This Python package converts a package-lock.json
file into a CSV file containing detailed information about project dependencies, including their versions, integrity, and metadata. It also fetches the latest versions of the packages from the NPM registry.
- Parse JSON: Reads and processes
package-lock.json
into a structured DataFrame using Pandas. - Extract Key Information: Captures current version, integrity hash, requirements, and nested dependencies.
- Check Dependencies: Identifies if a package has dependencies.
- Fetch Latest Versions: Uses the NPM registry API to get the most recent version of each package.
- Export to CSV: Outputs the cleaned and enriched data to
dependencies.csv
.
Before running the script, ensure you have:
- Python 3.x installed.
- Required libraries:
pip install pandas requests
The script reads the package-lock.json
file and parses it into a Pandas DataFrame for easy manipulation.
- Renames columns for better readability:
name
→Project
version
→Current Version
dependencies
→dict
- Adds new columns to store additional information:
Latest Version
Integrity
Requires
Dependencies
hasDependencies
(boolean flag indicating whether a dependency has its own dependencies)
Extracts and processes data from the dependencies
dictionary:
- Current Version: Retrieves the version of each package.
- Integrity Hash: Captures the package's integrity value if available.
- Nested Dependencies: Lists any nested dependencies along with their versions.
- Required Versions: Lists required versions of dependencies.
For each package, the script queries the NPM registry API (https://registry.npmjs.org/:package
) to fetch the latest available version and populates the Latest Version
column.
The final DataFrame is saved as a CSV file named dependencies.csv
.
- Run the script:
depster path/to/package-lock.json
The output file, dependencies.csv
, will be created in the same directory as the script.
The resulting CSV file will include the following columns:
Packages | Project | Current Version | Latest Version | Integrity | Requires | Dependencies | hasDependencies |
---|---|---|---|---|---|---|---|
1 | Example1 | 1.0.0 | 1.2.0 | abc123... | dep1: ^1.0.0, dep2: | dep3: 1.1.0, dep4: | True |
- The script sends a separate request to the NPM registry for each package. This can slow down processing for projects with a large number of dependencies.
- Warnings are suppressed in the script for a cleaner execution log.
- The script assumes a specific structure for the
package-lock.json
file. - An active internet connection is required to fetch the latest package versions.
This project is open-source and available under the MIT License.