Dependency RadarDependency Radar
GitHubLog in

One command.
Total clarity.

Dependency Radar is a free, open-source CLI tool that inspects your JavaScript and TypeScript dependencies and generates a single self-contained report.

Run it in the root of your project:

npx dependency-radar

No accounts. No uploads. Nothing leaves your machine.

View on GitHub →
Dependency Radar report preview

The report

See the report

Dependency Radar produces a single interactive report that lets you explore your dependency graph without digging through lockfiles or npm pages.

Each dependency answers three questions:

What is this package doing here?

Which root dependency introduced it and how deep it sits in the graph.

What risk or cost does it introduce?

Licences, vulnerabilities, install scripts, and dependency surface.

What would it take to change or remove it?

Upgrade signals, dependency fan-out, and potential blast radius.

Free & open source

The free CLI tool

Dependency Radar is a dependency analysis and visualisation tool for the Node.js ecosystem. It analyses npm dependencies and works with any project that installs packages using npm-compatible package managers.

Modern JavaScript projects often depend on hundreds or thousands of packages. Understanding them usually means jumping between npm audit, npm outdated, registry pages, lockfiles, and GitHub repos. Dependency Radar brings that context together in one report.

Dependency context

Where a package comes from and whether it is direct or transitive.

Risk & compliance

Licence validation, vulnerability data, and install-time execution signals.

Upgrade friction

Peer constraints, Node engine requirements, deprecated packages, and native bindings.

Dependency surface

What each package depends on and how much complexity it introduces.

Visual dependency graph

Explore the relationships between packages interactively.

All of this is available locally from the free CLI.

Understand the dependencies behind modern codebases

Dependency Radar is useful whenever you need to understand a project's dependency graph. For example:

Reviewing dependencies before a releaseAssessing an unfamiliar codebasePerforming technical due diligencePreparing for licence or security reviewsEvaluating the risks of a new frameworkUnderstanding what an AI-generated project depends on

Local scanning

How Dependency Radar scans your project

Dependency Radar scans your installed dependencies and turns them into an actionable report, in seconds, entirely on your machine. Nothing is uploaded. No account required.

Detect the project environment

Dependency Radar identifies your package manager (npm, pnpm, or Yarn), reads your workspace configuration, and locates lockfiles so it understands exactly how dependencies are resolved before analysis begins.

Build the full dependency graph

The dependency tree is constructed directly from lockfiles rather than package manager CLI output, ensuring deep transitive dependencies are captured accurately, even in large workspaces.

Inspect installed packages

Dependency Radar crawls `node_modules` in read-only mode, collecting licence declarations, install scripts, peer dependency constraints, native bindings, and other package metadata from files already on your machine.

Gather ecosystem signals

Where available, the CLI collects vulnerability advisories via `npm audit`, `pnpm audit`, or `yarn audit`, and version drift via the equivalent `outdated` commands. These commands may briefly contact the package registry.

Analyse usage and upgrade risk

Static analysis of your source files identifies how each dependency is actually used, runtime, tooling, or testing, and highlights potential upgrade blockers such as engine constraints, peer requirements, or native bindings.

Generate the report

All signals are combined into a single self-contained report you can open in any browser, share with teammates, or attach to a ticket. No server, no login, and no external services required.

Prefer air-gapped or offline scans?

Use --offline to skip registry calls entirely.

Output artefacts

dependency-radar.html

Visual report for interactive analysis

dependency-radar.json

Machine-readable output for automation and CI pipelines

For a deeper technical explanation, see the Dependency Radar CLI README.

Premium analysis

When you need help deciding what to do next

The CLI report is designed for engineers exploring their dependency graph. Sometimes you need help turning that information into decisions. Upload your Dependency Radar report and receive additional analysis based on curated package data and ecosystem signals.

Maintenance signals

Identify packages that are archived, deprecated, abandoned, or losing maintainer activity.

Prioritised actions

Understand which dependencies are worth fixing first based on risk and impact.

Upgrade guidance

Spot packages likely to cause friction when upgrading Node or major dependencies.

Executive summaries

Clear explanations suitable for leadership, audits, or security reviews.

The premium service builds on the same report generated by the CLI. The CLI remains free and open source.

How it works

Run the CLI locally

Execute npx dependency-radar in the root of your project.

Generate a dependency report

A single HTML file is created containing everything about your dependencies.

Upload for additional analysis

Optionally upload the report for prioritised actions, upgrade guidance, and more.

No repository access required.

Get started

Run Dependency Radar in your project, then explore the report locally. Analyse it further if you want deeper insights.

npx dependency-radar
View on GitHub →