dependency-audit
v1.0.0
Published
Industry-standard, free NPM package for JavaScript/Node.js dependency security, health, and optimization analysis.
Maintainers
vision2030Readme
dependency-audit
The industry-standard, completely FREE NPM package for JavaScript/Node.js dependency security, health, and optimization analysis.
🎯 Project Mission
Create the most comprehensive, intelligent, and user-friendly dependency analysis tool for the JavaScript ecosystem. 100% free forever, designed to solve critical dependency management pain points that cost developers hours weekly and can cause severe security and performance issues in production applications.
✨ Features
🔒 Security Analysis
- Comprehensive Vulnerability Scanning: Checks against NPM Security Advisory, GitHub Security Advisory, Snyk, and CVE databases
- Real-time Security Monitoring: Severity scoring, exploit availability detection, and patch availability analysis
- Supply Chain Security: Detects suspicious packages, maintainer changes, and unusual dependency patterns
- Automated Security Patching: One-command fixes for common vulnerabilities
🏥 Health Assessment
- Dependency Health Scoring: Based on maintenance activity, community adoption, and code quality
- Maintenance Status Analysis: Last update frequency, maintainer responsiveness, open issue resolution
- Deprecation Detection: Identifies packages that are no longer maintained or have been superseded
- Update Recommendations: Smart suggestions for safe updates with breaking change analysis
📄 License Compliance
- Comprehensive License Analysis: Scans all dependencies for license types and conflicts
- Compliance Reporting: Generates reports for legal review and corporate compliance
- Custom License Policies: Support for allowed/forbidden license lists
- License Change Detection: Automatic alerts for license modifications
⚡ Performance & Bundle Analysis
- Bundle Size Impact: Shows exact size contribution of each dependency
- Duplicate Detection: Identifies and resolves duplicate dependencies
- Unused Code Detection: Finds potentially unused dependencies
- Performance Optimization: Recommendations for reducing bundle size and improving load times
🎛️ Advanced Features
- Interactive Dashboard: Web-based visualization with real-time monitoring
- Configuration Management: Flexible settings for different project requirements
- Programmatic API: Full JavaScript API for integration into custom tools and CI/CD
- Multiple Export Formats: JSON, HTML, and CSV reporting
- Plugin Architecture: Extensible system for custom analysis modules
🚀 Quick Start
Installation
# Install globally
npm install -g dependency-audit
# Or as a dev dependency
npm install --save-dev dependency-auditBasic Usage
# Run a full dependency audit
dependency-audit scan
# Quick health check
dependency-audit health
# Security-focused analysis
dependency-audit security
# Automatically fix issues
dependency-audit fix
# Launch interactive dashboard
dependency-audit dashboard📖 Detailed Usage
Scan Command
# Basic scan
dependency-audit scan
# Verbose output with detailed information
dependency-audit scan --verbose
# Save results to JSON file
dependency-audit scan --output results.json
# Analyze specific project path
dependency-audit scan --path /path/to/projectFix Command
# Automatically fix all issues
dependency-audit fix
# Interactive mode - ask before applying fixes
dependency-audit fix --interactive
# Disable automatic fixes
dependency-audit fix --no-auto-fixDashboard Command
# Launch dashboard on default port (3000)
dependency-audit dashboard
# Custom port and host
dependency-audit dashboard --port 8080 --host 0.0.0.0
# Don't open browser automatically
dependency-audit dashboard --no-openConfiguration Management
# Initialize project configuration
dependency-audit config init
# List current configuration
dependency-audit config list
# Get specific config value
dependency-audit config get security.severityThreshold
