dependency-insight is a tiny, powerful, and user-friendly command-line tool designed to help you audit, analyze, and manage your project's dependencies. It provides a wide range of features to ensure that your project uses the most up-to-date, secure, and efficient libraries. Available on NPM registry.
You can install dependency-insight globally via npm:
npm install -g dependency-insightAlternatively, you can install it locally in your project:
npm install --save-dev dependency-insightOr simply npm i (but you may have to use npx before dep-insight)
npm install dependency-insight #use npx - Command:
dep-insight audit - Description: Audits your project's dependencies for known vulnerabilities and displays the severity of each.
- Command:
dep-insight outdated - Description: Identifies outdated dependencies and checks for newer versions.
- Command:
dep-insight prune - Description: Detects unused dependencies and helps keep your project lean.
- Command:
dep-insight tree - Description: Visualizes the complete dependency tree of your project.
- Command:
dep-insight suggest - Description: Suggests lightweight alternatives for heavy dependencies.
- Command:
dep-insight size - Description: Analyzes the size of your project's dependencies and provides a summary.
- Command:
dep-insight health - Description: Checks the health of your dependencies by reviewing download statistics, GitHub activity, and more.
- Command:
dep-insight update - Description: Allows you to interactively update outdated dependencies in your project.
- Command:
dep-insight clear-cache - Description: Clears the npm cache completely after confirming with the user.
- Command:
dep-insight licenses - Description: Scans all dependencies for their license types, flags packages with restrictive or incompatible licenses, and generates compliance reports.
- Command:
dep-insight impact <package-name> - Description: Analyze how updating a specific dependency might affect your project, including breaking changes and risk scoring.
- Command:
dep-insight usage - Description: Shows which files/modules are importing each dependency, identifies underutilized or unused packages, and finds redundant dependencies.
- Command:
dep-insight lock - Description: Analyzes your lockfile (package-lock.json, yarn.lock, or pnpm-lock.yaml) for inconsistencies or potential issues and verifies lockfile integrity.
- Command:
dep-insight peers - Description: Checks for missing or incompatible peer dependencies and highlights potential conflicts.
- Command:
dep-insight ci - Description: Runs all critical checks in CI environments, generates machine-readable reports, and sets appropriate exit codes for failing builds.
- Command: No command or
dep-insight help - Description: Displays the available commands and their descriptions when no command is provided or the help flag is used.
After installation, you can run the tool from the command line by typing dep-insight followed by the desired command. For example:
- To audit dependencies:
dep-insight audit
- To check for outdated dependencies:
dep-insight outdated
- To check license compliance:
dep-insight licenses
- To analyze dependency usage:
dep-insight usage
- To validate lockfile:
dep-insight lock
- To validate peer dependencies:
dep-insight peers
- To run all checks in CI:
dep-insight ci
For a full list of commands, use the help command:
dep-insight helpWhen you run the dep-insight audit command, it will analyze your dependencies for security vulnerabilities and output a summary:
Auditing dependencies for vulnerabilities...
Low: 2, Moderate: 1, High: 3, Critical: 0When you run dep-insight outdated, it will show any outdated dependencies:
Outdated dependencies:
express: 4.16.3 → 4.18.2 (4.18.2)When you run dep-insight licenses, it will show license risk summary and details:
License Risk Summary:
High Risk: 1 - Copyleft licenses with strict requirements
Moderate Risk: 0 - Licenses with some restrictions
Low Risk: 10 - Permissive licenses
Unknown: 2
⚠️ High Risk Licenses:
- some-copyleft-package GPL-3.0
All Licenses:
some-copyleft-package GPL-3.0
chalk MIT
...When you run dep-insight usage, it will show dependency usage analysis:
Dependency Usage Analysis:
──────────────────────────────────────────────────────────────
Dependency Imports Files Coverage
──────────────────────────────────────────────────────────────
chalk 18 18 86%
inquirer 3 3 14%
depcheck 1 1 5%
filesize 0 0 0%
⚠️ Unused Dependencies:
- filesize (consider removing)When you run dep-insight lock, it will validate your lockfile:
Validating lockfile integrity...
Detected lockfiles:
- package-lock.json
✅ package-lock.json is up to date.
Lockfile version: 2
✅ All packages have integrity hashes.When you run dep-insight peers, it will validate peer dependencies:
Validating peer dependencies...
✅ All peer dependencies are satisfied!When you run dep-insight ci, it will run all checks and output a machine-readable report.
This tool uses the following libraries:
chalk: For colorful and easy-to-read outputs in the terminal.depcheck: For identifying unused dependencies in your project.inquirer: For prompting users during interactive commands.filesize: For displaying file sizes in human-readable formats.
Feel free to fork this project, submit issues, or create pull requests. Contributions are welcome!
This project is licensed under the MIT License. See the LICENSE file for more information.
Note: GitHub API is rate-limited to 60 requests per hour for unauthenticated requests, which may