pmmmwh / staledeps Goto Github PK
View Code? Open in Web Editor NEWFind stale dependencies in the package.json file(s).
License: MIT License
Find stale dependencies in the package.json file(s).
License: MIT License
Especially with many dependencies involved, caching could speed things up a lot and reduce network requests to npm. This would be useful when running the tool multiple times, perhaps with different thresholds, sorting, other other future options for tweaking the output.
To clear the cache, it would likely be sufficient to just delete the cache folder.
The tool currently provides output in human-readable format.
To make this output easily consumable by other tools or useful for further data analysis, an option could be provided -j
/ --json
to output a result like:
[
{ "name": "eslint", "lastPublish": "2023-01-13T00:17:03+00:00" }
]
We would want to use an absolute date time format like ISO 8601 instead of a relative date of course.
If necessary at some point, there could also be a Node API for this kind of output, although a CLI json output may be sufficient at first.
It doesn't appear to be possible to see results from an entire npm workspace / yarn workspace.
Perhaps there could be a new workspace option -w
/ --workspace
in combination with specifying the path to the workspace package.json file (which has the workspaces
property). By running staledeps -w package.json
, the tool would follow the patterns defined in the workspace package.json workspaces
property and include all of the matching packages in its results.
Note that passing the workspace package.json file without the -w
option would simply maintain the existing behavior where only the single package.json file is included.
For last publish dates beyond a year, should we show these as 6.9 years
instead of 2519 days ago
? It's harder to appreciate how long of a duration 2519 days
is.
There could be additional columns in the output for each dependency, like:
Note that I specified "Most recent version in requested range" because package.json may specify ^1.0
as the requested range but yarn.lock could have any number of versions in that range (1.7
, etc), or even versions outside that range due to transitive dependencies. So it's not trivial to say what single version a dependency is on. Although you can see what versions of a dependency are present using yarn why eslint
for example.
Right now, output is listed in alphabetical order by dependency name.
With a lengthy list of dependencies, the user may want to see the most-stale dependencies first (descending order by last publish date date). Perhaps there could be options like
-s
/ --sort
= name
/ lastPublish
/ any future column-o
/ --sort-order
= asc
/ desc
This would be especially useful when including transitive dependencies (#161) which may result in a huge list.
Right now, only dependencies mentioned in package.json are included in the output. This is similar to npm ls
.
A new option -t
/ --transitive
could be implemented for including transitive dependencies (dependencies of dependencies). This would be similar to npm ls --all
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.