Gathering detailed insights and metrics for eslint-plugin-node-dependencies
Gathering detailed insights and metrics for eslint-plugin-node-dependencies
ESLint plugin to check Node.js dependencies.
Installations
npm install eslint-plugin-node-dependenciesDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
^18.17.0 || >=20.5.0
Node Version
20.19.2
NPM Version
10.8.2
Releases
19
Languages
3
TypeScript
JavaScript
Dockerfile
TypeScript (96.65%)
JavaScript (2.24%)
Dockerfile (1.12%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
18 Stars
262 Commits
3 Watchers
1 Branches
3 Contributors
Updated on Jun 19, 2025
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
1.1.2
Package Id
eslint-plugin-node-dependencies@1.1.2
Unpacked Size
86.67 kB
Size
18.49 kB
File Count
51
NPM Version
10.8.2
Node Version
20.19.2
Published on
Jun 07, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Introduction
eslint-plugin-node-dependencies is ESLint plugin to check Node.js dependencies.
::: This Plugin is still in an EXPERIMENTAL STATE :::
:name_badge: Features
This ESLint plugin checks package.json and provides linting rules related to dependencies problems.
:book: Documentation
See documents.
:cd: Installation
1npm install --save-dev eslint eslint-plugin-node-dependencies
Requirements
- ESLint v6.0.0 and above
- Node.js v14.16.0 and above
:book: Usage
Add node-dependencies to the plugins section of your eslint.config.js or .eslintrc configuration file (you can omit the eslint-plugin- prefix)
and either use one of the two configurations available (recommended) or configure the rules you want:
The recommended configuration (New Config)
The plugin.configs["flat/recommended"] config enables a subset of the rules that should be most useful to most users.
See lib/configs/rules/recommended.ts for more details.
1// eslint.config.js 2import * as nodeDependenciesPlugin from "eslint-plugin-node-dependencies" 3 4export default [ 5 ...nodeDependenciesPlugin.configs["flat/recommended"], 6];
The recommended configuration (Legacy Config)
The plugin:node-dependencies/recommended config enables a subset of the rules that should be most useful to most users.
See lib/configs/rules/recommended.ts for more details.
1// .eslintrc.js 2module.exports = { 3 "plugins": [ 4 "node-dependencies" 5 ], 6 "extends": [ 7 // add more generic rulesets here, such as: 8 // 'eslint:recommended', 9 "plugin:node-dependencies/recommended" 10 ] 11}
Advanced Configuration
Override/add specific rules configurations. See also: http://eslint.org/docs/user-guide/configuring.
1// eslint.config.js 2import * as nodeDependenciesPlugin from "eslint-plugin-node-dependencies" 3 4export default [ 5 { 6 plugins: { "node-dependencies": nodeDependenciesPlugin } 7 rules: { 8 // Override/add rules settings here, such as: 9 "node-dependencies/rule-name": "error" 10 } 11 } 12];
1// .eslintrc.js 2module.exports = { 3 "plugins": [ 4 "node-dependencies" 5 ], 6 "rules": { 7 // Override/add rules settings here, such as: 8 "node-dependencies/rule-name": "error" 9 } 10}
Parser Configuration
If you have specified a parser, you need to configure a parser for .json.
For example, if you are using the "@babel/eslint-parser", configure it as follows:
1module.exports = { 2 // ... 3 extends: [ "plugin:node-dependencies/recommended"], 4 // ... 5 parser: "@babel/eslint-parser", 6 // Add an `overrides` section to add a parser configuration for json. 7 overrides: [ 8 { 9 files: ["*.json", "*.json5"], 10 parser: "jsonc-eslint-parser", 11 }, 12 ], 13 // ... 14};
:white_check_mark: Rules
The --fix option on the command line automatically fixes problems reported by rules which have a wrench :wrench: below.
The rules with the following star :star: are included in the plugin:node-dependencies/recommended config.
Possible Errors
| Rule ID | Description | |
|---|---|---|
| node-dependencies/compat-engines | enforce the versions of the engines of the dependencies to be compatible. | :star: |
| node-dependencies/no-dupe-deps | disallow duplicate dependencies. | :star: |
| node-dependencies/valid-semver | enforce versions that is valid as a semantic version. | :star: |
Best Practices
| Rule ID | Description | |
|---|---|---|
| node-dependencies/absolute-version | require or disallow absolute version of dependency. | |
| node-dependencies/no-deprecated | disallow having dependencies on deprecate packages. | |
| node-dependencies/no-restricted-deps | Disallows dependence on the specified package. |
Stylistic Issues
| Rule ID | Description | |
|---|---|---|
| node-dependencies/prefer-caret-range-version | require caret(^) version instead of range version. | :wrench: |
| node-dependencies/prefer-tilde-range-version | require tilde(~) version instead of range version. | :wrench: |
Deprecated
- :warning: We're going to remove deprecated rules in the next major release. Please migrate to successor/new rules.
- :innocent: We don't fix bugs which are in deprecated rules since we don't have enough resources.
| Rule ID | Replaced by |
|---|---|
| node-dependencies/valid-engines | node-dependencies/compat-engines |
:rocket: To Do More Verification
Verify JSON
You can verify the JSON files by checking and installing eslint-plugin-jsonc.
Verify using JSON Schema
You can verify using JSON Schema by checking and installing eslint-plugin-json-schema-validator.
:beers: Contributing
Welcome contributing!
Please use GitHub's Issues/PRs.
Development Tools
npm testruns tests and measures coverage.npm run updateruns in order to update readme and recommended configuration.npm run new [new rule name]runs to create the files needed for the new rule.npm run docs:watchstarts the website locally.
:couple: Related Packages
- eslint-plugin-jsonc ... ESLint plugin for JSON, JSON with comments (JSONC) and JSON5.
- eslint-plugin-json-schema-validator ... ESLint plugin that validates data using JSON Schema Validator.
- jsonc-eslint-parser ... JSON, JSONC and JSON5 parser for use with ESLint plugins.
:lock: License
See the LICENSE file for license rights and limitations (MIT).
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 5/17 approved changesets -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/GHPages.yml:10
- Warn: no topLevel permission defined: .github/workflows/NodeCI.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/Release.yml:9
- Warn: no topLevel permission defined: .github/workflows/format.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/Release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/Release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/Release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/Release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/format.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/format.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:3
- Warn: containerImage not pinned by hash: .devcontainer/base.Dockerfile:3
- Warn: npmCommand not pinned by hash: .github/workflows/GHPages.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:20
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:37
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:50
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:52
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:64
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:79
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:83
- Warn: npmCommand not pinned by hash: .github/workflows/Release.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/format.yml:17
- Info: 0 out of 19 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 10 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
4.6
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More