<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Noritaka Kobayashi</title>
    <description>The latest articles on DEV Community by Noritaka Kobayashi (@noritaka1166).</description>
    <link>https://dev.to/noritaka1166</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3993871%2F706c3c94-cd5e-4f10-a3c5-78d367af97f8.jpg</url>
      <title>DEV Community: Noritaka Kobayashi</title>
      <link>https://dev.to/noritaka1166</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/noritaka1166"/>
    <language>en</language>
    <item>
      <title>I built a VS Code extension for inspecting npm dependencies and would love feedback</title>
      <dc:creator>Noritaka Kobayashi</dc:creator>
      <pubDate>Sat, 20 Jun 2026 09:47:50 +0000</pubDate>
      <link>https://dev.to/noritaka1166/i-built-a-vs-code-extension-for-inspecting-npm-dependencies-and-would-love-feedback-1cij</link>
      <guid>https://dev.to/noritaka1166/i-built-a-vs-code-extension-for-inspecting-npm-dependencies-and-would-love-feedback-1cij</guid>
      <description>&lt;p&gt;I built a VS Code extension called &lt;strong&gt;npm-dependency-manager&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;It helps inspect npm dependencies directly inside VS Code.&lt;/p&gt;

&lt;p&gt;Marketplace:&lt;br&gt;&lt;br&gt;
&lt;a href="https://marketplace.visualstudio.com/items?itemName=noritaka1166.npm-dependency-manager" rel="noopener noreferrer"&gt;https://marketplace.visualstudio.com/items?itemName=noritaka1166.npm-dependency-manager&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;GitHub:&lt;br&gt;&lt;br&gt;
&lt;a href="https://github.com/noritaka1166/vscode-npm-dependency-manager" rel="noopener noreferrer"&gt;https://github.com/noritaka1166/vscode-npm-dependency-manager&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fuu1sgzfpw6whqq5c48k2.gif" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fuu1sgzfpw6whqq5c48k2.gif" alt="npm-dependency-manager demo" width="720" height="452"&gt;&lt;/a&gt;&lt;/p&gt;
&lt;h2&gt;
  
  
  What it is
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;npm-dependency-manager&lt;/strong&gt; is a VS Code extension for inspecting dependencies from &lt;code&gt;package.json&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;It finds &lt;code&gt;package.json&lt;/code&gt; files in your workspace, lets you select one, and shows its &lt;code&gt;dependencies&lt;/code&gt; and &lt;code&gt;devDependencies&lt;/code&gt; in the sidebar and dashboard.&lt;/p&gt;

&lt;p&gt;It also uses npm registry metadata and &lt;code&gt;package-lock.json&lt;/code&gt; data to show more context about the packages installed in your project.&lt;/p&gt;
&lt;h2&gt;
  
  
  Why I built it
&lt;/h2&gt;

&lt;p&gt;When working with npm projects, I often jump between:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;code&gt;package.json&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;package-lock.json&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;npmjs.com&lt;/li&gt;
&lt;li&gt;GitHub README / releases&lt;/li&gt;
&lt;li&gt;terminal commands like &lt;code&gt;npm outdated&lt;/code&gt; and &lt;code&gt;npm audit&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That works, but once a project has many dependencies, it becomes annoying to answer simple questions like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What version am I actually using?&lt;/li&gt;
&lt;li&gt;When was the installed version published?&lt;/li&gt;
&lt;li&gt;What is the latest version?&lt;/li&gt;
&lt;li&gt;Is this package deprecated?&lt;/li&gt;
&lt;li&gt;Does it have known vulnerability signals?&lt;/li&gt;
&lt;li&gt;What license does it use?&lt;/li&gt;
&lt;li&gt;Is this a direct dependency or a transitive dependency?&lt;/li&gt;
&lt;li&gt;Can I quickly see its README or npm metadata?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;So I wanted a way to inspect dependency status without leaving VS Code.&lt;/p&gt;
&lt;h2&gt;
  
  
  Built with Codex
&lt;/h2&gt;

&lt;p&gt;I built this extension together with OpenAI Codex.&lt;/p&gt;

