.gitignore

@@ -1,2 +1,5 @@
 .DS_Store
-node_modules
+node_modules
+/package-lock.json
+/yarn.lock
+/*.tgz

.npmignore

@@ -0,0 +1,4 @@
+/test
+/.travis.yml
+/yarn.lock
+/*.tgz

.travis.yml

@@ -1,13 +1,11 @@
 language: node_js
 node_js:
-  - '0.10'
-  - '0.12'
-  - 'iojs'
-  - '4'
-  - '5'
-  - '6'
-  - '7'
-  - '8'
-  - '9'
-  - 'stable'
+  - '12'
+  - '11'
+  - '10'
+script: npm run check && npm run test-cli
 sudo: false
+jobs:
+  include:
+    - stage: linting
+      script: npm run lint

SECURITY.md

@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.x.x   | :white_check_mark: |
+| 3.x.x   | :white_check_mark: |
+| 2.10.x  | :white_check_mark: |
+| < 2.10  | :x:                |
+
+## Reporting a Vulnerability
+
+Send an e-mail to the maintainers, eg. @voxpelli through pelle@kodfabrik.se Start the subject line with `SECURITY:`
+
+The maintainers will get back to you as soon as possible and work with you to evaluate and handle the vulnerability.
+
+As none of the maintainers have maintenance commitance for this module as part of their day jobs, no promises can be made in how fast a fix can be made.
+
+Whenever feasible a patch version fixing the security vulnerability will be released and the reporting user, unless it wishes to stay anonymous, will be credited for their contribution.

cli.js

@@ -1,19 +1,29 @@
 #!/usr/bin/env node
 
-var check = require('./')
+'use strict'
 
-var args = require('minimist')(process.argv.slice(2), {
+const requiredNodeEngineMinimum = parseInt(require('./package.json').engines.node.match(/^>=(\d+)\./)[1], 10)
+const currentNodeEngine = parseInt(process.version.match(/^v(\d+)\./)[1], 10)
+
+if (currentNodeEngine < requiredNodeEngineMinimum) {
+  console.error('dependency-check: Node ' + requiredNodeEngineMinimum + ' or greater is required. `dependency-check` did not run.')
+  process.exit(0)
+}
+
+const check = require('./')
+
+const args = require('minimist')(process.argv.slice(2), {
   default: {
     missing: false,
-    extra: false,
+    unused: false,
     dev: true,
-    'default-entries': true
+    'default-entries': true,
+    verbose: false
   },
-  boolean: ['missing', 'extra', 'dev', 'version', 'ignore', 'default-entries'],
+  boolean: ['missing', 'unused', 'dev', 'version', 'ignore', 'default-entries', 'verbose'],
   alias: {
-    extra: 'unused',
     'ignore-module': 'i',
-    'extensions': 'e'
+    extensions: 'e'
   }
 })
 
@@ -23,31 +33,31 @@ if (args.version) {
 }
 
 if (args.help || args._.length === 0) {
-  console.log('\nUsage: dependency-check <path to package.json or module folder> <additional entries to add> <options>')
-
+  console.log('\nUsage: dependency-check <path to entry file, package.json or module folder> <additional entry paths to add> <options>')
+  console.log('\nEntry paths supports globbing for easy adding of eg. entire folders.')
   console.log('\nOptions:')
-  console.log('--missing (default)   Check to make sure that all modules in your code are listed in your package.json')
-  console.log('--unused, --extra     The inverse of the --missing check and will tell you which modules in your package.json *were not* used in your code')
+  console.log('--missing             Only check to make sure that all modules in your code are listed in your package.json')
+  console.log('--unused              Only check which modules listed in your package.json *are not* used in your code')
   console.log("--no-dev              Won't tell you about devDependencies that are missing or unused")
   console.log("--no-peer             Won't tell you about peerDependencies that are missing or unused")
-  console.log("--ignore-module, -i   Won't tell you about these module names when missing or unused")
-  console.log('--entry               By default your main and bin entries from package.json will be parsed, but you can add more the list of entries by passing them in as --entry')
-  console.log("--no-default-entries  Won't parse your main and bin entries from package.json will be parsed")
+  console.log("--ignore-module, -i   Won't tell you about these module names when missing or unused. Supports globbing")
+  console.log("--no-default-entries  Won't parse your main and bin entries from package.json even when a package.json or module folder has been defined")
   console.log('--detective           Requireable path containing an alternative implementation of the detective module that supports alternate syntaxes')
   console.log("--extensions, -e      List of file extensions with detective to use when resolving require paths. Eg. 'js,jsx:detective-es6'")
   console.log('--version             Show current version')
   console.log('--ignore              To always exit with code 0 pass --ignore')
+  console.log('--verbose             Enable logging of eg. success message')
   console.log('')
 
