npm Package Dependency Intelligence

Analyze npm packages from the official registry.npmjs.org packument endpoint and export flattened rows for package summaries, version metadata, dependency declarations, maintainer hints, release cadence, and package hygiene signals.

This actor is built for direct package watchlists. It does not scrape npmjs.com HTML pages.

Inputs

Field	Default	Notes
packages	required	npm package names such as react, vite, express, or @types/node.
includeVersionHistory	true	Emit package_version rows. When false, only the latest version row is emitted.
includeDevDependencies	true	Include devDependencies from emitted versions.
maxVersionRowsPerPackage	100	Cap version rows per package.
maxDependencyRowsPerPackage	250	Cap dependency rows per package across emitted versions.
concurrency	5	Parallel package fetches.
timeoutMs	15000	Per-request timeout in ms.
delivery	dataset	dataset or webhook.
webhookUrl	empty	Required when delivery=webhook.
dryRun	false	Skip dataset and webhook delivery.

Dataset Rows

The dataset is flattened so it can be filtered and joined without unpacking one large object.

package_summary

• packageName, normalizedPackageName, requestedName, status
• latestVersion, description, license, homepage, repositoryUrl, bugsUrl
• keywords, author, maintainers, publisher, distTags
• versionCount, emittedVersionCount, firstPublishedAt, latestPublishedAt, modifiedAt
• releaseCadenceDays, dependencyCount, emittedDependencyCount
• nodeEngine, deprecated, warnings, fetchedAt

package_version

• packageName, version, publishedAt, distTags, isLatest
• license, nodeEngine, deprecated
• dependency group counts
• tarballUrl, shasum, integrity, unpackedSize, fetchedAt

dependency

• packageName, packageVersion
• dependencyName, normalizedDependencyName
• dependencyGroup such as runtime, development, peer, optional, or bundled
• versionSpec, rawSpec, optional, bundled, fetchedAt

Example Input

{
  "packages": ["react", "vite", "@types/node"],
  "includeVersionHistory": true,
  "includeDevDependencies": true,
  "maxVersionRowsPerPackage": 25,
  "maxDependencyRowsPerPackage": 250,
  "concurrency": 3,
  "timeoutMs": 15000,
  "delivery": "dataset",
  "webhookUrl": "",
  "dryRun": false
}

Local Development

npm install
npm test
node src/index.js

output/result.json contains the full payload for local inspection. On Apify, dataset delivery writes the flattened rows.

Limitations

• V1 is direct package lookup only; npm search and npmjs.com HTML pages are out of scope.
• Dependency declarations come from published package metadata in registry.npmjs.org/{package}.
• Historical dependency rows are capped by maxVersionRowsPerPackage and maxDependencyRowsPerPackage.