Dependency cruiser

A list of rules that describe dependencies that are not allowed. dependency-cruiser will emit a separate error (warning/ informational) messages for each violated rule.

A list of rules that describe dependencies that are allowed. dependency-cruiser will emit the warning message 'not-in-allowed' for each dependency that does not at least meet one of them.

How severe a violation of a rule is. The 'error' severity will make some reporters return a non-zero exit code, so if you want e.g. a build to stop when there's a rule violated: use that.

A list of rules that describe what dependencies modules must have. E.g. - every controller needs to (directly) depend on a base controller. - each source file should be the dependency of a spec file with the same base name

Criteria an end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

Criteria the 'to' end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

What to apply the rule to - modules (the default) or folders. Currently ignored for 'allowed' rules, defaulting to 'module'

Criteria an end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

Criteria the 'to' end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

What to apply the rule to - modules (the default) or folders. Currently ignored for 'allowed' rules, defaulting to 'module'

Criteria an end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

Criteria the 'to' end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

A short name for the rule - will appear in reporters to enable customers to quickly identify a violated rule. Try to keep them short, eslint style. E.g. 'not-to-core' for a rule forbidding dependencies on core modules, or 'not-to-unresolvable' for one that prevents dependencies on modules that probably don't exist.

How severe a violation of a rule is. The 'error' severity will make some reporters return a non-zero exit code, so if you want e.g. a build to stop when there's a rule violated: use that.

What to apply the rule to - modules (the default) or folders. Switching the scope to 'folder' can be useful in rules where this makes a difference like those regarding circular dependencies or instability. Only the to.moreUnstable, to.circular, and path (both from and to) attributes work at the moment. Other attributes will follow suit in later releases (depending on demand).

You can use this field to document why the rule is there.

Criteria to select the module(s) this restriction should apply to

Criteria the dependents of the module should adhere to be caught by this rule rule. Leave it empty if you want any dependent to be matched.

How severe a violation of a rule is. The 'error' severity will make some reporters return a non-zero exit code, so if you want e.g. a build to stop when there's a rule violated: use that.

What to apply the rule to - modules (the default) or folders. Currently ignored for DependentsForbiddenRules, defaulting to 'module'

Criteria an end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

Criteria the 'to' end of a dependency should match to be caught by this rule. Leave it empty if you want any module to be matched.

How severe a violation of a rule is. The 'error' severity will make some reporters return a non-zero exit code, so if you want e.g. a build to stop when there's a rule violated: use that.

What to apply the rule to - modules (the default) or folders. Currently ignored for ReachabilityForbiddenRules, defaulting to 'module'

Criteria to select the module(s) this restriction should apply to

Criteria for modules the associated module must depend on.

How severe a violation of a rule is. The 'error' severity will make some reporters return a non-zero exit code, so if you want e.g. a build to stop when there's a rule violated: use that.

What to apply the rule to - modules (the default) or folders. Currently ignored for RequiredRules, defaulting to 'module'

Whether or not to match when the module is an orphan (= has no incoming or outgoing dependencies). When this property it is part of a rule, dependency-cruiser will ignore the 'to' part.

Whether or not to match modules dependency-cruiser could not resolve (and probably aren't on disk). For this one too: leave out if you don't care either way.

Whether or not to match when following to the to will ultimately end up in the from.

Whether or not to match when the dependency is a dynamic one.

Whether or not to match when the dependency is exotically required.

true if this dependency only exists before compilation (like type only imports), false in all other cases. Only returned when the tsPreCompilationDeps is set to 'specify'.

Whether or not to match modules of any of these types (leaving out matches any of them)

Whether or not to match modules NOT of any of these types (leaving out matches none of them)

If true matches dependencies with more than one dependency type (e.g. defined in both npm and npm-dev)

When set to true moreUnstable matches for any dependency that has a higher Instability than the module that depends on it. When set to false it matches when the opposite is true; the dependency has an equal or lower Instability. This attribute is useful when you want to check against Robert C. Martin's stable dependency principle. See online documentation for examples and details. Leave this out when you don't care either way.

When set to true, matches when the dependency is in a folder above the folder of the module.

Matches when the number of times the 'to' module is used falls below (<) this number. Caveat: only works in concert with path and pathNot restrictions in the from and to parts of the rule; other conditions will be ignored. E.g. to flag modules that are used only once or not at all, use 2 here.

Matches when the number of times the 'to' module is used raises above (>) this number. Caveat: only works in concert with path and pathNot restrictions in the from and to parts of the rule; other conditions will be ignored. E.g. to flag modules that are used more than 10 times, use 10 here.

