Analyze Lockfiles with the Dependency Graph Scanner
Use the Vibgrate Dependency Graph Scanner to find duplicate packages, phantom dependencies, and workspace graph issues, then export and gate on findings.
The Vibgrate Dependency Graph Scanner analyzes your lockfile for duplicate packages, phantom dependencies, and workspace graph issues. These problems bloat installs and cause subtle upgrade failures, so surfacing them early keeps your dependency tree healthy.
Prerequisites
- A project with a lockfile (and a workspace, if applicable)
- Vibgrate CLI installed, or use the no-install form
Steps
1. Install the CLI
npm i -g @vibgrate/cli
Or try it without installing:
npx @vibgrate/cli scan
2. Run the scan
From the project root:
vg
The Dependency Graph Scanner runs as part of the scan and analyzes your lockfile.
3. Review duplicates and phantoms
Look for findings about duplicate packages, phantom dependencies (used but not declared), and workspace graph issues. Each points to cleanup that reduces install size and upgrade friction.
4. Export the analysis
Emit machine-readable output for tooling:
vg scan --format json --out vibgrate.json
You can also export the code map in graph formats with the Vibgrate Graph tooling:
vg export
5. Gate on findings
Fail the run when error-level findings appear:
vg scan --fail-on error
Verification
Confirm the scan reported dependency-graph findings and that your exported file exists. With --fail-on error, check the exit code to confirm the gate works.
Next Steps
Pair this with the Dependency Risk scanner for deprecated and native-module packages, and explore Vibgrate Graph commands like vg map and vg hubs for architectural insights.
Prerequisites
- A project with a lockfile
- Vibgrate CLI installed
Steps
- 1Install the CLI
- 2Run the scan
- 3Review duplicates and phantoms
- 4Export the analysis
- 5Gate on findings