1 min read

Check who depends on a package

We are using

Whitesource Renovate: Automated Dependency Updates
Renovate is a free tool by WhiteSource that allows automating dependency updates in software projects. Fully customizable with a setting to suit every workflow.

to help us keep our packages relatively up to date on one of the projects I am involved in.

It sometimes opens a PR for indirect dependencies that change only the package-lock.json , I sometimes wonder which packages actually depend on a given update, to make sure I know how to verify that they still work as they should. Here's a great command from npm that helps me do just that.


npm-ls | npm Docs
List installed packages

By running

npm ls validator

I can easily check which packages are actually using this indirect dependency. In this particular case I was checking because we've replaced joi with zod and I was wondering if we still need that or is it a remnant of the past.

It spits out an easy to read tree:

Super helpful!