Whether or not to match modules that aren't reachable from the from part of the rule.

Whether or not to match transitive ('indirect') dependencies as well as direct ones.

a regular expression for modules to include, but not follow further

a regular expression for modules to exclude from being cruised

a regular expression for modules to cruise; anything outside it will be skipped

dependency-cruiser will include modules matching this regular expression in its output, as well as their neighbours (direct dependencies and dependents)

dependency-cruiser will include modules matching this regular expression in its output, as well as any module that reaches them - either directly or via via

dependency-cruiser will mark modules that have changed since the specified revision (or 'main', when not specified) in its output, as well as any module that reaches them - either directly or via via. NOTE: this is currently a command line only option, so if you pass this to the API or in a configuration file it will be ignored.

dependency-cruiser will mark modules matching this regular expression as 'highlighted' in its output

A list of violations found in the dependencies. The dependencies themselves also contain this information, this summary is here for convenience.

Collapse a to a folder depth by passing a single digit (e.g. 2). When passed a regex collapses to that pattern E.g. ^packages/[^/]+/ would collapse to modules/ folders directly under your packages folder.

The maximum cruise depth specified. 0 means no maximum specified. While it might look attractive to regulate the size of the output, this is not the best option to do so. Filters (exclude, includeOnly, focus), the dot and archi reporter's collapsePattern and the collapse options offer better, more reliable and more understandable results.

List of module systems to cruise. Defaults to [amd, cjs, es6]

When true, dependency-cruiser will detect dependencies in JSDoc-style import statements. Implies "parser": "tsc". Defaults to false.

When true, dependency-cruiser will detect calls to process.getBuiltinModule/ globalThis.process.getBuiltinModule imports. Defaults to false.

if true leave symlinks untouched, otherwise use the realpath. Defaults to false (which is also nodejs's default behavior since version 6)

if true combines the package.jsons found from the module up to the base folder the cruise is initiated from. Useful for how (some) mono-repos manage dependencies & dependency definitions. Defaults to false.

TypeScript project file ('tsconfig.json') to use for (1) compilation and (2) resolution (e.g. with the paths property)

if true detect dependencies that only exist before typescript-to-javascript compilation.

List of extensions to scan in addition to the extensions already covered by any available parser. Dependency-cruiser will consider files ending in these extensions but it will not examine its content or derive any of their dependencies Sample value: [".jpg", ".png", ".json"]

What external module resolution strategy to use. Defaults to 'node_modules' (not used anymore - module resolution strategy determination is automatic now)

Options to tweak what dependency-cruiser considers 'built-in' modules. If you're targeting nodejs, or don't use any built-in modules you can probably leave this alone.

Hasn't had any effect on dependency-cruiser's behaviour since a few major versions ago. If there's a need to manipulate this use the skipAnalysisNotInRules option in stead. Previously documented behaviour: When true includes de-normalized dependents in the cruise-result, even though there's no rule in the rule set that requires them. Defaults to false.

Webpack configuration file to use to get resolve options from

Options used in module resolution that for dependency-cruiser's use cannot go in a webpack config. For details please refer to the documentation of enhanced-resolve itself.

Babel configuration (e.g. '.babelrc.json') to use.

overrides the parser dependency-cruiser will use - EXPERIMENTAL. The use of 'swc' as a parser here is deprecated.

List of strings you have in use in addition to cjs/ es6 requires & imports to declare module dependencies. Use this e.g. if you've re-declared require (const want = require), use a require-wrapper (like semver-try-require) or use window.require as a hack to workaround something

Options to tweak the output of reporters

How dependency-cruiser shows progress. Defaults to 'none'.

When this flag is set to true, dependency-cruiser will calculate (stability) metrics for all modules and folders. Defaults to false.

When this flag is set to true, dependency-cruiser will calculate some stats for each module. Has some performance impact. EXPERIMENTAL Will be renamed when the 'experimental' state is lifted. Defaults to false.

When this flag is set to true, dependency-cruiser will skip all analysis that don't serve a rule. E.g. if there's no 'circular' rule in the rule set it won't analyse cycles. This flag affects cycle, dependents and orphan analysis. If you have a rule set that doesn't use one of these features, switching it to true will make cruises faster. Defaults to false for backwards compatibility. For most uses of dependency-cruiser we recommend to switch this option to true, though.

The directory dependency-cruiser should run its cruise from. Defaults to the current working directory.

