Software Development Timesaver #7

22 Jan 2022

Often nowadays on GitHub you get these Dependabot alerts, and if you’re using Node you often have a vulnerability far down the dependency hierarchy. It is not that easy to assert just from the alert alone which dependency of your project that actually depends on the vulnerable dependency in question.

Dependabot alert

There is a handy command you can use for this:

npm ls <package_name>

For example, in the case of follow-redirects you get this output that clearly shows that follow-redirects is used by webpack-dev-server in your project:

λ npm ls follow-redirects
[email protected] C:\Projects\a-project
└─┬ [email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └── [email protected]

Equal Pasta

Software Development Timesaver #7

Related Posts

Country guesser game 14 Apr 2022

Geo Quiz Game 27 Jan 2022

Software Development Timesaver #6 15 Aug 2018