dependency-radar 0.1.1 → 0.2.0

package/README.md

@@ -5,7 +5,7 @@ Dependency Radar is a local-first CLI tool that inspects a Node.js project’s i
 ## What it does
 
 - Analyses installed dependencies using only local data (no SaaS, no uploads by default)
-- Combines multiple tools (npm audit, npm ls, license-checker, depcheck, madge) into a single report
+- Combines multiple tools (npm audit, npm ls, import graph analysis) into a single report
 - Shows direct vs sub-dependencies, dependency depth, and parent relationships
 - Highlights licences, known vulnerabilities, install-time scripts, native modules, and package footprint
 - Produces a single self-contained HTML file you can share or archive
@@ -26,7 +26,7 @@ npm run build
 
 ## Requirements
 
-- Node.js 18+ (required by `madge`, one of the analyzers)
+- Node.js 14.14+
 
 ## Usage
 
@@ -35,25 +35,40 @@ The simplest way to run Dependency Radar is via npx. It runs in the current dire
 Run a scan against the current project (writes `dependency-radar.html`):
 
 ```bash
-npx dependency-radar scan
+npx dependency-radar
 ```
 
+The `scan` command is the default and can also be run explicitly as `npx dependency-radar scan`.
+
+
 Specify a project and output path:
 
 ```bash
-npx dependency-radar scan --project ./my-app --out ./reports/dependency-radar.html
+npx dependency-radar --project ./my-app --out ./reports/dependency-radar.html
 ```
 
 Keep the temporary `.dependency-radar` folder for debugging raw tool outputs:
 
 ```bash
-npx dependency-radar scan --keep-temp
+npx dependency-radar --keep-temp
 ```
 
 Skip `npm audit` (useful for offline scans):
 
 ```bash
-npx dependency-radar scan --no-audit
+npx dependency-radar --no-audit
+```
+
+Output JSON instead of HTML report:
+
+```bash
+npx dependency-radar --json
+```
+
+Show options:
+
+```bash
+npx dependency-radar --help
 ```
 
 ## Scripts
@@ -70,9 +85,68 @@ npx dependency-radar scan --no-audit
 - A temporary `.dependency-radar` folder is created during the scan to store intermediate tool output.
 - Use `--keep-temp` to retain this folder for debugging; otherwise it is deleted automatically.
 - If a tool fails, its section is marked as unavailable, but the report is still generated.
-- Node.js 18+ is required because `madge` (one of the analyzers) targets Node 18+.
 
 ## Output
 
 Dependency Radar writes a single HTML file (dependency-radar.html by default).  
 The file is fully self-contained and can be opened locally in a browser, shared with others, or attached to tickets and documentation.
+
+### JSON output
+
+Use `--json` to write the aggregated scan data as JSON (defaults to `dependency-radar.json`).
+
+The JSON schema matches the `AggregatedData` TypeScript interface in `src/types.ts`. For quick reference:
+
+```ts
+export interface AggregatedData {
+  generatedAt: string;
+  projectPath: string;
+  gitBranch?: string;
+  dependencyRadarVersion?: string;
+  maintenanceEnabled: boolean;
+  environment: {
+    node: {
+      runtimeVersion: string;
+      runtimeMajor: number;
+      minRequiredMajor?: number;
+      source: 'dependency-engines' | 'project-engines' | 'unknown';
+    };
+  };
+  dependencies: DependencyRecord[];
+  toolErrors: Record<string, string>;
+  raw: RawOutputs;
+  importAnalysis?: ImportAnalysisSummary;
+}
+```
+
+For full details on `DependencyRecord`, `RawOutputs`, and related types, see `src/types.ts`.
+
+## Development
+
+### Report UI Development
+
+The HTML report UI is developed in a separate Vite project located in `report-ui/`. This provides a proper development environment with hot reload, TypeScript support, and sample data.
+
+**Start the development server:**
+
+```bash
+npm run dev:report
+```
+
+This opens the report UI in your browser with sample data covering all dependency states (various licenses, vulnerability severities, usage statuses, etc.).
+
+**Build workflow:**
+
+1. Make changes in `report-ui/` (edit `style.css`, `main.ts`, `index.html`)
+2. Run `npm run build:report` to compile and inject assets into `src/report-assets.ts`
+3. Run `npm run build` to compile the full project (this runs `build:report` automatically)
+
+**File structure:**
+
+- `report-ui/index.html` – HTML template structure
+- `report-ui/style.css` – All CSS styles
+- `report-ui/main.ts` – TypeScript rendering logic
+- `report-ui/sample-data.json` – Sample data for development
+- `report-ui/types.ts` – Client-side TypeScript types
+- `src/report-assets.ts` – Auto-generated file with bundled CSS/JS (do not edit directly)
+

