We are using
to help us keep our packages relatively up to date on one of the projects I am involved in.
It sometimes opens a PR for indirect dependencies that change only the package-lock.json , I sometimes wonder which packages actually depend on a given update, to make sure I know how to verify that they still work as they should. Here's a great command from npm that helps me do just that.
npm ls validator
I can easily check which packages are actually using this indirect dependency. In this particular case I was checking because we've replaced joi with zod and I was wondering if we still need that or is it a remnant of the past.
It spits out an easy to read tree: