Investigating NPM Dependencies

I have been working with a number of Node projects recently.

Keeping dependencies upto date is a big time sink. I use Dependabot to help with these.

Here is a utility that I have written that allows visualisation of module dependencies: https://github.com/chriseyre2000/package_compare

It loads node_modules into a Neo4j graph database.

To use this you need to install neo4j, create a database user with a password and the Erlang OTP runtime.

Here are the important details:

Once you have run mix escript.build then you can use the following:

./package_compare path-to-the/package.json localhost neo4j_username neo4j_password

This can be run across multiple projects to compare the dependencies. Once you have loaded multiple applications you can you the simple query:

MATCH (a) RETURN a

This will allow you to find the core set of dependencies that your applications are using. If two projects have a large core then there may be a common library waiting to be extracted.

This is an example of an Elixir escript application. This takes an unusual approach with the Sips library, it uses start link itself so that the database configuration can be supplied on the command line. Normally this would be started as a dependent application and the config found from a config file.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s