `black` | Interpret content of checklist as blacklist. |
| `development` | `dev` | Analyze the dependency tree for devDependencies. |
| `production` | `prod` | Analyze the dependency tree for dependencies. |
| `verbose` | | Lists unallowed dependencies. |
| `exitCode` | | Exit code in case of unallowed dependencies. Default: 1 |
| `version` | `v` | Displays the version number. |
| `help` | `h` | Displays the help. |
### Examples
```shell
$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklist
```
## License
MIT © [Christian Kühl](https://micromata.de)