npm-hax
npm-hax is a replacement for the npm binary that lets you blacklist
dependencies at any depth in your dependency tree. I was motivated to write
this after finding four different versions of request
in my dependency tree, which was noticeably slowing down my program's startup.
Don't use this unless you know what you're doing. It's probably better to submit pull requests bumping minor versions or changing them to lock to major versions.
Install
In your project, run:
npm install -g npm-hax
or install from the GitHub repo:
npm install -g ludios/npm-hax
Usage
The syntax is:
DEPS_BLACKLIST="module/dep ..." npm-hax any-npm-command
which will prevent npm from seeing "dep": "version" in both dependencies
and devDependencies in any package.json with "name": "module".
Example
rm -rf node_modulesDEPS_BLACKLIST="googleapis/request google-auth-library/request \gtoken/request gapitoken/request" npm-hax installfind node_modules/ | grep request# victory dance Remember to run npm-hax and not npm!!
Prebuild removal feature
Some packages like leveldown use prebuild, which has a massive dependency
tree but is not actually needed if you're building the package yourself. Simply
removing prebuild using DEPS_BLACKLIST is an incomplete solution: npm
still tries to run prebuild scripts mentioned in package.json, thus breaking
npm install. So npm-hax also supports removing all 'scripts' in package.json
that start with "prebuild " with REMOVE_PREBUILD=1. If you are versioning
node_modules/, this lets you avoid keeping prebuild's dependency tree around.