Skip to main content

Analyze Lockfiles with the Dependency Graph Scanner

Use the Vibgrate Dependency Graph Scanner to find duplicate packages, phantom dependencies, and workspace graph issues, then export and gate on findings.

Difficulty
Intermediate
Duration
20 minutes
Steps
5

The Vibgrate Dependency Graph Scanner analyzes your lockfile for duplicate packages, phantom dependencies, and workspace graph issues. These problems bloat installs and cause subtle upgrade failures, so surfacing them early keeps your dependency tree healthy.

Prerequisites

  • A project with a lockfile (and a workspace, if applicable)
  • Vibgrate CLI installed, or use the no-install form

Steps

1. Install the CLI

npm i -g @vibgrate/cli

Or try it without installing:

npx @vibgrate/cli scan

2. Run the scan

From the project root:

vg

The Dependency Graph Scanner runs as part of the scan and analyzes your lockfile.

3. Review duplicates and phantoms

Look for findings about duplicate packages, phantom dependencies (used but not declared), and workspace graph issues. Each points to cleanup that reduces install size and upgrade friction.

4. Export the analysis

Emit machine-readable output for tooling:

vg scan --format json --out vibgrate.json

You can also export the code map in graph formats with the Vibgrate Graph tooling:

vg export

5. Gate on findings

Fail the run when error-level findings appear:

vg scan --fail-on error

Verification

Confirm the scan reported dependency-graph findings and that your exported file exists. With --fail-on error, check the exit code to confirm the gate works.

Next Steps

Pair this with the Dependency Risk scanner for deprecated and native-module packages, and explore Vibgrate Graph commands like vg map and vg hubs for architectural insights.

Prerequisites

  • A project with a lockfile
  • Vibgrate CLI installed

Steps

  • 1
    Install the CLI
  • 2
    Run the scan
  • 3
    Review duplicates and phantoms
  • 4
    Export the analysis
  • 5
    Gate on findings

Category

Vibgrate