package/dist/aggregator.js

@@ -78,64 +78,57 @@ function normalizeRepoUrl(url) {
     return normalized;
 }
 async function aggregateData(input) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
+    var _a, _b, _c, _d, _e, _f;
     const pkg = await (0, utils_1.readPackageJson)(input.projectPath);
     const raw = {
         audit: (_a = input.auditResult) === null || _a === void 0 ? void 0 : _a.data,
         npmLs: (_b = input.npmLsResult) === null || _b === void 0 ? void 0 : _b.data,
-        licenseChecker: (_c = input.licenseResult) === null || _c === void 0 ? void 0 : _c.data,
-        depcheck: (_d = input.depcheckResult) === null || _d === void 0 ? void 0 : _d.data,
-        madge: (_e = input.madgeResult) === null || _e === void 0 ? void 0 : _e.data
+        importGraph: (_c = input.importGraphResult) === null || _c === void 0 ? void 0 : _c.data
     };
     const toolErrors = {};
     if (input.auditResult && !input.auditResult.ok)
         toolErrors['npm-audit'] = input.auditResult.error || 'unknown error';
     if (input.npmLsResult && !input.npmLsResult.ok)
         toolErrors['npm-ls'] = input.npmLsResult.error || 'unknown error';
-    if (input.licenseResult && !input.licenseResult.ok)
-        toolErrors['license-checker'] = input.licenseResult.error || 'unknown error';
-    if (input.depcheckResult && !input.depcheckResult.ok)
-        toolErrors['depcheck'] = input.depcheckResult.error || 'unknown error';
-    if (input.madgeResult && !input.madgeResult.ok)
-        toolErrors['madge'] = input.madgeResult.error || 'unknown error';
+    if (input.importGraphResult && !input.importGraphResult.ok)
+        toolErrors['import-graph'] = input.importGraphResult.error || 'unknown error';
     // Get git branch
     const gitBranch = await getGitBranch(input.projectPath);
-    const nodeMap = buildNodeMap((_f = input.npmLsResult) === null || _f === void 0 ? void 0 : _f.data, pkg);
-    const vulnMap = parseVulnerabilities((_g = input.auditResult) === null || _g === void 0 ? void 0 : _g.data);
-    const licenseData = normalizeLicenseData((_h = input.licenseResult) === null || _h === void 0 ? void 0 : _h.data);
-    const depcheckUsage = buildUsageInfo((_j = input.depcheckResult) === null || _j === void 0 ? void 0 : _j.data);
-    const importInfo = buildImportInfo((_k = input.madgeResult) === null || _k === void 0 ? void 0 : _k.data);
+    const nodeMap = buildNodeMap((_d = input.npmLsResult) === null || _d === void 0 ? void 0 : _d.data, pkg);
+    const vulnMap = parseVulnerabilities((_e = input.auditResult) === null || _e === void 0 ? void 0 : _e.data);
+    const importGraph = normalizeImportGraph((_f = input.importGraphResult) === null || _f === void 0 ? void 0 : _f.data);
+    const importInfo = buildImportInfo(importGraph.files);
+    const importAnalysis = buildImportAnalysis(importGraph, pkg);
+    const packageUsageCounts = new Map(Object.entries(importAnalysis.packageHotness));
     const maintenanceCache = new Map();
+    const runtimeCache = new Map();
     const packageMetaCache = new Map();
     const packageStatCache = new Map();
     const dependencies = [];
-    const licenseFallbackCache = new Map();
+    const licenseCache = new Map();
+    const nodeEngineRanges = [];
     const nodes = Array.from(nodeMap.values());
     const totalDeps = nodes.length;
     let maintenanceIndex = 0;
     for (const node of nodes) {
         const direct = isDirectDependency(node.name, pkg);
-        const license = licenseData.byKey.get(node.key) ||
-            licenseData.byName.get(node.name) ||
-            licenseFallbackCache.get(node.name) ||
+        const cachedLicense = licenseCache.get(node.name);
+        const license = cachedLicense ||
             (await (0, utils_1.readLicenseFromPackageJson)(node.name, input.projectPath)) ||
             { license: undefined };
-        if (!licenseFallbackCache.has(node.name) && license.license) {
-            licenseFallbackCache.set(node.name, license);
+        if (!licenseCache.has(node.name) && (license.license || license.licenseFile)) {
+            licenseCache.set(node.name, license);
