I Built & Published My First npm Package: dep-inspector-cli

Nevin-Bali100 — Mon, 20 Apr 2026 16:28:12 +0000

And it went from 107 → 240 weekly downloads in a day.!!!!

I've been building full-stack apps for a while now — Next.js, TypeScript, PostgreSQL, MongoDB, and much more. But I'd never shipped something to the npm registry before. *dep-inspector-cli * changed that.
Here's the honest story of what it does, why I built it, and what's coming next.

The Problem:

Every Node.js project eventually runs into this moment:
npm audit

You get a wall of text. Severity levels, CVE IDs, a list of packages - but zero context about which of your actual dependencies pulled the vulnerable one in, or what you should realistically do about it.
I wanted something that actually connected the dots.

The Solution:

What dep-inspector-cli Does

npm install -g dep-inspector-cli
dep-inspector

Run it from your project root and you get:
🌳 Visual Dependency Tree — shows your full dep graph with outdated versions flagged inline, not as a separate report.
🛡️ Vulnerability Scan — wraps npm audit but surfaces results with severity, version delta, and a breaking-change warning if the fix is a major bump.
🔗 Dependency Chains — this is the part I care most about. It traces exactly which package in your tree pulled in the vulnerable dep. No more guessing.
📦 Package Context — homepage, author, repo link for flagged packages. Because knowing what a package is matters when you're deciding whether to update or swap it out.
🤖 AI Insights (optional) — add --ai and it uses Groq (llama-3.3-70b) to give you a plain-English breakdown: what the vuln is, what it affects in your specific project, and a recommended fix.
📄 JSON Output — --json flag for CI/CD pipelines. Fail the build if vulnerabilities are found, upload reports as artifacts, the works.

Example Output:

⚠️  Vulnerability Analysis

📦 axios
  Severity   : HIGH
  Version    : 0.21.1 → 1.7.2
  ⚠️  Breaking change possible!
  Repo       : https://github.com/axios/axios
  🔗 Chain: root → axios

💡 Fix Suggestions
  → axios: npm install axios@latest

CI/CD Integration

- name: Check dependencies
  run: dep-inspector --json > dep-report.json

- name: Upload report
  uses: actions/upload-artifact@v3
  with:
    name: dependency-report
    path: dep-report.json

Tech Stack

I used following tech stack to develop the initial version of this npm package:

TypeScript (fully typed)
Commander.js for CLI parsing
Chalk + Ora for terminal UX
LangChain + Groq for the --ai flag
Semver for version comparison

What's Coming Next (v1.2+):

The current version handles vulnerability scanning well, but I want dep-inspector to be genuinely useful for production-grade projects too. Here's what I'm actively working on:

🏥 Dependency Health Scoring - an overall health score for your project's dependency tree. Factors: vulnerability count, how outdated your deps are, and whether maintainers are active. One number that tells you roughly how much debt you're carrying.
📊 Production Package Support - first-class analysis for packages like winston, pino, morgan (logging), helmet, cors, express-rate-limit (security middleware), dotenv, zod (config/validation). Currently, these show up in the tree, but there's no opinionated analysis. Coming soon: known best-practice checks and upgrade guidance specific to each ecosystem.
🔍 License Audit - flag packages with restrictive licenses (GPL, AGPL) that might be a problem in commercial projects.
📈 Trend Tracking — run dep-inspector over time and see if your health score is improving or regressing. Useful for teams that do regular dependency maintenance sprints.

Try It and can raise an issue and some suggestions in the comments:

npm install -g dep-inspector-cli
cd your-project
dep-inspector

📦 npm: npmjs.com/package/dep-inspector-cli
🐙 GitHub: https://github.com/Nevin100/Dep-inspector-cli

If it's useful, a ⭐ on GitHub goes a long way. And if you run into issues or have feature requests — PRs are open.

Revision and completing Nextronix.ai

Nevin-Bali100 — Tue, 06 May 2025 17:54:21 +0000

Just did revision of nextjs while completing the nextronix.ai Project.

Day 4 of coding and learning!!!

Nextronix.ai on the verge of complete!!

Nevin-Bali100 — Mon, 05 May 2025 16:23:06 +0000

Nextronix Diet: Forks Over Fail

Nevin-Bali100 — Sat, 03 May 2025 18:10:32 +0000

Welcome to Nextronix.ai — my AI-powered fitness diet planner, built as part of my journey to master full-stack development and AI integration! Powered by Gemini API, Vapi Voice Assistant, and crafted using Next.js, TypeScript, Convex DB, and Clerk, this project listens to your voice, gathers key details, and creates a free, personalized diet plan just for you.

🔹 AI Voice Assistant Calls (via Vapi)
🔹 Info gathering through natural conversation
🔹 Personalized fitness diet plan
🔹 Real-time database with Convex
🔹 Auth handled by Clerk
🔹 Built for learning, sharing, and consistency

Learning from the tutorial on Youtube: Codesistency

This is Day 2 (missed Day 1 😅), but I’m showing up consistently from here on!

Insightful Article Post

Nevin-Bali100 — Tue, 13 Aug 2024 18:17:39 +0000

I read this post on the dev.daily about the good and bad commit changes on the git which I found quite insightful.
It was able to draw some important conclusions regarding the approach of doing proper commits but also I would like to add my perspective that for some scenarios,one can stash their current changes and can move to higher branch.

post link : https://dev.to/sheraz4194/good-commit-vs-bad-commit-best-practices-for-git-1plc
credits: Sheraz Manzoor

My-Portfolio

Nevin-Bali100 — Mon, 12 Aug 2024 16:44:02 +0000

As a Full Stack Developer, I have created a dynamic portfolio using React JS and Framer-motion. It showcases my skills and projects, highlighting my expertise in building efficient and user-friendly web applications. Let's connect and explore new opportunities!

DEV Community: Nevin-Bali100