DEV Community: Raj K

Depmender Update: Parallel Package Checking

Raj K — Thu, 12 Mar 2026 05:59:30 +0000

Parallel Package Checking (10–50x Faster)

One of the biggest improvements in the latest Depmender update is Parallel Package Checking, designed to dramatically speed up dependency scanning.

Previously, Depmender scanned dependencies sequentially, meaning each package was checked one after another. While this worked fine for small projects, it became slower as the number of dependencies increased.

With the new update, Depmender now uses parallel processing, allowing multiple packages to be analyzed at the same time.

🚀 What Changed
1️⃣ Parallel Outdated Package Scanning

The OutdatedScanner.ts module has been upgraded.

Before

Dependencies were checked one-by-one using a for...of loop.

for (const pkg of packages) {
  await checkPackage(pkg)
}

After

All packages are checked simultaneously using Promise.all().

await Promise.all(
  packages.map(pkg => checkPackage(pkg))
)

This significantly reduces scan time, especially for projects with many dependencies.

2️⃣ Parallel Security Scanning

The SecurityScanner.ts received an even bigger upgrade.

Previously it performed:
Sequential package scanning
Sequential vulnerability processing

Now it performs:
Parallel package scanning
Parallel vulnerability analysis

This double parallelization dramatically speeds up security checks.

🎯 Why This Matters

Modern JavaScript projects often have dozens or even hundreds of dependencies.

Slow dependency scans can interrupt developer workflows, slow CI pipelines, and reduce productivity.

With parallel scanning, Depmender becomes:
⚡ Much faster
📈 More scalable
🔄 CI/CD friendly
🧠 Efficient for large projects

🔗 GitHub Repo:- https://github.com/r2708/depmender

Depmender vNext: Introducing the New Config Folder (Full Custom Control for Your Project)

Raj K — Tue, 03 Mar 2026 08:09:59 +0000

We’re excited to introduce a major improvement in Depmender — the brand-new config folder system.

With this update, Depmender becomes more powerful, flexible, and team-friendly than ever before.

When you run:depmender init

Depmender now automatically creates a dedicated configuration folder containing: depmender.config.js

This file gives you full control over how Depmender scans, fixes, reports, and integrates with your workflow.

📁 What’s Inside depmender.config.js?

The config file is divided into 3 powerful sections:

rules – Scanning Rules
autoFix – Auto-Fix Settings
output – Output Customization

Each section allows you to tailor Depmender according to your project’s needs.

1️⃣ Scanning Rules (rules)

Control how strict Depmender should be while scanning dependencies.

✅ maxOutdatedDays – Control outdated packages

maxOutdatedDays: 90  // Default – packages older than 90 days flagged
maxOutdatedDays: 30  // Strict mode
maxOutdatedDays: 180 // Relaxed mode

You decide how old is “too old”.

✅ allowedVulnerabilities – Ignore specific severity levels

allowedVulnerabilities: []  
allowedVulnerabilities: ['low']
allowedVulnerabilities: ['low', 'moderate']

Perfect for teams that don’t want low-severity noise in reports.

✅ excludePackages – Skip specific packages (with wildcard support)

excludePackages: [
  '@types/*',
  'eslint-*',
  'react',
  'lodash',
  'webpack-*'
]

You can:

Skip internal tools
Ignore specific libraries
Use wildcard patterns

✅ includeDev – Scan devDependencies or not

includeDev: true   // Default
includeDev: false  // Production-only scan

Useful for production-critical systems.

2️⃣ Auto-Fix Settings (autoFix)

Control how Depmender applies fixes.

✅ enabled – Turn automatic fixes on/off

enabled: false // Safe (default)
enabled: true  // Fully automatic

✅ confirmBeforeFix – Ask before applying fixes

confirmBeforeFix: true
confirmBeforeFix: false

Great balance between safety and speed.

✅ backupBeforeFix – Create a backup before changes

backupBeforeFix: true  // Recommended
backupBeforeFix: false

Prevents accidental breakage.

✅ maxRiskLevel – Control risk tolerance

maxRiskLevel: 'low'
maxRiskLevel: 'medium'   // Default
maxRiskLevel: 'high'
maxRiskLevel: 'critical'

You choose how aggressive Depmender should be.

3️⃣ Output Customization (output)

Customize how Depmender reports results.

✅ format – Choose output style

format: 'minimal'
format: 'detailed'  // Default
format: 'json'      // Ideal for CI/CD

✅ showSuccessMessages

showSuccessMessages: true
showSuccessMessages: false

Reduce noise if needed.

