npm-dependency-tree/README.md

@os-tools/npm-dependency-tree

This tool's main purpose is to scan an npm project's dependency tree for Oracle Open Source Compliance.

Install

1. Download and install nodejs from https://nodejs.org (LTS version is preferred).
2. npm install -g --registry https://npm.bodicsek.host @os-tools/npm-dependency-tree

Usage

If you run it with the single required parameter --package then the result is (only packages eligible for compliance are shown):

$ npm-dependency-tree --package ./package.json 

name,version,root,parent,type,audit
node-fetch,2.6.1,,,dependency,n/a
yargs,16.2.0,,,dependency,n/a
@types/node,14.14.41,,,devDependency,n/a
@types/node-fetch,2.5.10,,,devDependency,n/a
@types/yargs,16.0.1,,,devDependency,n/a
ts-node,9.1.1,,,devDependency,n/a
typescript,4.2.4,,,devDependency,n/a

If you want audit results then run:

$ npm-dependency-tree --package ./package.json --audit

name,version,root,parent,type,audit
@types/node-fetch,2.5.10,,,devDependency,not registered
yargs,16.2.0,,,dependency,registered
node-fetch,2.6.1,,,dependency,registered
typescript,4.2.4,,,devDependency,not registered
@types/yargs,16.0.1,,,devDependency,not registered
ts-node,9.1.1,,,devDependency,registered
@types/node,14.14.41,,,devDependency,not registered

To get a sense of all the features run:

$ npm-dependency-tree --help

Options:
  --version  Show version number                                       [boolean]
  --package  The full or relative path to the package.json file
                                                             [string] [required]
  --format   Possible values are 'tree' and 'csv'      [string] [default: "csv"]
  --filter   Possible values are 'none' and 'oracle'[string] [default: "oracle"]
  --audit    Open Source Compliance Service audit     [boolean] [default: false]
  --help     Show help                                                 [boolean]