During security audit or whenever important bugs exist in NPM packages, it will usually happen to one of specific version and developers will be asked to verify the version of installed NPM package to update.
After installing many packages, we can forget about them after sometime. Although we can easily view the version of the packages in package.json file, we should also be looking into the dependencies use in this packages.
Method to find version of installed NPM Package
- Check package.json
- List with command line <– Preferred Method
Check package.json
The most straight forward method is to view `package.json` dependencies section to see the package install in your project. However, the down side is that we can only see the first layer packages without able to view their dependences.
"dependencies": {
"react": "^18.0.0",
"redux": "^4.1.2",
"string-width": "^5.1.2"
}
List with command line
To view the list of dependencies in the terminal, we can just key in npm list
or npm ls
into the terminal at the root project directory.
$ npm ls
[email protected] /home/test
├── [email protected]
├── [email protected]
└── [email protected]
To list global packages, the easiest way is to just to append -g
to the command. Since it will always access the same global folder, we can execute this command from any directory.
$ npm ls -g
/usr/local/lib
├── [email protected]
├── [email protected]
├── [email protected]
└── [email protected]
If we want to view all the dependencies of each package, we can include --all
option into the command.
$ npm ls -all
[email protected] /home/test
├─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]
├─┬ [email protected]
│ └─┬ @babel/[email protected]
│ └── [email protected]
└─┬ [email protected]
├── [email protected]
├── [email protected]
└─┬ [email protected]
└── [email protected]
If you just want to see it to a certain depth, we can include --depth=X
base on how deep you would like to view.
$ npm ls --depth=1
[email protected] /home/test
├─┬ [email protected]
│ └── [email protected]
├─┬ [email protected]
│ └── @babel/[email protected]
└─┬ [email protected]
├── [email protected]
├── [email protected]
└── [email protected]
To view a specific package dependencies, we can key in the name of the package name that we want to find. This will save a lot of time compare to manually finding them.
$ npm ls --depth=1
[email protected] /home/test
└─┬ [email protected]
└── [email protected]
To find out more about the options that are available with the command, npm document have listed all of them. Alternatively, npm ls --help
command will also show the list of options.
Conclusion
The npm ls
can really be efficiently help scan through all the versions in one command.
No Responses Yet