npm - @vinean/dependency-analyzer - Versions diffs - 0.1.4 → 0.1.5 - Mend

@vinean/dependency-analyzer 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +14 -0
package/dist/dependency-analyzer-darwin-amd64 +0 -0
package/dist/dependency-analyzer-darwin-arm64 +0 -0
package/dist/dependency-analyzer-linux-amd64 +0 -0
package/dist/dependency-analyzer-linux-arm64 +0 -0
package/dist/dependency-analyzer-windows-amd64.exe +0 -0
package/package.json +3 -4

package/README.md CHANGED Viewed

@@ -23,6 +23,20 @@ npm install -g @vinean/dependency-analyzer
 - `--ecosystem <type>`: Force ecosystem detection (`npm` or `go`). Auto-detected by default.
 - `--open=false`: Disable auto-opening the generated HTML report.
 - `--json`: Print the raw analysis summary (JSON) to stdout.
+- `--no-ghost` (**npm only**): Do not fetch package tarballs from the registry when `node_modules` is missing. Analysis uses only what is installed locally.
+- `--no-registry` (**npm only**): Skip npm registry metadata (weekly downloads, maintenance heuristics, React Native directory). Does not disable tarball fetch for code analysis; use `--no-ghost` for that.
+### NPM: local install first, registry fallback
+By default, dependencies are read from `node_modules` when present. If a direct dependency is missing on disk, the tool downloads its **exact** version from the registry (using `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock`, or a pinned version in `package.json`), analyzes the unpacked sources, and cleans up temp files per package.
+```bash
+# Air-gapped or CI: require a full local install
+npx @vinean/dependency-analyzer --no-ghost
+# Skip registry metadata but still allow tarball fetch for missing packages
+npx @vinean/dependency-analyzer --no-registry
+```
 ## 📊 Key Features

package/dist/dependency-analyzer-darwin-amd64 CHANGED Viewed

Binary file

package/dist/dependency-analyzer-darwin-arm64 CHANGED Viewed

Binary file

package/dist/dependency-analyzer-linux-amd64 CHANGED Viewed

Binary file

package/dist/dependency-analyzer-linux-arm64 CHANGED Viewed

Binary file

package/dist/dependency-analyzer-windows-amd64.exe CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vinean/dependency-analyzer",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "Dependency Analyzer for npm and go packages with replaceability analysis",
   "type": "module",
   "bin": {
@@ -15,7 +15,7 @@
     "build:binaries": "node ./scripts/build-binaries.mjs",
     "prepublishOnly": "npm run build:binaries"
   },
-  "author": "Hakan Olgun <hakan@vinean.com>",
+  "author": "Hakan Olgun <hakanolgun@tutamail.com>",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/hakanolgun/dependency-analyzer.git",
@@ -24,7 +24,7 @@
   "bugs": {
     "url": "https://github.com/hakanolgun/dependency-analyzer/issues"
   },
-  "homepage": "https://github.com/hakanolgun/dependency-analyzer/tree/main/packages/dependency-analyzer#readme",
+  "homepage": "https://hakanolgun.github.io/dependency-analyzer",
   "keywords": [
     "dependency",
     "analyzer",
@@ -32,7 +32,6 @@
     "replaceability",
     "npm",
     "go",
-    "security",
     "cli",
     "scan"
   ],