Dependency Checks rule

The @nx/dependency-checks ESLint rule enables you to discover mismatches between dependencies specified in a project's package.json and the dependencies that your project depends on. If your project is using, for example, the axios, but the package.json does not specify it as a dependency, your library might not work correctly. This rule helps catch these problems before your users do.

The rule uses the project graph to collect all the dependencies of your project, based on the input of your build target. It will filter out all the dependencies marked as devDependencies in your root package.json to ensure dependencies of your compilation pipelines (e.g. dependencies of webpack.config or vite.config) or test setups are not included in the expected list.

We use the version numbers of the installed packages when checking whether the version specifier in package.json is correct. We do this because this is the only version for which we can "guarantee" that things work and were tested. If you specify a range outside of that version, that would mean that you are shipping potentially untested code.

Keep the Package Manager Lock File Up-to-Date

The @nx/dependency-checks rule requires the presence of an up-to-date lock file in the workspace root to detect installed packages and their versions correctly. If the package.json file has changes that are not reflected in the lock file, make sure to perform a package installation.

Usage

Library generators from @nx packages will configure this rule automatically when you opt-in for bundler/build setup. This rule is intended for publishable/buildable libraries, so it will only run if a build target is detected in the configuration (this name can be modified - see options).

Manual setup

To set it up manually for existing libraries, you need to add the dependency-checks rule to your project's ESLint configuration:

<your-project-root>/.eslintrc.json
1{ 2 // ... more ESLint config here 3 "overrides": [ 4 { 5 "files": ["*.json"], 6 "parser": "jsonc-eslint-parser", 7 "rules": { 8 "@nx/dependency-checks": "error" 9 } 10 } 11 // ... more ESLint overrides here 12 ] 13} 14

Additionally, you need to adjust your lintFilePatterns to include the project's package.json file::

<your-project-root>/project.json
1{ 2 // ... project.json config 3 "targets": { 4 // ... more targets 5 "lint": { 6 "executor": "@nx/eslint:lint", 7 "outputs": ["{options.outputFile}"], 8 "options": { 9 "lintFilePatterns": [ 10 "libs/my-lib/**/*.{ts,tsx,js,jsx}", 11 "libs/my-lib/package.json" // add this line 12 ] 13 } 14 } 15 } 16} 17

Overriding defaults

Sometimes we intentionally want to add or remove a dependency from our package.json despite what the rule suggests. We can use the rule's options to override default behavior:

.eslintrc.json
1{ 2 "@nx/dependency-checks": [ 3 "error", 4 { 5 "buildTargets": ["build", "custom-build"], // add non standard build target names 6 "checkMissingDependencies": true, // toggle to disable 7 "checkObsoleteDependencies": true, // toggle to disable 8 "checkVersionMismatches": true, // toggle to disable 9 "ignoredDependencies": ["lodash"], // these libs will be omitted from checks 10 "ignoredFiles": ["webpack.config.js", "eslint.config.cjs"], // list of files that should be skipped for check 11 "includeTransitiveDependencies": true, // collect dependencies transitively from children 12 "useLocalPathsForWorkspaceDependencies": true // toggle to disable 13 } 14 ] 15} 16

Options

PropertyTypeDefaultDescription
buildTargetsArray<string>["build"]List of build target names
checkMissingDependenciesbooleantrueDisable to skip checking for missing dependencies
checkObsoleteDependenciesbooleantrueDisable to skip checking for unused dependencies
checkVersionMismatchesbooleantrueDisable to skip checking if version specifier matches installed version
ignoredDependenciesArray<string>[]List of dependencies to ignore for checks
ignoredFilesArray<string>N/AList of files to ignore when collecting dependencies. The default value will be set based on the selected executor during the generation.
includeTransitiveDependenciesbooleanfalseEnable to collect dependencies of children projects
useLocalPathsForWorkspaceDependenciesbooleanfalseSet workspace dependencies as relative file:// paths. Useful for monorepos that link via file:// in package.json files.