CLI tool to check your npm dependencies against a list of allowed/forbidden packages.
To use it in your project:
$ npm install --save-dev check-packagesTo use it globally:
$ npm install --global check-packagesIt requires Node.js (v6 or higher).
$ check-packages <checklist.json> [options]The content of the checklist file must be an array of package names (with optional semver ranges), e.g.:
[
"react",
"react-dom",
"redux@>=1.0.0-rc.0 <1.0.1",
"react-redux@^2 <2.2 || > 2.3"
]By default check-packages uses the checklist path packages-whitelist.json
(respectively packages-blacklist.json when called with option --blacklist),
but you can also call check-packages with a different checklist path as
first argument, e.g.:
$ check-packages "./config/whitelisted-dev-dependencies.json" --dev| Option | Alias | Description |
|---|---|---|
topLevelOnly |
Checks only direct dependencies listed in the top level package.json (equivalent to depth=0).Note: You cannot use topLevelOnly together with depth. |
|
depth |
Max depth of the dependency tree analysis (default: inifity). Note: You cannot use depth together with topLevelOnly. |
|
blacklist |
black |
Interpret content of checklist as blacklist. |
development |
dev |
Analyze the dependency tree for devDependencies. |
production |
prod |
Analyze the dependency tree for dependencies. |
verbose |
Lists unallowed dependencies. | |
exitCode |
Exit code in case of unallowed dependencies. Default: 1 | |
version |
v |
Displays the version number. |
help |
h |
Displays the help. |
$ check-packages
$ check-packages --blacklist
$ check-packages my-whitelist.json --dev --depth=10
$ check-packages my-whitelist.json --dev --topLevelOnly --verbose
$ check-packages my-blacklist.json --prod --blacklistMIT © Christian Kühl