&lt;p&gt;The first version was small:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;find &lt;code&gt;package.json&lt;/code&gt; files in the workspace&lt;/li&gt;
&lt;li&gt;list &lt;code&gt;dependencies&lt;/code&gt; and &lt;code&gt;devDependencies&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;fetch the latest version from the npm registry&lt;/li&gt;
&lt;li&gt;show a package detail page with README content&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Then I kept using it and iterating on what felt missing.&lt;/p&gt;

&lt;p&gt;Over time, I added:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;package-lock.json&lt;/code&gt; integration&lt;/li&gt;
&lt;li&gt;npm audit advisory signals&lt;/li&gt;
&lt;li&gt;transitive dependency browsing&lt;/li&gt;
&lt;li&gt;README rendering improvements&lt;/li&gt;
&lt;li&gt;npm metadata and weekly downloads&lt;/li&gt;
&lt;li&gt;license display and filtering&lt;/li&gt;
&lt;li&gt;update actions&lt;/li&gt;
&lt;li&gt;Marketplace README / GIF / CHANGELOG preparation&lt;/li&gt;
&lt;li&gt;English and Japanese README files&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Codex helped with implementation, UI iteration, Marketplace packaging, README rendering fixes, and a lot of the small edge cases.&lt;/p&gt;

&lt;p&gt;I still made the product decisions myself: what information I wanted to see, which UI felt too noisy, what should be prioritized, and what was worth shipping.&lt;/p&gt;

&lt;p&gt;The workflow of “build a small version, try it, notice what feels wrong, improve it” was very fast with Codex.&lt;/p&gt;
&lt;h2&gt;
  
  
  Features
&lt;/h2&gt;

&lt;p&gt;Current features include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Find &lt;code&gt;package.json&lt;/code&gt; files in the current workspace&lt;/li&gt;
&lt;li&gt;Prefer the workspace root &lt;code&gt;package.json&lt;/code&gt; by default&lt;/li&gt;
&lt;li&gt;Show &lt;code&gt;dependencies&lt;/code&gt; and &lt;code&gt;devDependencies&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Search package names and descriptions&lt;/li&gt;
&lt;li&gt;Filter by dependency type&lt;/li&gt;
&lt;li&gt;Filter by update status&lt;/li&gt;
&lt;li&gt;Filter by vulnerability / deprecated / unknown audit state&lt;/li&gt;
&lt;li&gt;Show package licenses in the dependency list&lt;/li&gt;
&lt;li&gt;Filter by detected license&lt;/li&gt;
&lt;li&gt;Compare requested, resolved, and latest versions&lt;/li&gt;
&lt;li&gt;Show publish dates for current / resolved and latest versions&lt;/li&gt;
&lt;li&gt;Highlight major / minor / patch update candidates&lt;/li&gt;
&lt;li&gt;Read resolved versions from &lt;code&gt;package-lock.json&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Browse transitive dependencies&lt;/li&gt;
&lt;li&gt;Show npm audit advisory signals when resolved versions are available&lt;/li&gt;
&lt;li&gt;Show deprecated package messages&lt;/li&gt;
&lt;li&gt;Show npm metadata and weekly downloads&lt;/li&gt;
&lt;li&gt;Render package README content&lt;/li&gt;
&lt;li&gt;Fall back to GitHub README files when npm registry README content is missing or not useful&lt;/li&gt;
&lt;li&gt;Open README external links through the VS Code API&lt;/li&gt;
&lt;li&gt;Run guarded update actions from the list or detail page&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;
  
  
  License visibility
&lt;/h2&gt;

&lt;p&gt;One feature I added recently is license display.&lt;/p&gt;

&lt;p&gt;In many projects, version and security information are not the only things that matter. It can also be useful to quickly check package licenses, especially in work projects or public products.&lt;/p&gt;

&lt;p&gt;The extension shows license values directly in the dependency list.&lt;/p&gt;

&lt;p&gt;It can also filter by detected license, so you can quickly check things like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;packages using MIT&lt;/li&gt;
&lt;li&gt;packages using Apache-2.0&lt;/li&gt;
&lt;li&gt;packages with missing license metadata shown as &lt;code&gt;Unknown&lt;/code&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;
  
  
  package-lock.json integration
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;package.json&lt;/code&gt; does not always tell you the exact version installed in the project.&lt;/p&gt;

