pmmmwh / staledeps Goto Github PK

Especially with many dependencies involved, caching could speed things up a lot and reduce network requests to npm. This would be useful when running the tool multiple times, perhaps with different thresholds, sorting, other other future options for tweaking the output.

To clear the cache, it would likely be sufficient to just delete the cache folder.

The tool currently provides output in human-readable format.

To make this output easily consumable by other tools or useful for further data analysis, an option could be provided -j / --json to output a result like:

[
  { "name": "eslint", "lastPublish": "2023-01-13T00:17:03+00:00" }
]

We would want to use an absolute date time format like ISO 8601 instead of a relative date of course.

If necessary at some point, there could also be a Node API for this kind of output, although a CLI json output may be sufficient at first.

It doesn't appear to be possible to see results from an entire npm workspace / yarn workspace.

Perhaps there could be a new workspace option -w / --workspace in combination with specifying the path to the workspace package.json file (which has the workspaces property). By running staledeps -w package.json, the tool would follow the patterns defined in the workspace package.json workspaces property and include all of the matching packages in its results.

Note that passing the workspace package.json file without the -w option would simply maintain the existing behavior where only the single package.json file is included.

For last publish dates beyond a year, should we show these as 6.9 years instead of 2519 days ago? It's harder to appreciate how long of a duration 2519 days is.

There could be additional columns in the output for each dependency, like:

• Last publish, version
• Last publish, date (existing column)
• Most recent version in requested range, version
• Most recent version in requested range, date

Note that I specified "Most recent version in requested range" because package.json may specify ^1.0 as the requested range but yarn.lock could have any number of versions in that range (1.7, etc), or even versions outside that range due to transitive dependencies. So it's not trivial to say what single version a dependency is on. Although you can see what versions of a dependency are present using yarn why eslint for example.

Right now, output is listed in alphabetical order by dependency name.

With a lengthy list of dependencies, the user may want to see the most-stale dependencies first (descending order by last publish date date). Perhaps there could be options like

• -s / --sort = name / lastPublish / any future column
• -o / --sort-order = asc / desc

This would be especially useful when including transitive dependencies (#161) which may result in a huge list.

Right now, only dependencies mentioned in package.json are included in the output. This is similar to npm ls.

A new option -t / --transitive could be implemented for including transitive dependencies (dependencies of dependencies). This would be similar to npm ls --all.