npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@seadub/danger-plugin-dependencies

v1.0.0

Published

Provides dependency information on dependency changes in a PR

Downloads

952

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

seadubseadub

Keywords

dangerdanger-pluginnpmyarndependencies

Readme

danger-plugin-dependencies

npm version

Provides dependency information on dependency changes in a PR

Usage

Install:

npm install @seadub/danger-plugin-dependencies --save-dev
# or
yarn add @seadub/danger-plugin-dependencies --dev

At a glance:

// dangerfile.js
import dependencies from '@seadub/danger-plugin-dependencies'

schedule(dependencies())

Provides 4 separate rules:

  • checkForRelease - Provides a 🎉 when there's a package version bump.
  • checkForNewDependencies (async) - Provides npmjs.com (and yarn why, when type is "yarn") metadata about new dependencies.
  • checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a package-lock.json or yarn.lock change.
  • checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Note: async functions like the default one have be to schedule'd by Danger.

yarn vs npm usage

By default, the dependencies method will attempt to determine if you are using npm or yarn to manage your dependencies based on sniffing for the lockfiles on disk. If no lockfiles exist, or running on Peril it will fail without an explicitly stated manasger type in the options.

You may explicitly pass one in the options:

// dangerfile.js
import dependencies from '@seadub/danger-plugin-dependencies'

schedule(dependencies({ type: "npm" }))
// or for yarn
schedule(dependencies({ type: "yarn" }))

Private packages

If you want the plugin to find your private packages on npm, you need to provide an npm authentication token:

// dangerfile.js
import dependencies from 'danger-plugin-dependencies'

schedule(dependencies({ npmAuthToken: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }))

Changelog

See the GitHub release history.

Contributing

See CONTRIBUTING.md.

What does this look like?

The rest of this README is the contents of what it looks like when you add this plugin to your Dangerfile:

New dependencies added: danger-plugin-yarn.

Build Status npm version semantic-release

Provides dependency information on dependency changes in a PR

Usage

Install:

yarn add danger-plugin-yarn --dev

At a glance:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

schedule(yarn())

Provides 4 separate rules:

  • checkForRelease - Provides a 🎉 when there's a package version bump.
  • checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.
  • checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.
  • checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Note: async functions like the default one have be to schedule'd by Danger.

Changelog

See the GitHub release history.

Contributing

See CONTRIBUTING.md.