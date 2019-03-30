openbase logo
openbase logo
CategoriesLeaderboard
nc

npm-consider

by Vladi Bilonenko
1.7.0 (see all)

Check package dependencies before installing it

npm
GitHub
CDN

Overview

DocumentationTutorialsReviewsMaintenanceDependenciesVersionsAlternatives
Showing:

Popularity

Downloads/wk

335

GitHub Stars

411

Maintenance

Last Commit

3yrs ago

Contributors

4

Package

Dependencies

12

License

(MIT AND Artistic-2.0)

Type Definitions

DefinitelyTyped

Tree-Shakeable

No?

Categories

Reviews

Average Rating

4.0/51
Read All Reviews
Be the first to give feedback

Readme

npm-consider

Check npm package dependencies size, licenses and impact on your package before installing it 🤔

npm-consider

If you like it, please, ⭐️ this repo!

Build Status

Features

  • calculate dependencies size recursively
  • show dependencies license policy for linking
  • calculates impact on current package
  • show a full dependency graph
  • analyses packages without downloading it
  • supports yarn
  • analyzes local package
  • provides continuous integration (CI) mode

Installing

npm install -g npm-consider

Note: this tool is more useful when your colleagues also use it 😉

Usage

Add new dependency

npm-consider has similar arguments as npm install

npm-consider install --save express

The command recursively requests packages info from npm and builds dependencies graph. Size of the package determined via HEAD request to tarball download URL.

Analyze local package

When called without arguments in package directory it builds a dependency graph and calculates metrics for local package

Using for automation and continuous integration

You can specify maximum values of size and number as well as allowed license types in config of your package.json.

"config": {
  "maxPackagesNumber": 100,
  "maxSizeBites": 840400,
  "allowedLicenseTypes": [
    "permissive",
    "publicDomain",
    "uncategorized"
  ]
}

Once provided you can call

npm-consider install --test

npm-consider

If all limits are satisfied command will exit with code=0; otherwise code=1.

Note: in this mode, npm-consider will not call npm install or yarn install.

Supported properties:

  • maxPackagesNumber max number of npm dependencies incuding transitive dependencies
  • maxSizeBites max size of downloaded packages in bites
  • allowedLicenseTypes what types of dependency licenses are accpetable for the package

Supported types are publicDomain, permissive, weaklyProtective, protective, networkProtective, uncategorized. If you are not sure which license types are appropriate check this artice.

Usage with yarn

If the project contains yarn.lock file, then npm-consider will do yarn add with corresponding options.

Licence type

npm-consider calculates license type for every dependency. The type defines license policy for linking as a librtary. Data collected from Comparison of free and open-source software licenses on Wikipedia.

  • Public Domain and Permissive license allows you to do anything except sue the author
  • Weakly Protective license have a restriction to how can it be linked and combined with other licenses
  • Protective or Copyleft dependency license requires a dependent module to have a free license, which prevents it from being proprietary
  • Network Protective same as Protective but also triggers with network interaction
  • Uncategorized means that license was not found in a package info or was not categorised in terms of linking; feel free to contribute to license categorisation;

Note: that even permissive licenses have some restrictions. Check the following slide and article to learn about license compatibility:

The Free-Libre / Open Source Software (FLOSS) License Slide

  • Install runs npm install with the same arguments
  • Impact takes onto account already installed dependencies and shows relative impact. It behaves differently, depending on --save or --save-dev option. The second one takes into account already installed dependencies and devDepenedencies.
  • Details prints dependencies graph
  • Skip cancels npm install; no changes in your project will apply.

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100
Óscar MedinaBarcelona3 Ratings0 Reviews
Interested in Javascript projects to keep developing my skills (React.js, node.js, mongoDB) Special interest in Back-end, gaming and system administration.
August 25, 2020

Alternatives

No alternatives found

Tutorials

No tutorials found
Add a tutorial