         }
         const vulnerabilities = vulnMap.get(node.name) || emptyVulnSummary();
         const licenseRisk = (0, utils_1.licenseRiskLevel)(license.license);
         const vulnRisk = (0, utils_1.vulnRiskLevel)(vulnerabilities.counts);
-        const usage = depcheckUsage.get(node.name) ||
-            (((_l = input.depcheckResult) === null || _l === void 0 ? void 0 : _l.data)
-                ? { status: 'used', reason: 'Not flagged as unused by depcheck' }
-                : { status: 'unknown', reason: 'depcheck unavailable' });
+        const usage = buildUsageInfo(node.name, packageUsageCounts, pkg);
         const maintenance = await resolveMaintenance(node.name, maintenanceCache, input.maintenanceEnabled, ++maintenanceIndex, totalDeps, input.onMaintenanceProgress);
         if (!maintenanceCache.has(node.name)) {
             maintenanceCache.set(node.name, maintenance);
         }
         const maintenanceRiskLevel = (0, utils_1.maintenanceRisk)(maintenance.lastPublished);
-        const runtimeData = classifyRuntime(node, pkg, nodeMap);
+        const runtimeData = classifyRuntime(node.key, pkg, nodeMap, runtimeCache);
         // Calculate root causes (direct dependencies that cause this to be installed)
         const rootCauses = findRootCauses(node, nodeMap, pkg);
         // Build dependedOnBy and dependsOn lists
@@ -148,6 +141,9 @@ async function aggregateData(input) {
             return child ? child.name : key.split('@')[0];
         });
         const packageInsights = await gatherPackageInsights(node.name, input.projectPath, packageMetaCache, packageStatCache, node.parents.size, node.children.size, dependedOnBy, dependsOn);
+        if (packageInsights.identity.nodeEngine) {
+            nodeEngineRanges.push(packageInsights.identity.nodeEngine);
+        }
         dependencies.push({
             name: node.name,
             version: node.version,
@@ -180,17 +176,91 @@ async function aggregateData(input) {
         });
     }
     dependencies.sort((a, b) => a.name.localeCompare(b.name));
+    const runtimeVersion = process.version.replace(/^v/, '');
+    const runtimeMajor = Number.parseInt(runtimeVersion.split('.')[0], 10);
+    const minRequiredMajor = deriveMinRequiredMajor(nodeEngineRanges);
     return {
         generatedAt: new Date().toISOString(),
         projectPath: input.projectPath,
         dependencyRadarVersion,
         gitBranch,
         maintenanceEnabled: input.maintenanceEnabled,
+        environment: {
+            node: {
+                runtimeVersion,
+                runtimeMajor: Number.isNaN(runtimeMajor) ? 0 : runtimeMajor,
+                minRequiredMajor,
+                source: minRequiredMajor === undefined ? 'unknown' : 'dependency-engines'
+            }
+        },
         dependencies,
         toolErrors,
-        raw
+        raw,
+        importAnalysis
     };
 }
+function deriveMinRequiredMajor(engineRanges) {
+    let strictest;
+    for (const range of engineRanges) {
+        const minMajor = parseMinMajorFromRange(range);
+        if (minMajor === undefined)
+            continue;
+        if (strictest === undefined || minMajor > strictest) {
+            strictest = minMajor;
+        }
+    }
+    return strictest;
+}
+function parseMinMajorFromRange(range) {
+    const normalized = range.trim();
+    if (!normalized)
+        return undefined;
+    const clauses = normalized.split('||').map((clause) => clause.trim()).filter(Boolean);
+    if (clauses.length === 0)
+        return undefined;
+    let rangeMin;
+    for (const clause of clauses) {
+        const clauseMin = parseMinMajorFromClause(clause);
+        // Conservative: skip ranges that allow any version in at least one clause.
+        if (clauseMin === undefined)
+            return undefined;
+        if (rangeMin === undefined || clauseMin < rangeMin) {
+            rangeMin = clauseMin;
+        }
+    }
+    return rangeMin;
+}
+function parseMinMajorFromClause(clause) {
+    const hyphenMatch = clause.match(/(\d+)\s*-\s*\d+/);
+    if (hyphenMatch) {
+        return Number.parseInt(hyphenMatch[1], 10);