• false: don't use caching.
• true or empty object: use caching with the default settings
• a string (deprecated): cache in the folder denoted by the string & use the default caching strategy. This is deprecated - instead pass a cache object e.g. { folder: 'your/cache/location' }.

Defaults to false (no caching). When caching is switched on the default cache folder is 'node_modules/.cache/dependency-cruiser/'

a boolean indicating whether or not to exclude dynamic dependencies

an array of dependency types to include, but not follow further

by default 'focus' only inlcudes the direct neighbours of the focus'ed module(s). This property makes dependency-cruiser will also include neighbors of neighbors, up to the specified depth.

Options to tweak the output of the anonymous reporter

Options to tweak the output of the dot reporters

Options to tweak the output of the dot reporters

Options to tweak the output of the dot reporters

Options to tweak the output of the dot reporters

Options to show and hide sections of the markdown reporter and to provide alternate boilerplate text

Options to tweak the output of the metrics reporter

Options to tweak the output of the mermaid reporters

Options that influence rendition of the text reporter

List of words to use to replace path elements of file names in the output with so the output isn't directly traceable to its intended purpose. When the list is exhausted, the anon reporter will use random strings patterned after the original file name in stead. The list is empty by default. Read more in https://github.com/sverweij/dependency-cruiser/blob/main/doc/cli.md#anon---obfuscated-json

By what attribute (in addition to the names of the folders/ modules) to order the metrics by. Defaults to 'instability'.

When true hides module metrics from the report. Defaults to false

When true hides folder metrics from the report. Defaults to false

Whether or not to show a title in the report. Defaults to true.

The text to show as a title of the report. E.g. '## dependency-cruiser forbidden dependency check - results'. When left out shows a default value.

Whether or not to show a summary in the report. Defaults to true.

Whether or not to give the summary a header. Defaults to true.

The text to show as a header on top of the summary. E.g. '### Summary'. When left out shows a default value.

Whether or not to show high level stats in the summary. Defaults to true.

Whether or not to show a list of violated rules in the summary. Defaults to true.

Whether or not to show rules in the list of rules for which all violations are ignored. Defaults to true.

Whether or not to show a detailed list of violations. Defaults to true.

Whether or not to show ignored violations in the detailed list. Defaults to true.

Whether or not to give the detailed list of violations a header. Defaults to true.

The text to show as a header on top of the detailed list of violations. E.g. '### All violations'. When left out shows a default value.

Whether or not to collapse the list of violations in a

The text to in the

The text to show when no violations were found. E.g. 'No violations found'. When left out shows a default value.

Whether or not to show a footer (with version & run date) at the bottom of the report. Defaults to true

Whether or not to compresses the output text. Defaults to true.

Whether or not to highlight modules that are focused with the --focus command line option (/ general option). Defaults to false

filters to apply to the reporter before rendering it (e.g. to leave out details from the graphical output that are not relevant for the goal of the report)

When passed the value 'true', shows instability metrics in the output if dependency-cruiser calculated them. Doesn't show them in all other cases. Defaults to false

A bunch of criteria to conditionally theme the dot output

If passed with the value 'true', the passed theme replaces the default one. In all other cases it extends the default theme.

Name- value pairs of GraphViz dot (global) attributes.

Name- value pairs of GraphViz dot node attributes.

Name- value pairs of GraphViz dot edge attributes.

Criteria for dependencies to exclude

Criteria for modules to only include

Criteria for modules to 'focus' on

If there was a rule violation (valid === false), this object contains the name of the rule and severity of violating it.

The circular path if the violation is about circularity

The path from the from to the to if the violation is transitive

Free format text you can e.g. use to explain why this violation can be ignored or is quarantined (only used in known-violations)

The (short, eslint style) name of the violated rule. Typically something like 'no-core-punycode' or 'no-outside-deps'.

How severe a violation of a rule is. The 'error' severity will make some reporters return a non-zero exit code, so if you want e.g. a build to stop when there's a rule violated: use that.

The name of the module

The dependency types of the module relative to the previous module in the chain it is a part of (e.g. a cycle)

The folder to store the cache in. Defaults to node_modules/.cache/dependency-cruiser

The strategy to use for caching.

• 'metadata': use git metadata to detect changes;
• 'content': use (a checksum of) the contents of files to detect changes.

'content' is useful if you're not using git or work on partial clones (which is typical on CI's). Trade-of: the 'content' strategy is typically slower.

Defaults to 'metadata'.

Whether to compress the cache or not Setting this to true will adds a few ms to the execution time, but typically reduces the cache size by 80-90%.

Defaults to false.