Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 16:22
    tjx666 commented #4786
  • 16:14
    BlackHole1 edited #4805
  • 16:14
    BlackHole1 edited #4805
  • 15:50
    Spencer17x synchronize #4805
  • 15:49
    Spencer17x review_requested #4805
  • 15:49
    Spencer17x opened #4805
  • 15:46
    slowdownitsfine commented #4796
  • 15:46
    slowdownitsfine commented #4796
  • 14:50
    laozhu commented #4796
  • 10:25
    Spencer17x assigned #4745
  • 10:03
    raulfdm commented #4804
  • 09:57
    raulfdm edited #4804
  • 09:56
    raulfdm edited #4804
  • 09:56
    raulfdm labeled #4804
  • 09:56
    raulfdm opened #4804
  • 08:18
    AdrielLimanthie commented #4796
  • 05:44
    darkskygit commented #4796
  • 03:29
    ninjadev101 commented #2135
  • 03:29
    ninjadev101 commented #2135
  • 02:39
    WormGirl commented #4789
Zoltan Kochan
@zkochan

does anyone know about a package that can find all the packages used by a package from code, not from package.json? That analyzes all the require statements

I'd like to make a tool that analyzes the dependencies of a project and searches for usages of packages that are not specified in package.json. Seems like we have a lot of issues opened because of such errors

Vaughan Rouesnel
@vjpr
i had a similar requirement for a project, but ended up using webpack because i needed to support frontend code…but it was slow
export async function makeDependentsMap({cwd, root}) {

  const config = await getWebpackConfig({cwd, root})

  const stats = await promisify(webpack)(config)

  //if (e) throw e
  if (stats.hasErrors()) {
    stats.toJson().errors.map(e => {
      console.log(e)
      console.log('------------------------------------------------------------------------------')
    })
    //return
    throw 'Webpack failed.'
  }

  const json = stats.toJson({modules: true})

  const dependents = {}
  const dependencies = {}

  json.modules.map(mod => {
    //console.log(mod)
    dependents[mod.name] = dependents[mod.name] || []
    //const deps = mod.reasons.map(r => r.module)
    const deps = mod.reasons
    dependents[mod.name].push(...deps)

    mod.reasons.map(reason => {
      dependencies[reason.module] = dependencies[reason.module] || []
      dependencies[reason.module].push({mod, reason})
    })

  })

  return {dependents, dependencies}

}
Zoltan Kochan
@zkochan
thanks, yeah, there are lots of packages like this. there is something from browserify as well. I wondered if there's something that checks the whole package (each module in the package). Probably I'll have to implement that one myself, using one of these
Vaughan Rouesnel
@vjpr
you can use jscodeshift to find requires/imports manually...
function findAndModifyRequires(code, userRequest, newImportPath) {
  return j(code)
    .find(j.CallExpression, {callee: {name: 'require'}})
    .forEach(path => {
      const name = path.value.arguments[0].value
      if (name === userRequest) {
        path.value.arguments[0].value = removeFileExt(newImportPath)
      }
    })
    .toSource({quote: 'single'})
}

function findAndModifyImports(code, userRequest, newImportPath) {
  return j(code)
    .find(j.ImportDeclaration)
    .forEach(path => {
      const name = path.value.source.value
      if (name === userRequest) {
        path.value.source.value = removeFileExt(newImportPath)
      }
    })
    .toSource({quote: 'single'})
}
(this also modified them)
Zoltan Kochan
@zkochan
this is what I was looking for https://github.com/maxogden/dependency-check
Vaughan Rouesnel
@vjpr
Zoltan Kochan
@zkochan
yep, I looked into dependents of detective
that's how I've found it
Vaughan Rouesnel
@vjpr
if i run pnpm i —force will this update my local shrinkwrap?
i think i need something like pnpm i —force-but-dont-modify-my-shrinkwrap.
say i am reusing a node_modules dir, but i have changed branch and want to run pnpm i to use the new shrinkwrap
Zoltan Kochan
@zkochan
I think it won't update the shrinkwrap.
Vaughan Rouesnel
@vjpr
im finding that the new node_modules/.shrinkwrap.yaml is not the same as shrinkwrap.yaml which means its doing an entire deploy each time
Zoltan Kochan
@zkochan
but the outer shrinkwrap is not modified, right?
the inner is rewritten to be the same as the outer
Vaughan Rouesnel
@vjpr
hmm ok it seems like that is the case
but im seeing my shrinkwrap change each time i install
e.g.
  /soap/0.17.0:
    dependencies:
      compress: 0.99.0
      debug: 0.7.4
      ejs: 2.3.4
      lodash: 3.10.1
      node-uuid: 1.4.8
      optional: 0.1.3
      request: 2.81.0
      sax: 1.2.2
      selectn: 0.9.6
      strip-bom: 0.3.1
      ursa: 0.9.4
      xml-crypto: 0.8.5
    resolution: 1fccd7e19031a143ee53dec09afe89ba379e051e
  /soap/0.17.0:
    dependencies:
      compress: 0.99.0
      debug: 0.7.4
      ejs: 2.3.4
      lodash: 3.10.1
      node-uuid: 1.4.8
      optional: v0.1.3
      request: 2.81.0
      sax: 1.2.2
      selectn: 0.9.6
      strip-bom: 0.3.1
      ursa: 0.9.4
      xml-crypto: 0.8.5
    resolution: 1fccd7e19031a143ee53dec09afe89ba379e051e
Zoltan Kochan
@zkochan
when the two shrinkwraps differ?
Vaughan Rouesnel
@vjpr
notice the optional has a v
prefixed
i remember this is an issue i submitted earlier
Zoltan Kochan
@zkochan
yes, I couldn't repro
maybe the difference between inner/outter shrinkwrap causes these
Vaughan Rouesnel
@vjpr
ok so i can reproduce it everytime now
maybe its a corrupt store or something
rm shrinkwrap.yaml
rm -rf node_modules
pnpm i

rm -rf node_modules
pnpm i

shrinkwrap.yaml has changed
react-highcharts and the optional module
the second time it reports these messages and then adds them to the shrinkwrap
  WARN Cannot find resolution of /highcharts-release/v4.2.7 in shrinkwrap file
  WARN Cannot find resolution of /highmaps-release/v1.1.10 in shrinkwrap file
  WARN Cannot find resolution of /highstock-release/v2.1.10 in shrinkwrap file
  WARN Cannot find resolution of /optional/v0.1.3 in shrinkwrap file
Vaughan Rouesnel
@vjpr
i will try find where it happens in the code
Zoltan Kochan
@zkochan
I think I reproduced it.
happens when the shrikwrap.yaml inside node_modules difference from the one outside
so after a branch switch very likely
Vaughan Rouesnel
@vjpr
im seeing it without the inside and outside being different
Vaughan Rouesnel
@vjpr
so in shrinkwrap.ts pkgIdToRef, pkgVersion sometimes can start with a v
i will find the root cause
Zoltan Kochan
@zkochan
thanks
Vaughan Rouesnel
@vjpr
haha so highcharts-release puts of v in its package.json version
is this even valid?
Zoltan Kochan
@zkochan
wow
according to this site it is valid
Vaughan Rouesnel
@vjpr
haha
Zoltan Kochan
@zkochan
TIL
A leading "=" or "v" character is stripped off and ignored.