+    }
+    const tokens = clause.replace(/,/g, ' ').split(/\s+/).filter(Boolean);
+    let clauseMin;
+    for (const token of tokens) {
+        if (token.startsWith('<'))
+            continue;
+        const major = parseMajorFromToken(token);
+        if (major === undefined)
+            continue;
+        if (clauseMin === undefined || major > clauseMin) {
+            clauseMin = major;
+        }
+    }
+    return clauseMin;
+}
+function parseMajorFromToken(token) {
+    const trimmed = token.trim();
+    if (!trimmed)
+        return undefined;
+    if (!/^[0-9^~=>v]/.test(trimmed))
+        return undefined;
+    const match = trimmed.match(/v?(\d+)/);
+    if (!match)
+        return undefined;
+    const major = Number.parseInt(match[1], 10);
+    return Number.isNaN(major) ? undefined : major;
+}
 function buildNodeMap(lsData, pkg) {
     const map = new Map();
     const traverse = (node, depth, parentKey, providedName) => {
@@ -335,40 +405,73 @@ function computeHighestSeverity(counts) {
         return 'low';
     return 'none';
 }
-function normalizeLicenseData(data) {
-    const byKey = new Map();
-    const byName = new Map();
-    if (!data)
-        return { byKey, byName };
-    Object.entries(data).forEach(([key, value]) => {
-        const lic = Array.isArray(value.licenses) ? value.licenses.join(' OR ') : value.licenses;
-        const entry = {
-            license: lic,
-            licenseFile: value.licenseFile || value.licenseFilePath
+function normalizeImportGraph(data) {
+    if (data && typeof data === 'object' && data.files && data.packages) {
+        return {
+            files: data.files || {},
+            packages: data.packages || {},
+            unresolvedImports: Array.isArray(data.unresolvedImports) ? data.unresolvedImports : []
         };
-        byKey.set(key, entry);
-        const namePart = key.includes('@', 1) ? key.slice(0, key.lastIndexOf('@')) : key;
-        if (!byName.has(namePart))
-            byName.set(namePart, entry);
-    });
-    return { byKey, byName };
+    }
+    return { files: data || {}, packages: {}, unresolvedImports: [] };
 }
-function buildUsageInfo(depcheckData) {
-    const map = new Map();
-    if (!depcheckData)
-        return map;
-    const unused = new Set([...(depcheckData.dependencies || []), ...(depcheckData.devDependencies || [])]);
-    unused.forEach((name) => {
-        map.set(name, { status: 'unused', reason: 'Marked unused by depcheck' });
-    });
-    if (Array.isArray(depcheckData.dependencies) || Array.isArray(depcheckData.devDependencies)) {
-        Object.keys(depcheckData.missing || {}).forEach((name) => {
-            if (!map.has(name)) {
-                map.set(name, { status: 'unknown', reason: 'Missing according to depcheck' });
-            }
-        });
+function buildUsageInfo(name, packageUsageCounts, pkg) {
+    const declared = Boolean((pkg.dependencies && pkg.dependencies[name]) || (pkg.devDependencies && pkg.devDependencies[name]));
+    const importedCount = packageUsageCounts.get(name) || 0;
+    if (importedCount > 0) {
+        if (declared) {
+            return {
+                status: 'imported',
+                reason: `Imported by ${importedCount} file${importedCount === 1 ? '' : 's'} (static analysis)`
+            };
+        }
+        return {
+            status: 'undeclared',
+            reason: 'Imported but not declared (may rely on transitive resolution; pnpm will usually break this)'
+        };
     }
-    return map;
+    if (declared) {
+        return {
+            status: 'not-imported',
+            reason: 'Declared but never statically imported (may be used via tooling, scripts, or runtime plugins)'
+        };
+    }
+    return {
+        status: 'unknown',
+        reason: 'Not statically imported; package is likely transitive or used dynamically'
+    };
+}
+function buildImportAnalysis(graph, pkg) {
+    const packageImporters = new Map();
+    Object.entries(graph.packages || {}).forEach(([file, packages]) => {
+        const unique = new Set(packages || []);
+        unique.forEach((pkgName) => {
