PackemExamplesConfigurationDependency Validation

Dependency Validation

Validate dependencies and detect issues

Dependency Validation

Packem can warn you about two common dependency problems: packages that are shamefully hoisted (relied on transitively but not declared) and packages listed in package.json but never imported. This example shows the validation.dependencies block and how to exclude false positives.

Overview

This example demonstrates:

  • Enabling hoisted and unused dependency checks
  • Excluding specific packages from each check
  • How framework presets configure these excludes
  • Detecting packages that get bundled more than once

Configuration

// packem.config.ts
import { defineConfig } from '@visulima/packem/config'
import transformer from '@visulima/packem/transformer/esbuild'

export default defineConfig({
    transformer,
    validation: {
        dependencies: {
            // Warn when dependencies are used but not declared
            // (shamefully hoisted). Provide packages to ignore.
            hoisted: {
                exclude: [],
            },

            // Warn when dependencies are declared in package.json
            // but never imported. Exclude packages that are used
            // indirectly (e.g. by a runtime/JSX import).
            unused: {
                exclude: ["react", "react-dom"],
            },
        },
    },
})

How it works

  • Hoisted check — if a package ends up in your build without being declared in package.json, Packem reports: These dependencies are shamefully hoisted: ....
  • Unused check — every key in dependencies that is never imported by your source is reported: These dependencies are listed in package.json but not used: .... Anything listed in unused.exclude is removed from that report.

Excluding packages

Each check takes an exclude array of package names. This is useful for dependencies that are present for runtime reasons but aren't statically imported — for example, react / react-dom as JSX runtimes:

validation: {
    dependencies: {
        hoisted: { exclude: [] },
        unused: { exclude: ["react", "react-dom"] },
    },
}

The React, Preact, Solid, Svelte, and Vue presets configure these excludes for you so peer runtimes aren't flagged as unused.

Disabling the checks

Set a check to false to disable just that one, or set dependencies to false to disable both:

// Disable only the unused check
validation: {
    dependencies: {
        hoisted: { exclude: [] },
        unused: false,
    },
}

// Disable both dependency checks
validation: {
    dependencies: false,
}

Detecting duplicated packages

A related check finds packages that get bundled more than once (for example, two different versions resolved through your dependency tree). It is enabled by default and configured separately under rollup.detectDuplicated:

export default defineConfig({
    transformer,
    rollup: {
        detectDuplicated: {
            // Skip specific packages/versions. Use "*" to ignore all versions.
            ignore: {
                lodash: ["*"],
            },
            // Fail the build when duplicates are found.
            throwErrorWhenDuplicated: false,
        },
    },
})

See the Duplicate packages option for the full list of detectDuplicated settings.

Edit on GitHub

On this page

Dependency ValidationOverviewConfigurationHow it worksExcluding packagesDisabling the checksDetecting duplicated packagesRelated Examples
Support

Contribute to our work and keep us going

Community is the heart of open source. The success of our packages wouldn't be possible without the incredible contributions of users, testers, and developers who collaborate with us every day.Want to get involved? Here are some tips on how you can make a meaningful impact on our open source projects.

Ready to help us out?

Be sure to check out the package's contribution guidelines first. They'll walk you through the process on how to properly submit an issue or pull request to our repositories.

Submit a pull request

Found something to improve? Fork the repo, make your changes, and open a PR. We review every contribution and provide feedback to help you get merged.

Good first issues

Simple issues suited for people new to open source development, and often a good place to start working on a package.
View good first issues