npm-consider
Check npm package dependencies size, licenses and impact on your package before installing it
If you like it, please,
Features
- calculate dependencies size recursively
- show dependencies license policy for linking
- calculates impact on current package
- show a full dependency graph
- analyses packages without downloading it
- supports yarn
- analyzes local package
- provides continuous integration (CI) mode
Installing
npm install -g npm-consider
Note: this tool is more useful when your colleagues also use it
Usage
Add new dependency
npm-consider has similar arguments as npm install
npm-consider install --save express
The command recursively requests packages info from npm and builds dependencies graph. Size of the package determined via HEAD request to tarball download URL.
Analyze local package
When called without arguments in package directory it builds a dependency graph and calculates metrics for local package
npm-consider install
Using for automation and continuous integration
You can specify maximum values of size and number as well as allowed license types in config of your package.json.
"config": {
"maxPackagesNumber": 100,
"maxSizeBites": 840400,
"allowedLicenseTypes": [
"permissive",
"publicDomain",
"uncategorized"
]
}
Once provided you can call
npm-consider install --test
If all limits are satisfied command will exit with code=0; otherwise code=1.
Note: in this mode, npm-consider will not call npm install or yarn install.
Supported properties:
maxPackagesNumbermax number ofnpmdependencies incuding transitive dependenciesmaxSizeBitesmax size of downloaded packages in bitesallowedLicenseTypeswhat types of dependency licenses are accpetable for the package
Supported types are publicDomain, permissive, weaklyProtective, protective, networkProtective, uncategorized.If you are not sure which license types are appropriate check this artice.
Usage with yarn
If the project contains yarn.lock file, then npm-consider will do yarn add with corresponding options.
Licence type
npm-consider calculates license type for every dependency. The type defines license policy for linking as a librtary. Data collected from Comparison of free and open-source software licenses on Wikipedia.
Public DomainandPermissivelicense allows you to do anything except sue the authorWeakly Protectivelicense have a restriction to how can it be linked and combined with other licensesProtectiveor Copyleft dependency license requires a dependent module to have a free license, which prevents it from being proprietaryNetwork Protectivesame as Protective but also triggers with network interactionUncategorizedmeans that license was not found in a package info or was not categorised in terms of linking; feel free to contribute to license categorisation;
Note: that even permissive licenses have some restrictions. Check the following slide and article to learn about license compatibility:
The Free-Libre / Open Source Software (FLOSS) License Slide
Menu options
- Install runs
npm installwith the same arguments - Impact takes onto account already installed dependencies and shows relative impact. It behaves differently, depending on
--saveor--save-devoption. The second one takes into account already installeddependenciesanddevDepenedencies. - Details prints dependencies graph
- Skip cancels
npm install; no changes in your project will apply.
-
Folder Structures Used by npm Description npm puts various things on your computer. That’s its job. This document will tell you what it puts where. tl;dr Local install (default): puts stuff in ./node_
