wtf-dependencies 1.0.0

package/README.md

@@ -0,0 +1,41 @@
+# WTF-Dependency ![version](https://img.shields.io/badge/version-1.0.0-blue.svg)
+
+**wtf-dependency** is a CLI tool to trace where (and how deeply) a given dependency is nested in your Node.js project's dependency tree (from package-lock.json). Useful for understanding why a package is present in node_modules.
+
+---
+
+**Install:**
+- From npm (recommended):
+	- `npm install -g wtf-dependency`
+- Or clone: `git clone <repo-url> && cd wtf-dependency && npm install`
+- (Optional, for local dev): `npm link`
+
+
+**Usage:**
+- After global install, run from any project root (where package-lock.json is):
+	- `wtf-dependency <dependency-name>`
+	- Example: `wtf-dependency lodash`
+
+**Output Examples:**
+- Direct: `Dependency path: lodash`
+- Nested: `Dependency path: foo → bar → lodash`
+- Not found: `No dependencies found in package-lock.json` or `Usage: wtf-dependency <dependency-name>`
+
+**Error Handling:**
+- No package-lock.json found: Run from the correct directory.
+- No dependencies found: Run `npm install` to generate dependencies.
+- No dependency name: Add the name to the command.
+
+**Notes:**
+- Supports npm v7+ (package-lock v2/v3) and older lockfile formats.
+- Run from your project root, not node_modules.
+
+**Contributing:**
+- Fork, branch, commit, and open a pull request.
+- For bugs/features, open an issue.
+
+**License:** ISC. See [LICENSE](LICENSE).
+
+**Changelog:**
+- 1.0.0: Initial release (npm v7+ and legacy support)
+

package/index.js

@@ -0,0 +1,68 @@
+#!/usr/bin/env node
+const fs = require('fs');
+const path = require('path');
+
+function findDependency(depName, pkgPath = process.cwd(), parents = []) {
+  const packageLockPath = path.join(pkgPath, 'package-lock.json');
+
+  if (!fs.existsSync(packageLockPath)) {
+    console.error('No package-lock.json found in', pkgPath);
+    process.exit(1);
+  }
+
+  const lockFile = JSON.parse(fs.readFileSync(packageLockPath, 'utf-8'));
+
+  // Support for package-lock v2/v3 (npm 7+)
+  if (lockFile.packages) {
+    // Build a map of package -> dependencies
+    const packageDeps = {};
+    for (const [pkgPath, pkgInfo] of Object.entries(lockFile.packages)) {
+      packageDeps[pkgPath] = pkgInfo.dependencies || {};
+    }
+
+    // Recursively search from root ('')
+    function traverseV3(currentPath, chain = []) {
+      const deps = packageDeps[currentPath] || {};
+      for (const [name, versionRange] of Object.entries(deps)) {
+        const depPath = currentPath === '' ? `node_modules/${name}` : `${currentPath}/node_modules/${name}`;
+        const newChain = [...chain, name];
+        if (name === depName) {
+          console.log('Dependency path:', newChain.join(' → '));
+        }
+        if (packageDeps[depPath]) {
+          traverseV3(depPath, newChain);
+        }
+      }
+    }
+    traverseV3('');
+    return;
+  }
+
+  // Fallback for old lockfile format
+  function traverse(deps, chain = []) {
+    for (const [name, info] of Object.entries(deps)) {
+      const newChain = [...chain, name];
+      if (name === depName) {
+        console.log('Dependency path:', newChain.join(' → '));
+      }
+      if (info.dependencies) {
+        traverse(info.dependencies, newChain);
+      }
+    }
+  }
+
+  if (!lockFile.dependencies) {
+    console.error('No dependencies found in package-lock.json');
+    process.exit(1);
+  }
+  traverse(lockFile.dependencies);
+}
+
+// CLI input
+const dep = process.argv[2];
+if (!dep) {
+  console.error('Usage: wtf-dependency <dependency-name>');
+  process.exit(1);
+}
+
+findDependency(dep);

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "wtf-dependencies",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "bin": {
+    "wtf-dependency": "index.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "read-pkg": "^10.0.0"
+  }
+}