# Set config value
dependency-audit config set security.severityThreshold high
# Reset to defaults
dependency-audit config reset🔧 Configuration
The tool supports both global and project-specific configuration. Create a .dependency-audit.json file in your project root:
{
"security": {
"severityThreshold": "moderate",
"autoFix": false,
"ignorePatterns": []
},
"health": {
"outdatedThreshold": 30,
"unmaintainedThreshold": 365
},
"license": {
"allowedLicenses": ["MIT", "Apache-2.0", "BSD-3-Clause"],
"forbiddenLicenses": ["GPL-3.0", "AGPL-3.0"]
},
"performance": {
"bundleSizeThreshold": 1000000,
"loadTimeThreshold": 3
},
"dashboard": {
"port": 3000,
"autoOpen": true
}
}📚 Programmatic API
Use the tool programmatically in your own applications:
const DependencyAuditAPI = require('dependency-audit');
const api = new DependencyAuditAPI({ projectPath: '.' });
// Run complete audit
const results = await api.audit();
// Get health score
const score = await api.getHealthScore();
// Check for critical issues
const hasCritical = await api.hasCriticalIssues();
// Get recommendations
const recommendations = api.getRecommendations(results);
// Export results
const jsonReport = api.exportResults(results, 'json');
const htmlReport = api.exportResults(results, 'html');🎨 Dashboard
Launch the interactive web dashboard for visual analysis:
dependency-audit dashboardThe dashboard provides:
- Real-time security status
- Health metrics and trends
- Performance analysis
- Interactive dependency tree visualization
- Export capabilities
🔌 Integrations
CI/CD Integration
# GitHub Actions example
name: Dependency Audit
on: [push, pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
- run: npm install
- run: npx dependency-audit scanPre-commit Hook
{
"husky": {
"hooks": {
"pre-commit": "dependency-audit health"
}
}
}📊 Output Examples
Console Output
🔍 dependency-audit Report
Generated at: 7/4/2025, 9:21:19 PM
📦 Project Information
Name: my-project
Version: 1.0.0
License: MIT
Dependencies: 15
Dev Dependencies: 8
🔒 Security Analysis
✅ No vulnerabilities found
🏥 Health Analysis
⚠️ 3 outdated packages
📄 License Analysis
✅ No license conflicts found
⚡ Performance Analysis
✅ No duplicate dependencies
📊 Summary
Overall Health Score: 94/100 ✅
Issues found: 3 outdated packagesJSON Output
{
"project": {
"name": "my-project",
"version": "1.0.0",
"dependencies": 15
},
"security": {
"summary": {
"total": 0,
"critical": 0,
"high": 0,
"moderate": 0,
"low": 0
}
},
"health": {
"outdated": [
{
"name": "lodash",
"current": "4.17.20",
"latest": "4.17.21"
}
]
}
}🛠️ Development
Running Tests
# Run basic tests
node tests/basic.test.js
# Run API examples
node examples/api-usage.jsProject Structure
dependency-audit/
├── src/
│ ├── core/ # Core scanning engine
│ ├── analyzers/ # Analysis modules
│ ├── commands/ # CLI commands
│ ├── reporters/ # Output formatters
│ ├── config/ # Configuration management
│ └── api/ # Programmatic API
├── docs/ # Documentation
├── examples/ # Usage examples
├── tests/ # Test suite
└── index.js # CLI entry point🤝 Contributing
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
Areas to Contribute
- Security analysis modules
- Health and performance analysis
- License compliance features
- CLI and API improvements
- Documentation and examples
- Dashboard and visualization tools
- Integrations and plugins
📄 License
MIT License - 100% free forever. See LICENSE for details.
🆘 Support
- Documentation: docs/
- Issues: GitHub Issues
- Discussions: GitHub Discussions
🎯 Roadmap
- [x] Core scanning engine
- [x] Security vulnerability analysis
- [x] Health assessment
- [x] License compliance
- [x] Performance analysis
- [x] Interactive dashboard
- [x] Configuration management
- [x] Programmatic API
- [ ] AI-powered recommendations
- [ ] Advanced supply chain analysis
- [ ] Plugin ecosystem
- [ ] IDE integrations
- [ ] Advanced visualizations
Made with ❤️ for the JavaScript community