Dependency Checks rule
The @nx/dependency-checks ESLint rule enables you to discover mismatches between dependencies specified in a project's package.json and the dependencies that your project depends on. If your project is using, for example, the axios, but the package.json does not specify it as a dependency, your library might not work correctly. This rule helps catch these problems before your users do.
The rule uses the project graph to collect all the dependencies of your project, based on the input of your build target. It will filter out all the dependencies marked as devDependencies in your root package.json to ensure dependencies of your compilation pipelines (e.g. dependencies of webpack.config or vite.config) or test setups are not included in the expected list.
We use the version numbers of the installed packages when checking whether the version specifier in package.json is correct. We do this because this is the only version for which we can "guarantee" that things work and were tested. If you specify a range outside of that version, that would mean that you are shipping potentially untested code.
Usage
Library generators from @nx packages will configure this rule automatically when you opt-in for bundler/build setup. This rule is intended for publishable/buildable libraries, so it will only run if a build target is detected in the configuration (this name can be modified - see options).
Manual setup
To set it up manually for existing libraries, you need to add the dependency-checks rule to your project's ESLint configuration:
1{
2 // ... more ESLint config here
3 "overrides": [
4 {
5 "files": ["*.json"],
6 "parser": "jsonc-eslint-parser",
7 "rules": {
8 "@nx/dependency-checks": "error"
9 }
10 }
11 // ... more ESLint overrides here
12 ]
13}
14Additionally, you need to adjust your lintFilePatterns to include the project's package.json file::
1{
2 // ... project.json config
3 "targets": {
4 // ... more targets
5 "lint": {
6 "executor": "@nx/eslint:lint",
7 "outputs": ["{options.outputFile}"],
8 "options": {
9 "lintFilePatterns": [
10 "libs/my-lib/**/*.{ts,tsx,js,jsx}",
11 "libs/my-lib/package.json" // add this line
12 ]
13 }
14 }
15 }
16}
17Overriding defaults
Sometimes we intentionally want to add or remove a dependency from our package.json despite what the rule suggests. We can use the rule's options to override default behavior:
1{
2 "@nx/dependency-checks": [
3 "error",
4 {
5 "buildTargets": ["build", "custom-build"], // add non standard build target names
6 "ignoredDependencies": ["lodash"], // these libs will be omitted from checks
7 "includeTransitiveDependencies": true, // collect dependencies transitively from children
8 "ignoredFiles": ["webpack.config.js", "eslint.config.js"], // list of files that should be skipped for check
9 "checkMissingDependencies": true, // toggle to disable
10 "checkObsoleteDependencies": true, // toggle to disable
11 "checkVersionMismatches": true // toggle to disable
12 }
13 ]
14}
15Options
| Property | Type | Default | Description |
|---|---|---|---|
| buildTargets | Array<string> | ["build"] | List of build target names |
| ignoredDependencies | Array<string> | [] | List of dependencies to ignore for checks |
| includeTransitiveDependencies | boolean | false | Enable to collect dependencies of children projects |
| ignoredFiles | Array<string> | N/A | List of files to ignore when collecting dependencies. The default value will be set based on the selected executor during the generation. |
| checkMissingDependencies | boolean | true | Disable to skip checking for missing dependencies |
| checkObsoleteDependencies | boolean | true | Disable to skip checking for unused dependencies |
| checkVersionMismatches | boolean | true | Disable to skip checking if version specifier matches installed version |