&lt;p&gt;So when a &lt;code&gt;package-lock.json&lt;/code&gt; exists next to the selected &lt;code&gt;package.json&lt;/code&gt;, the extension uses it to show resolved versions and dependency tree context.&lt;/p&gt;

&lt;p&gt;This is especially useful for vulnerability signals, because audit results are much more accurate when a resolved version is available.&lt;/p&gt;
&lt;h2&gt;
  
  
  Vulnerability signals
&lt;/h2&gt;

&lt;p&gt;The extension uses npm audit bulk advisory data to show known advisory signals.&lt;/p&gt;

&lt;p&gt;It can show direct vulnerability signals, and it also tries to surface transitive vulnerabilities when they appear through the lockfile dependency tree.&lt;/p&gt;

&lt;p&gt;This is not meant to replace &lt;code&gt;npm audit&lt;/code&gt; or CI security checks.&lt;/p&gt;

&lt;p&gt;The goal is to make potential issues easier to notice while browsing dependencies inside VS Code.&lt;/p&gt;
&lt;h2&gt;
  
  
  README rendering
&lt;/h2&gt;

&lt;p&gt;The package detail page renders README content from npm registry metadata.&lt;/p&gt;

&lt;p&gt;Some packages do not publish useful README content to the npm registry, or only expose a README path. For those cases, the extension tries to fall back to GitHub README files when possible.&lt;/p&gt;

&lt;p&gt;External links from README content are opened through the VS Code API.&lt;/p&gt;
&lt;h2&gt;
  
  
  Update actions
&lt;/h2&gt;

&lt;p&gt;For outdated direct dependencies, the extension can generate an update command.&lt;/p&gt;

&lt;p&gt;It does not silently edit your files.&lt;/p&gt;

&lt;p&gt;Instead, it shows a confirmation prompt and lets you either:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;run the command in a VS Code terminal&lt;/li&gt;
&lt;li&gt;copy the generated command&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install&lt;/span&gt; &lt;span class="s1"&gt;'package-name@latest-version'&lt;/span&gt; &lt;span class="nt"&gt;--save&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;or for dev dependencies:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install&lt;/span&gt; &lt;span class="s1"&gt;'package-name@latest-version'&lt;/span&gt; &lt;span class="nt"&gt;--save-dev&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  What I want feedback on
&lt;/h2&gt;

&lt;p&gt;This is still early, and I would love feedback from people who work with npm projects regularly.&lt;/p&gt;

&lt;p&gt;I am especially interested in:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Is this useful as a VS Code sidebar workflow?&lt;/li&gt;
&lt;li&gt;Is the dependency list too noisy?&lt;/li&gt;
&lt;li&gt;Are the update / vulnerability / deprecated / license indicators easy to understand?&lt;/li&gt;
&lt;li&gt;Is license filtering useful in real projects?&lt;/li&gt;
&lt;li&gt;Is the package detail page showing the right information?&lt;/li&gt;
&lt;li&gt;Are transitive dependencies easy to understand?&lt;/li&gt;
&lt;li&gt;Are update actions useful, or should they stay copy-only?&lt;/li&gt;
&lt;li&gt;What information would make this worth keeping installed?&lt;/li&gt;
&lt;li&gt;Any UI / UX issues?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Marketplace:&lt;br&gt;&lt;br&gt;
&lt;a href="https://marketplace.visualstudio.com/items?itemName=noritaka1166.npm-dependency-manager" rel="noopener noreferrer"&gt;https://marketplace.visualstudio.com/items?itemName=noritaka1166.npm-dependency-manager&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;GitHub Issues:&lt;br&gt;&lt;br&gt;
&lt;a href="https://github.com/noritaka1166/vscode-npm-dependency-manager/issues" rel="noopener noreferrer"&gt;https://github.com/noritaka1166/vscode-npm-dependency-manager/issues&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Thanks for reading. I would really appreciate feedback if you try it.&lt;/p&gt;

</description>
      <category>vscode</category>
      <category>npm</category>
      <category>javascript</category>
      <category>opensource</category>
    </item>
  </channel>
</rss>