   process.exit(1)
 }
 
 function extensions (arg) {
   if (!arg) return undefined
-  var extensions = {}
+  const extensions = {}
 
   function add (value) {
-    var parts = value.trim().split(':', 2)
+    const parts = value.trim().split(':', 2)
 
     parts[0].split(',').forEach(function (ext) {
       extensions[ext.charAt(0) === '.' ? ext : '.' + ext] = parts[1]
@@ -65,40 +75,53 @@ function extensions (arg) {
 
 check({
   path: args._.shift(),
-  entries: args._.concat(args.entry || []),
+  entries: args._,
   noDefaultEntries: !args['default-entries'],
   extensions: extensions(args.e),
   detective: args.detective
-}, function (err, data) {
-  if (err) {
-    console.error(err.message)
-    return process.exit(1)
-  }
-  var pkg = data.package
-  var deps = data.used
-  var failed = 0
-  var options = {
-    excludeDev: args.dev === false,
-    excludePeer: args.peer === false,
-    ignore: [].concat(args.i || [])
-  }
-  if (args.extra) {
-    var extras = check.extra(pkg, deps, options)
-    failed += extras.length
-    if (extras.length) {
-      console.error('Fail! Modules in package.json not used in code: ' + extras.join(', '))
-    } else {
-      console.log('Success! All dependencies in package.json are used in the code')
+})
+  .then(data => {
+    const pkg = data.package
+    const deps = data.used
+    let failed = 0
+    const options = {
+      excludeDev: args.dev === false,
+      excludePeer: args.peer === false,
+      ignore: [].concat(args.i || [])
     }
-  }
-  if (args.missing || !args.extra) {
-    var missing = check.missing(pkg, deps, options)
-    failed += missing.length
-    if (missing.length) {
-      console.error('Fail! Dependencies not listed in package.json: ' + missing.join(', '))
-    } else {
-      console.log('Success! All dependencies used in the code are listed in package.json')
+
+    const runAllTests = !args.extra && !args.missing
+
+    if (runAllTests || args.unused) {
+      const extras = check.extra(pkg, deps, options)
+      failed += extras.length
+      if (extras.length) {
+        console.error('Fail! Modules in package.json not used in code: ' + extras.join(', '))
+      } else if (args.verbose) {
+        console.log('Success! All dependencies in package.json are used in the code')
+      }
     }
-  }
-  process.exit(args.ignore || !failed ? 0 : 1)
-})
+    if (runAllTests || args.missing) {
+      const optionsForMissingCheck = runAllTests
+        ? Object.assign({}, options, {
+          excludeDev: false,
+          excludePeer: false
+        })
+        : options
+
+      const missing = check.missing(pkg, deps, optionsForMissingCheck)
+
+      failed += missing.length
+
+      if (missing.length) {
+        console.error('Fail! Dependencies not listed in package.json: ' + missing.join(', '))
+      } else if (args.verbose) {
+        console.log('Success! All dependencies used in the code are listed in package.json')
+      }
+    }
+    process.exit(args.ignore || !failed ? 0 : 1)
+  })
+  .catch(err => {
+    console.error(err.message)
+    process.exit(1)
+  })

collaborators.md

@@ -2,6 +2,8 @@
 
 dependency-check is only possible due to the excellent work of the following collaborators:
 
-<table><tbody><tr><th align="left">voxpelli</th><td><a href="https://github.com/voxpelli">GitHub/voxpelli</a></td></tr>
-<tr><th align="left">maxogden</th><td><a href="https://github.com/maxogden">GitHub/maxogden</a></td></tr>
-</tbody></table>
+| Nickname    | Profile                                              |
+|-------------|------------------------------------------------------|
+| blakeembrey | [GitHub/blakeembrey](https://github.com/blakeembrey) |
+| voxpelli    | [GitHub/voxpelli](https://github.com/voxpelli)       |
+| maxogden    | [GitHub/maxogden](https://github.com/maxogden)       |