README.md 1.7 KB
@os-tools/npm-dependency-tree
This tool's main purpose is to scan an npm project's dependency tree for Oracle Open Source Compliance.
Hence if you run it with the single required parameter --package then the result is (only packages eligible for compliance are shown):
$ npm-dependency-tree --package ./package.json
name,version,root,parent,type,audit
node-fetch,2.6.1,,,dependency,n/a
yargs,16.2.0,,,dependency,n/a
@types/node,14.14.41,,,devDependency,n/a
@types/node-fetch,2.5.10,,,devDependency,n/a
@types/yargs,16.0.1,,,devDependency,n/a
ts-node,9.1.1,,,devDependency,n/a
typescript,4.2.4,,,devDependency,n/a
If you want audit results then run:
$ npm-dependency-tree --package ./package.json --audit
name,version,root,parent,type,audit
@types/node-fetch,2.5.10,,,devDependency,not registered
yargs,16.2.0,,,dependency,registered
node-fetch,2.6.1,,,dependency,registered
typescript,4.2.4,,,devDependency,not registered
@types/yargs,16.0.1,,,devDependency,not registered
ts-node,9.1.1,,,devDependency,registered
@types/node,14.14.41,,,devDependency,not registered
To get a sense of all the features run:
$ npm-dependency-tree --help
Options:
--version Show version number [boolean]
--package The full or relative path to the package.json file
[string] [required]
--format Possible values are 'tree' and 'csv' [string] [default: "csv"]
--filter Possible values are 'none' and 'oracle'[string] [default: "oracle"]
--audit Open Source Compliance Service audit [boolean] [default: false]
--help Show help [boolean]