+            if (!packageImporters.has(pkgName))
+                packageImporters.set(pkgName, new Set());
+            packageImporters.get(pkgName).add(file);
+        });
+    });
+    const packageHotness = {};
+    packageImporters.forEach((importers, name) => {
+        packageHotness[name] = importers.size;
+    });
+    const declared = new Set([
+        ...Object.keys(pkg.dependencies || {}),
+        ...Object.keys(pkg.devDependencies || {})
+    ]);
+    const undeclaredImports = Array.from(packageImporters.keys())
+        .filter((name) => !declared.has(name))
+        .sort();
+    return {
+        staticOnly: true,
+        notes: [
+            'Import analysis is static only.',
+            'Dynamic imports, runtime plugin loading, and tooling usage are not evaluated.'
+        ],
+        packageHotness,
+        undeclaredImports,
+        unresolvedImports: graph.unresolvedImports || []
+    };
 }
 function buildImportInfo(graphData) {
     if (!graphData || typeof graphData !== 'object')
@@ -410,24 +513,55 @@ async function resolveMaintenance(name, cache, maintenanceEnabled, current, tota
         return { status: 'unknown', reason: 'lookup failed' };
     }
 }
-function classifyRuntime(node, pkg, map) {
+function classifyRuntime(nodeKey, pkg, map, cache) {
+    const cached = cache.get(nodeKey);
+    if (cached)
+        return cached;
+    const node = map.get(nodeKey);
+    if (!node) {
+        const fallback = { classification: 'build-time', reason: 'Unknown node in dependency graph' };
+        cache.set(nodeKey, fallback);
+        return fallback;
+    }
     if (pkg.dependencies && pkg.dependencies[node.name]) {
-        return { classification: 'runtime', reason: 'Declared in dependencies' };
+        const result = { classification: 'runtime', reason: 'Declared in dependencies' };
+        cache.set(nodeKey, result);
+        return result;
     }
     if (pkg.devDependencies && pkg.devDependencies[node.name]) {
-        return { classification: 'dev-only', reason: 'Declared in devDependencies' };
+        const result = { classification: 'dev-only', reason: 'Declared in devDependencies' };
+        cache.set(nodeKey, result);
+        return result;
     }
-    if (node.dev) {
-        return { classification: 'dev-only', reason: 'npm ls marks as dev dependency' };
+    // Memoized recursion to inherit runtime class from parents; conservative for cycles.
+    const parentClasses = [];
+    const inProgress = cache.get(`__visiting__${nodeKey}`);
+    if (inProgress) {
+        const cycleFallback = { classification: 'build-time', reason: 'Dependency cycle; defaulting to build-time' };
+        cache.set(nodeKey, cycleFallback);
+        return cycleFallback;
     }
-    const hasRuntimeParent = Array.from(node.parents).some((parentKey) => {
+    cache.set(`__visiting__${nodeKey}`, { classification: 'build-time', reason: 'visiting' });
+    for (const parentKey of node.parents) {
         const parent = map.get(parentKey);
-        return parent ? !parent.dev : false;
-    });
-    if (hasRuntimeParent) {
-        return { classification: 'runtime', reason: 'Transitive of runtime dependency' };
+        if (!parent)
+            continue;
+        const parentClass = classifyRuntime(parentKey, pkg, map, cache).classification;
+        parentClasses.push(parentClass);
+    }
+    cache.delete(`__visiting__${nodeKey}`);
+    let result;
+    if (parentClasses.includes('runtime')) {
+        result = { classification: 'runtime', reason: 'Transitive of runtime dependency' };
+    }
+    else if (parentClasses.includes('build-time')) {
+        result = { classification: 'build-time', reason: 'Transitive of build-time dependency' };
     }
-    return { classification: 'build-time', reason: 'Only seen in dev dependency tree' };
+    else {
+        result = { classification: 'dev-only', reason: 'Transitive of dev-only dependency' };
+    }
+    cache.set(nodeKey, result);
+    return result;
 }
 async function gatherPackageInsights(name, projectPath, metaCache, statCache, fanIn, fanOut, dependedOnBy, dependsOn) {
     var _a;

