Chart Info

Treemap

  • Node colors represent the dependency depth;

  • Node surface represents the size of the corresponding directory under node_modules;

  • A dotted pattern in a node background means the package is a shared dependency, required by multiple packages, and present multiple times in the chart;

  • Shared dependency sizes are added to every dependent package, to represent the independent size structure properly; hence, the displayed size might be larger than the actual size on disk;

  • A red package background means the package has direct vulnerabilities;

  • A purple package background means the package depends on other vulnerable packages;

  • Click on a node to make the tooltip persist; click outside to close it;

  • When representing deep dependencies, the surface area of certain packages might reach zero, making them invisible.

Tree

  • Nodes are grouped by color based on the root dependency that they belong to;

  • Red text in a package name means the package has direct vulnerabilities;

  • Purple text in a package name means the package depends on other vulnerable packages;

  • Click on a node to make the tooltip persist; click outside to close it;

  • By default, the tree chart has a maximum depth of 7, meaning only seven levels of dependencies get represented, to keep the output readable; you can override this using the --md option.

Last updated