✅ colors – Enable or disable colored output

colors: true   // Default
colors: false  // Better for CI pipelines

🎯 Why This Update Matters

With this new config system, you can:
✅ Define project-specific rules
✅ Control auto-fix behavior
✅ Customize output format
✅ Exclude specific packages
✅ Set vulnerability tolerance levels
✅ Separate production and development scanning
✅ Match your team’s workflow perfectly

Depmender is no longer just a scanning tool — it’s now a fully customizable dependency management system.

💡 Final Thoughts

Every project is different.
Some teams prefer strict dependency policies.
Some prefer flexibility.
Some need CI/CD automation.

With the new depmender.config.js, you’re in full control.

This update makes Depmender:
✔ More scalable
✔ More team-friendly
✔ More automation-ready
✔ Production-aware
✔ Enterprise-capable

Github Repo:- https://github.com/r2708/depmender

From 17 Commands to Just 5 Powerful Ones

Raj K — Thu, 19 Feb 2026 17:34:20 +0000

Depmender is now cleaner, smarter, and easier to use than ever. We removed 17 standalone commands and unified everything into just 5 essential, powerful commands — making dependency management faster, simpler, and more developer-friendly.

Why We Simplified Depmender

As Depmender grew, it accumulated multiple standalone commands like:

install-missing, remove-unused, dependency-sync, version-fix, fix-versions, update-deps, cleanup, dedupe, sort, validate, deep-scan, repair, auto-fix, normalize, optimize, sync, resolve.

While powerful, this created:

❌ Command confusion

❌ Too many things to remember

❌ Redundant functionality

❌ Poor developer experience

So we made a bold decision:

🔥 Replace ALL of them with ONE unified command: depmender fix

Now everything runs automatically under a single intelligent command.

Resolve conflicts

Auto-repair broken installs

Deep scan fixes

Validation

Cleanup

Instead of 17 commands… now just: depmender fix

One command. Everything fixed.

4️⃣ depmender upgrade

Upgrade all dependencies to their latest stable versions.

New dedicated upgrade command for better separation of concerns.

5️⃣ depmender init

Initialize Depmender configuration file in your project.

🎯 Why This Is Better
🔥 1. Less Cognitive Load

Developers now remember only 5 commands instead of 20+.

⚡ 2. Faster Workflow

🧠 3. Smarter Automation

The new fix command intelligently detects what needs fixing and executes appropriate operations automatically.

🏗 4. Clean Architecture

The CLI is now:

Modular

Maintainable

Easier to scale

Easier to document

📦 5. Better Developer Experience

Depmender now feels like a professional-grade dependency manager instead of a collection of utilities.

If you're already using Depmender, upgrade now and experience the cleaner workflow.

Introducing Depmender - The Ultimate Dependency Management CLI for JavaScript/TypeScript Projects

Raj K — Fri, 13 Feb 2026 21:16:54 +0000

🎯 What is Depmender?

Depmender is a powerful command-line tool that helps you maintain healthy dependencies in your JavaScript/TypeScript projects. It goes beyond simple npm audit by providing:

🔍 Comprehensive Scanning - Detects 6 types of dependency issues
🔧 Intelligent Fixing - Smart suggestions with risk assessment
🏥 System Diagnostics - Complete health check for your environment
🧹 Dependency Cleanup - Remove unused packages safely
👀 Real-time Monitoring - Watch mode with notifications
⚙️ Flexible Configuration - Customize behavior per project

What It Does

Scans for 6 types of issues (outdated, security, broken, missing, conflicts)
Auto-fixes with smart risk assessment
Removes unused dependencies (saved me 125KB!)
Real-time monitoring with watch mode
Complete system health check

What it checks:

Node.js environment and version compatibility
Project structure (package.json, lockfiles, node_modules)
Package manager health and configuration
Dependency analysis (duplicates, large packages)
Performance metrics (install time, disk usage)
Security audit results
Personalized recommendations

How it works:

Scans all source files for imports/requires
Protects essential dependencies (build tools, linters)
Shows potential space savings
Safe removal with dependency analysis

Features:

Watches package.json and lockfiles
Automatic scans on changes
Desktop notifications for critical issues
Webhook integration for CI/CD
Optional auto-fixing

💡 Pro Tips

Run doctor first - Get a complete health check before making changes 2 .Use dry-run - Always preview changes with --dry-run before confirming
Configure per project - Create project-specific configs for different needs
Integrate with CI - Add to your CI pipeline for continuous monitoring
Watch during development - Use watch mode to catch issues early

Here is the link for the Depmender for more detailed information and CLI for how to use:- https://www.npmjs.com/package/depmender