@vinean/dependency-analyzer 0.1.3 → 0.1.5

package/README.md

@@ -1,6 +1,6 @@
 # 🛡️ @vinean/dependency-analyzer
 
-A high-performance CLI for analyzing the **Replaceability**, **Maintenance**, and **Health** of your project's dependencies. Supports both **NPM** and **Go Modules**.
+A high-performance CLI for analyzing the **Replaceability**, **Maintenance**, and **Health** of your project's dependencies. Supports both **NPM packages** and **Go Modules**.
 
 ## 🚀 Usage
 
@@ -23,12 +23,26 @@ npm install -g @vinean/dependency-analyzer
 - `--ecosystem <type>`: Force ecosystem detection (`npm` or `go`). Auto-detected by default.
 - `--open=false`: Disable auto-opening the generated HTML report.
 - `--json`: Print the raw analysis summary (JSON) to stdout.
+- `--no-ghost` (**npm only**): Do not fetch package tarballs from the registry when `node_modules` is missing. Analysis uses only what is installed locally.
+- `--no-registry` (**npm only**): Skip npm registry metadata (weekly downloads, maintenance heuristics, React Native directory). Does not disable tarball fetch for code analysis; use `--no-ghost` for that.
+
+### NPM: local install first, registry fallback
+
+By default, dependencies are read from `node_modules` when present. If a direct dependency is missing on disk, the tool downloads its **exact** version from the registry (using `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock`, or a pinned version in `package.json`), analyzes the unpacked sources, and cleans up temp files per package.
+
+```bash
+# Air-gapped or CI: require a full local install
+npx @vinean/dependency-analyzer --no-ghost
+
+# Skip registry metadata but still allow tarball fetch for missing packages
+npx @vinean/dependency-analyzer --no-registry
+```
 
 ## 📊 Key Features
 
 ### 1. Replaceability Score (0-100)
 
-`@vinean/dependency-analyzer` deep-dives into your project's source code to calculate how difficult it would be to replace a dependency.
+`@vinean/dependency-analyzer` analyzes your codebase to estimate how difficult it would be to remove a dependency and replace it with your own implementation.
 
 - **Easy (0-30)**: Minimal logic, easy to replace or implement yourself.
 - **Medium (31-70)**: Moderate complexity and coupling.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vinean/dependency-analyzer",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Dependency Analyzer for npm and go packages with replaceability analysis",
   "type": "module",
   "bin": {
@@ -15,7 +15,7 @@
     "build:binaries": "node ./scripts/build-binaries.mjs",
     "prepublishOnly": "npm run build:binaries"
   },
-  "author": "Hakan Olgun <hakan@vinean.com>",
+  "author": "Hakan Olgun <hakanolgun@tutamail.com>",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/hakanolgun/dependency-analyzer.git",
@@ -24,7 +24,7 @@
   "bugs": {
     "url": "https://github.com/hakanolgun/dependency-analyzer/issues"
   },
-  "homepage": "https://github.com/hakanolgun/dependency-analyzer/tree/main/packages/dependency-analyzer#readme",
+  "homepage": "https://hakanolgun.github.io/dependency-analyzer",
   "keywords": [
     "dependency",
     "analyzer",
@@ -32,7 +32,6 @@
     "replaceability",
     "npm",
     "go",
-    "security",
     "cli",
     "scan"
   ],