-
Reduce duplication npm dedupe npm ddp aliases: find-dupes, ddp Searches the local package tree and attempts to simplify the overall structure by moving dependencies further up the tree, where they can
-
现象: D:\react-native>react-native init MyReactNativeApp This will walk you through creating a new React Native project in D:\react-native\MyReactNativeApp 'yarn' �����ڲ����ⲿ���Ҳ���ǿ����еij��� �������ļ�
-
环境说明 ganiks@ganiks-ubuntu-trusty-64:/ganiks/parse-server$ npm -v 6.5.0 ganiks@ganiks-ubuntu-trusty-64:/ganiks/parse-server$ node -v v10.15.0 问题描述 安装部署 ParseServer服务 root@ganiks-ubuntu-trusty-64:/gan
-
本文翻译自:Why does “npm install” rewrite package-lock.json? I just recently upgraded to npm@5. 我最近才升级到npm @ 5。 I now have a package-lock.json file with everything from package.json. 我现在有一个package-lock.jso
-
本文翻译自:npm command to uninstall or prune unused packages in Node.js 有没有办法简单地从Node.js项目中卸载所有未使用的(未声明的)依赖项(我的package.json不再定义的那些)。当我更新我的应用程序时,我喜欢自动删除未引用的包。 #1楼 参考:https://stackoom.com/question/1RrXi/npm命
-
Web团队建设–npm私库搭建 前言 在日常工作中,我们平时使用的一些优秀的类库基本都来源于 npm, 如果我们仅仅是简单的直接使用他们的功能的话 npm 其实已经完全可以满足我们的需求,但在我们的开发过程中总会出现一些公有的东西出现,类似一些公共的组件、公共方法工具类之类的,这块如果我们希望能够方便使用且降低开发成本的话便只能把它独立为一个 npm 库来使用,然后公司的代码的话一般都是不可以公开
-
Error: EACCES: permission denied, mkdir '/Users/liuzhao/.npm/_npx/2938' TypeError: Cannot read property 'loaded' of undefined at exit (/usr/local/lib/node_modules/npm/lib/utils/error-handler.js:98
-
npm ERR! Maximum call stack size exceeded npm ERR! A complete log of this run can be found in: npm ERR! C:\Users\JK\AppData\Roaming\npm-cache\_logs\2020-07-03T14_57_03_996Z-debug.log 解决方法:用管理员身
-
安装appium-doctor报错 test@test:~/android-sdk-linux/tools$ npm install appium-doctor -g npm WARN deprecated authorize-ios@1.2.1: Moved into appium npm WARN deprecated @babel/polyfill@7.4.4: ? As of Babel
-
问题内容: 我更新到最新的节点v9.1.0,现在npm不起作用。 npm WARN npm npm不支持Node.js v9.1.0 问题答案: 事实证明,当前安装的版本与新版本不兼容,并且很难进行更新。 解决方案是先卸载然后重新安装,其中将包含的正确版本。 这是如何做: 卸载。 从https://nodejs.org安装
-
1 npm的历史、现状和发展 历史 2009年,npm(Node 包管理器)初次发布早期预览版; 2011年,npm 1.0:发布; 2015年,npm 支持私有模块 现状 npm公司发布了其软件包管理工具npm 5.0版,npm 5提升了性能,使其保持了对同类软件的竞争力。 npm的出现使我们分享代码或者复用代码变得更加简单。 发展 npm作为随同node.JS一起安装的包管理工具,在node包
-
npm 是 Node.js 的包管理工具,用来安装各种 Node.js 的扩展。 npm 是 JavaScript 的包管理工具,也是世界上最大的软件注册表。有超过 60 万个 JavaScript 代码包可供下载,每周下载约 30 亿次。npm 让 JavaScript 开发人员可以轻松地使用其他开发人员共享的代码。 npm 由三个不同的部分组成: 网站 注册表 命令行界面(CLI) 示例:查找
-
npm模块升级工具npm-check,提供命令行下的图形界面,可以手动选择升级哪些模块。 检查是否有需要更新、错误的和未使用的依赖: 功能特性: 依赖更新及时提醒 提供软件包更新接链,可以及时更新升级 友好的提示你所缺少的依赖包,减少不必要的盲目查找 支持安装在全局工作环境,via -g 平滑更新升级,via -u 支持公有域和私有域@scoped/packages 支持ES6-style 可交替
-
npm-upgrade Interactive CLI utility to easily update outdated NPM dependencies with changelogs inspection support. What is this for? If you are tired of manually upgrading package.json every time your
-
Overview Codebox npm is a serverless npm registry to allow companies that wish to keep their intellectual property. It allows sharing of npm modules within a company but additionally allows access to
-
npm and related build and dev tools Please feel free to create an issue or open a pull request if you need support or would like to contribute. Portable node, package managers and build tools Tagged I
-
npm-run Run executables in node_modules from the command-line Use npm-run to ensure you're using the same version of a package on the command-line and in package.json scripts. Any executable available