package/dist/cli.js

@@ -6,9 +6,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const path_1 = __importDefault(require("path"));
 const aggregator_1 = require("./aggregator");
-const depcheckRunner_1 = require("./runners/depcheckRunner");
-const licenseChecker_1 = require("./runners/licenseChecker");
-const madgeRunner_1 = require("./runners/madgeRunner");
+const importGraphRunner_1 = require("./runners/importGraphRunner");
 const npmAudit_1 = require("./runners/npmAudit");
 const npmLs_1 = require("./runners/npmLs");
 const report_1 = require("./report");
@@ -21,7 +19,8 @@ function parseArgs(argv) {
         out: 'dependency-radar.html',
         keepTemp: false,
         maintenance: false,
-        audit: true
+        audit: true,
+        json: false
     };
     const args = [...argv];
     if (args[0] && !args[0].startsWith('-')) {
@@ -41,6 +40,8 @@ function parseArgs(argv) {
             opts.maintenance = true;
         else if (arg === '--no-audit')
             opts.audit = false;
+        else if (arg === '--json')
+            opts.json = true;
         else if (arg === '--help' || arg === '-h') {
             printHelp();
             process.exit(0);
@@ -49,11 +50,14 @@ function parseArgs(argv) {
     return opts;
 }
 function printHelp() {
-    console.log(`dependency-radar scan [options]
+    console.log(`dependency-radar [scan] [options]
+
+If no command is provided, \`scan\` is run by default.
 
 Options:
   --project <path>   Project folder (default: cwd)
   --out <path>       Output HTML file (default: dependency-radar.html)
+  --json             Write aggregated data to JSON (default filename: dependency-radar.json)
   --keep-temp        Keep .dependency-radar folder
   --maintenance      Enable slow maintenance checks (npm registry calls)
   --no-audit         Skip npm audit (useful for offline scans)
@@ -67,6 +71,9 @@ async function run() {
         return;
     }
     const projectPath = path_1.default.resolve(opts.project);
+    if (opts.json && opts.out === 'dependency-radar.html') {
+        opts.out = 'dependency-radar.json';
+    }
     let outputPath = path_1.default.resolve(opts.out);
     const startTime = Date.now();
     let dependencyCount = 0;
@@ -75,7 +82,7 @@ async function run() {
         const endsWithSeparator = opts.out.endsWith('/') || opts.out.endsWith('\\');
         const hasExtension = Boolean(path_1.default.extname(outputPath));
         if ((stat && stat.isDirectory()) || endsWithSeparator || (!stat && !hasExtension)) {
-            outputPath = path_1.default.join(outputPath, 'dependency-radar.html');
+            outputPath = path_1.default.join(outputPath, opts.json ? 'dependency-radar.json' : 'dependency-radar.html');
         }
     }
     catch (e) {
@@ -85,12 +92,10 @@ async function run() {
     const stopSpinner = startSpinner(`Scanning project at ${projectPath}`);
     try {
         await (0, utils_1.ensureDir)(tempDir);
-        const [auditResult, npmLsResult, licenseResult, depcheckResult, madgeResult] = await Promise.all([
+        const [auditResult, npmLsResult, importGraphResult] = await Promise.all([
             opts.audit ? (0, npmAudit_1.runNpmAudit)(projectPath, tempDir) : Promise.resolve(undefined),
             (0, npmLs_1.runNpmLs)(projectPath, tempDir),
-            (0, licenseChecker_1.runLicenseChecker)(projectPath, tempDir),
-            (0, depcheckRunner_1.runDepcheck)(projectPath, tempDir),
-            (0, madgeRunner_1.runMadge)(projectPath, tempDir)
+            (0, importGraphRunner_1.runImportGraph)(projectPath, tempDir)
         ]);
         if (opts.maintenance) {
             stopSpinner(true);
@@ -107,17 +112,21 @@ async function run() {
                 : undefined,
             auditResult,
             npmLsResult,
-            licenseResult,
-            depcheckResult,
-            madgeResult
+            importGraphResult
         });
         dependencyCount = aggregated.dependencies.length;
         if (opts.maintenance) {
             process.stdout.write('\n');
         }
-        await (0, report_1.renderReport)(aggregated, outputPath);
+        if (opts.json) {
+            await promises_1.default.mkdir(path_1.default.dirname(outputPath), { recursive: true });
+            await promises_1.default.writeFile(outputPath, JSON.stringify(aggregated, null, 2), 'utf8');
+        }
+        else {
+            await (0, report_1.renderReport)(aggregated, outputPath);
+        }
         stopSpinner(true);
-        console.log(`Report written to ${outputPath}`);
+        console.log(`${opts.json ? 'JSON' : 'Report'} written to ${outputPath}`);
         const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
         console.log(`Scan complete: ${dependencyCount} dependencies analysed in ${elapsed}s`);
     }