Skip to main content

Missing node modules

missingNodeModulesDetectionThis check helps to detect and prevent usage of undeclared dependencies by identifying imports of packages that are not declared in your package.json.

What this check does

The check scans your codebase for import statements referencing external modules. It then cross-references these imports against the dependencies and devDependencies listed in your package.json. If an import is found that does not exist in the dependency list, it is flagged as a violation.

Why it is a problem

Failing to declare dependencies in package.json can lead to several critical issues:

  • Runtime Failures: Your application might work locally because the module happens to be present in your local node_modules (e.g., from a previous manual install), but it will fail in CI/CD or production environments where a fresh npm install is performed.
  • Broken Builds: Automated build pipelines will fail if they cannot resolve the required modules.
  • Implicit Dependency Risks: You might be using a module that is currently present because it is a transitive dependency of another package. However, since you don't have direct control over its version, an update to that other package could change the dependency tree, remove the module, or relocate it (via package manager hoisting), causing your application to break in an unpredictable way.

Configuration

Below is an example of how missingNodeModulesDetection fits within the rules array in your configuration:

{
  "rules": [
    {
      "path": ".",
      "missingNodeModulesDetection": {
        "enabled": true,
        "excludeModules": ["my-custom-local-hacked-module", "lodash"],
        "outputType": "groupByModule"
      }
    }
  ]
}

Options

  • enabled (boolean): Whether to enable missing node modules detection.
  • includeModules (array of strings): A list of specific modules to include in the analysis.
  • excludeModules (array of strings): A list of modules to exclude from the analysis.
  • outputType (string): Defines how the results are presented. Supported values:
    • list: A flat list of all violations.
    • groupByModule: Organizes results by the name of the missing module.
    • groupByFile: Organizes results by the file path where the missing import was found.
    • groupByModuleFilesCount: Organizes results by the missing module and shows how many files are importing it.

Also referred as

Undeclared Dependencies is also known as:

  • Missing dependencies
  • Undeclared dependencies
  • Unlisted dependencies
  • Missing package declarations