Skip to content
This repository has been archived by the owner on May 3, 2022. It is now read-only.

Retrieves the (flat) list of package dependencies for a Javascript project using the npm package manager.

License

Notifications You must be signed in to change notification settings

philips-software/npm-dependencies-extractor

Repository files navigation

⚠️ THIS REPOSITORY IS NO LONGER MAINTAINED ⚠️

npm

This is a CLI package that provides a command extract-dependencies to extract the flat list of (all installed) dependencies from a package-lock.json file (or another file with the same structure of your choice. If you want, instead of the package-lock.json, you may specify as input file the JSON file generated by the npm command to list json dependencies, such as:

npm list --json > inputFile.json

or, if you only want to see the production dependencies, generate the input as:

npm list --json --prod > inputFile.json 

Why the need to create npm-dependencies-extractor? The dependencies information as output by the package-lock.json or the npm list command is verbose, and requires some processing if you simply want to retrieve a (flat) list of your dependencies. Also, package-lock.json may contain more times a dependency that is present in different branches of the dependency tree.

When there is no dependency in your input file, the script exits after notifying the user. When your input does have dependencies, npm-dependencies-extractor generates, from your input, the flat list of dependencies, in two formats. The first output format is a js file containing the array of dependencies formatted as JSON objects (with keys name and version), with no nesting, like:

    [
        { ‘name’: ‘dependencyName_A’, ‘version’: ‘0.0.1’},
        { ‘name’: ‘dependencyName_B’, ‘version’: ‘2.0.0’},
        { ‘name’: ‘dependencyName_B’, ‘version’: ‘2.0.1’}
    ]

The second output format is a txt file containing an array of dependencies, one per line, formatted as name@version, like:

Status

0.0.6, see CHANGELOG.md

Technology stack

  • Javascript
  • This software is intended to be used standalone, as a command-line tool

Prerequisites

  • you should have Node installed (this script was tested with node v8.12.0)

  • make sure you do not have a fixed depth configured in npm, so that npm install or npm list returns all dependencies (dependencies at all levels of depth).

npm config get depth

If something else than Infinity is returned, then remove the depth limitation by:

npm config delete depth
  • you should create the input json with dependencies by either: (generates package-lock.json, with both dev and prod dependencies:)
npm install

or (generates a file similar to the structure of package-lock.json, but you may control whether to only contain dev or prod dependencies:)

npm list --json --prod > inputFile.json
  • The following encodings of the input file are supported: utf8, utf16le. If the input file does not have a header containing the byte order mark, then you need to provide the encoding parameter, else the encoding is assumed to be utf8.

Installation

Install globally:

npm install -g npm-dependencies-extractor

Or you could use it without installing by running:

npx npm-dependencies-extractor [options]

Usage

extract-dependencies [options]

Supported options:

Flag Alias Functionality
--input [filename] -i Filename of the package-lock.json file to extract dependencies from. Default value: package-lock.json
--encoding -e (optional) Encoding of the input file. Allowed values: utf8, utf16le.
--optionals -io (optional) include optional dependencies
--devdependencies -d (optional) ignore dev dependencies
--output [filename] -o Js filename to which the flat list of dependencies is written. If the file already exists, it will be overwritten. Default value: dependencies.js. One more representation of the flat dependencies is generated, in the form of text (as .txt)
--verbose Verbose output of commands and errors
--help -h Display help for command

Sample usage

npm run extract-dependencies -- -i ./test-data/input-with-optionals/package-lock-with-2-mandatory-dependencies.json --verbose

Usage scenarios

Scenario 1: You run the npm-dependencies-extractor's command without adding it as a dependency to your project

From the installation folder of npm-dependencies-extractor, run:

npm run extract-dependencies -- [options]

or, if you don't want to install it, run:

npx npm-dependencies-extractor [options]

or, if you don't want to install it from github master, run:

npx github:philips-software/npm-dependencies-extractor [options]

Scenario 2: You include the npm-dependencies-extractor as a dependency of your project, and call its command in your project's scripts, by:

extract-dependencies [options] 

FAQ

Question: I get an 'Unexpected token' error when my input JSON file is read; why?

Answer: This is most likely caused because your file is encoded in a format not supported yet, or because your file format is supported but its header does not contain a byte order mark (BOM) to describe its encoding. In the latter case, please provide to the script the encoding known by you by means of an additional parameter, like: --encoding <encodingOfTheInputFile>.

Currenlty supported values for encoding are: utf8, utf16le

Owners

See CODEOWNERS

Maintainers

See MAINTAINERS.md

Contributing

See CONTRIBUTING.md

License

See LICENSE.md

Author

Sanda Contiu

Keywords

  • dependencies
  • npm
  • sbom
  • software bill of material
  • flat list
  • extract
  • retrieve
  • dependencies flat list
  • extract dependencies
  • list dependencies

About

Retrieves the (flat) list of package dependencies for a Javascript project using the npm package manager.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published