Check who depends on a package
We are using
Whitesource Renovate: Automated Dependency Updates
Renovate is a free tool by WhiteSource that allows automating dependency updates in software projects. Fully customizable with a setting to suit every workflow.
to help us keep our packages relatively up to date on one of the projects I am involved in.
It sometimes opens a PR for indirect dependencies that change only the package-lock.json , I sometimes wonder which packages actually depend on a given update, to make sure I know how to verify that they still work as they should. Here's a great command from npm that helps me do just that.
https://www.whitesourcesoftware.com/free-developer-tools/renovate/
npm-ls | npm Docs
List installed packages
By running
npm ls validatorI can easily check which packages are actually using this indirect dependency. In this particular case I was checking because we've replaced joi with zod and I was wondering if we still need that or is it a remnant of the past.
It spits out an easy to read tree:
Super helpful!