npm - easy-dep-graph - Versions diffs - 1.1.3 → 1.2.0 - Mend

easy-dep-graph 1.1.3 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE CHANGED Viewed

@@ -1,21 +1,21 @@
-MIT License
-Copyright (c) 2023 danisss9
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+Copyright (c) 2026 danisss9
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,130 +1,162 @@
-# Easy Dep Graph
-Easily see the dependency graph of your npm project!
-## Table of Contents
-- [Easy Dep Graph](#easy-dep-graph)
-  - [Table of Contents](#table-of-contents)
-  - [Install](#install)
-  - [Use](#use)
-  - [Arguments](#arguments)
-    - [Peer Dependencies](#peer-dependencies)
-    - [Packages](#packages)
-    - [Package Dependents](#package-dependents)
-    - [Port](#port)
-    - [No Open](#no-open)
-    - [No Force Layout](#no-force-layout)
-  - [Changelog](#changelog)
-  - [FAQs](#faqs)
-## Install
-```cmd
-npm install -g easy-dep-graph
-```
-## Use
-Run the following command on the folder where you package.json is:
-```cmd
-npx easy-dep-graph
-```
-## Arguments
-### Peer Dependencies
-Display a comprehensive view of all peer dependencies required by your project's packages. This includes:
-- Package names and required versions
-- Which packages require each peer dependency
-- Automatic conflict detection when multiple incompatible versions are required
-- Installation status (showing which peer dependencies are already installed)
-- One-click installation for missing peer dependencies
-Command: `--peer-dependencies`
-Example:
-```cmd
-npx easy-dep-graph --peer-dependencies
-```
-### Packages
-A list of packages to show on the graph separated by ','. (By default it shows all packages)
-Command: `--packages <packages names>`
-Example:
-```cmd
-npx easy-dep-graph --packages open,mustache,fastify
-```
-### Package Dependents
-This option will only show on graph the packages that depend on the submited package.
-Command: `--package-dependents <package name>`
-Example:
-```cmd
-npx easy-dep-graph --package-dependents is-docker
-```
-### Port
-The port number to be used when serving the dependency graph. (Default is 8080)
-Command: `--port <port number>`
-Example:
-```cmd
-npx easy-dep-graph --port 8000
-```
-### No Open
-Flag to not open the browser after the depedency graph is done.
-Command: `--no-open`
-Example:
-```cmd
-npx easy-dep-graph --no-open
-```
-### No Force Layout
-Flag to skip applying the force-directed layout algorithm to the dependency graph. When this flag is used, the graph will display nodes in their initial random positions without automatic layout optimization. This can be useful for very large graphs where the layout calculation might take too long, or when you want to manually arrange nodes.
-Command: `--no-force-layout`
-Example:
-```cmd
-npx easy-dep-graph --no-force-layout
-```
-## Changelog
-**Version 1.1:**
-- Added `--peer-dependencies` flag to display all peer dependencies in your project
-- Interactive peer dependency viewer with one-click installation
-- Automatic version conflict detection for peer dependencies
-- Replaced vis-network with sigma.js for dependency view
-**Version 1.0:**
-- published library
-## FAQs
-No FAQs for now. (⌐■_■)
+# Easy Dep Graph
+Easily see the dependency graph of your npm project!
+## Table of Contents
+- [Easy Dep Graph](#easy-dep-graph)
+  - [Table of Contents](#table-of-contents)
+  - [Install](#install)
+  - [Use](#use)
+  - [Arguments](#arguments)
+    - [Peer Dependencies](#peer-dependencies)
+    - [Packages](#packages)
+    - [Package Dependents](#package-dependents)
+    - [Port](#port)
+    - [No Open](#no-open)
+    - [No Force Layout](#no-force-layout)
+    - [Security Scan](#security-scan)
+  - [Changelog](#changelog)
+  - [FAQs](#faqs)
+## Install
+```cmd
+npm install -g easy-dep-graph
+```
+## Use
+Run the following command on the folder where you package.json is:
+```cmd
+npx easy-dep-graph
+```
+## Arguments
+### Peer Dependencies
+Display a comprehensive view of all peer dependencies required by your project's packages. This includes:
+- Package names and required versions
+- Which packages require each peer dependency
+- Automatic conflict detection when multiple incompatible versions are required
+- Installation status (showing which peer dependencies are already installed)
+- One-click installation for missing peer dependencies
+Command: `--peer-dependencies`
+Example:
+```cmd
+npx easy-dep-graph --peer-dependencies
+```
+### Packages
+A list of packages to show on the graph separated by ','. (By default it shows all packages)
+Command: `--packages <packages names>`
+Example:
+```cmd
+npx easy-dep-graph --packages open,mustache,fastify
+```
+### Package Dependents
+This option will only show on graph the packages that depend on the submited package.
+Command: `--package-dependents <package name>`
+Example:
+```cmd
+npx easy-dep-graph --package-dependents is-docker
+```
+### Port
+The port number to be used when serving the dependency graph. (Default is 8080)
+Command: `--port <port number>`
+Example:
+```cmd
+npx easy-dep-graph --port 8000
+```
+### No Open
+Flag to not open the browser after the depedency graph is done.
+Command: `--no-open`
+Example:
+```cmd
+npx easy-dep-graph --no-open
+```
+### No Force Layout
+Flag to skip applying the force-directed layout algorithm to the dependency graph. When this flag is used, the graph will display nodes in their initial random positions without automatic layout optimization. This can be useful for very large graphs where the layout calculation might take too long, or when you want to manually arrange nodes.
+Command: `--no-force-layout`
+Example:
+```cmd
+npx easy-dep-graph --no-force-layout
+```
+### Security Scan
+Scan your project's `node_modules` for known malicious, compromised, or typosquatted npm packages. This combines:
+- A built-in database of known malicious packages (compromised versions of axios, ua-parser-js, event-stream, colors, faker, node-ipc, and many typosquats)
+- Live vulnerability data from `npm audit`
+Results are displayed in the terminal as a severity-sorted summary and as an interactive HTML report in the browser.
+Command: `--security-scan`
+Example:
+```cmd
+npx easy-dep-graph --security-scan
+```
+Combine with other flags:
+```cmd
+npx easy-dep-graph --security-scan --port 3000 --no-open
+```
+## Changelog
+**Version 1.2:**
+- Added `--security-scan` flag to detect known malicious, compromised, and typosquatted npm packages
+- Built-in database of 40+ known compromised packages versions including axios, ua-parser-js, event-stream, coa, rc, colors, faker, node-ipc, and many typosquats
+- Integration with `npm audit` for live vulnerability data
+- Terminal summary with color-coded severity levels
+- Interactive HTML security report served in browser
+**Version 1.1:**
+- Added `--peer-dependencies` flag to display all peer dependencies in your project
+- Interactive peer dependency viewer with one-click installation
+- Automatic version conflict detection for peer dependencies
+- Replaced vis-network with sigma.js for dependency view
+**Version 1.0:**
+- published library
+## FAQs
+No FAQs for now. (⌐■_■)