- symlink handling consistent with node - dependency-cruiser now follows symbolic links, just like node does. Also just like in node, you can override the behaviour (issue #33/ PR #37 - @ajafff)
a breaking change, but with low or no impact - see below - package.json lookup consistent with node - dependency-cruiser now uses the package.json closest up to the file being cruised, instead of the one in the directory the cruise was started from. This behaviour is more consistent with how node & npm work, yielding more accurate results and less false positives (issue #35/ PR #38 - @ajafff)
a breaking change, but with low or no impact - see below - return all found violations per dependency - instead of only the first one. The internal API and the
errandjsonreporters now have this. The other reporters now show the most severe violation, instead of the first encountered. Could be considered a breaking change -see below for the interface change (issue #40 / PR #41). - you can set a custom severity for the
allowedrule - if you have theallowedrule set up, useallowedSeverityto set a custom severity (issue #34/ PR #39) --systemreplaced by--module-systems--system was already deprecated in favour of the latter.- ⬆️ various dependencies and devDependencies
- 📖 various documentation updates
I would like shout out with a big thanks to @ajafff for his excellent issue reports, suggestions and good quality PR's. Without you these features wouldn't have existed!
Breaking change: symlink handling consistent with node
impact classification: low.
By default dependency-cruiser now follows links when resolving dependencies. This is consistent with how NodeJS behaves itself since version 6.
In the unlikely event you use symlinks (e.g. with npm link/ yarn workspaces) and depend on the old behaviour, you can do one of these:
- use the
--preserve-symlinkscommand line option - in the
optionssection of your.dependency-cruiser.jsonadd apreserveSymlinkskey with the valuetrue.
Breaking change: package.json lookup consistent with node
impact classification: low
You might see different output from dependency-cruiser in the following cases.
- You have
package.jsons in the directory-tree below the directory you're running dependency-cruiser from. This is typical in mono-repos.
Hence in mon-repos dependency-cruiser will from now on use the package.json you intended in the first place. - You do not have a
package.jsonin the directory you're running dependency-cruiser from.
dependency-cruiserwill use the first package.json it finds going up in the directory tree.
The different output is more accurate in all cases, so you probably want to use v3.x.x even if your code base fits in one of the above criteria. If not (or if not right now) you can still use v2.x.x for a while.
API change: rule object -> rules array of objects
impact classification: low (and medium if you were hacking on the internal API):
To enable more than one rule violation per dependency to be stored, we renamed the per-dependency rule to rules and made them an array of objects, instead of just one object. An example:
before
{
"source": "node_modules/somemodule/src/somemodule.js",
"dependencies": [
{
"module": "./moar-javascript",
"resolved": "node_modules/somemodule/src/moar-javascript.js",
"moduleSystem": "cjs",
"coreModule": false,
"followable": true,
"valid": false,
"rule": {
"severity": "warn",
"name": "my-cool-rule"
}
},
...
]
},
...after
{
"source": "node_modules/somemodule/src/somemodule.js",
"dependencies": [
{
"module": "./moar-javascript",
"resolved": "node_modules/somemodule/src/moar-javascript.js",
"moduleSystem": "cjs",
"coreModule": false,
"followable": true,
"valid": false,
"rules": [{
"severity": "warn",
"name": "my-cool-rule"
},
{
"severity": "error",
"name": "not-in-allowed"
}]
},
...
]
},
...