How to Retrieve Full Direct Dependency Information via API

[a2ure123]

Hello,
I have been using deps.dev to collect package dependency information and I came across the documentation mentioning the following API:
GetDependencies GET /v3alpha/systems/{versionKey.system}/packages/{versionKey.name}/versions/{versionKey.version}:dependencies
However, when using this API, I found that it only provides a simple example and doesn't return the full direct dependencies of a package.I am wondering if there is a way to retrieve the complete list of direct dependencies through this API or another method.
Thank you for your help!

[cuixq]

I think GetDependencies does return the full list of dependencies. Do you have an example that you see the full list is not returned?

[a2ure123]

I am using two different APIs from https://api.deps.dev/v3alpha/systems/npm/packages/react/versions/18.2.0.
The first API, dependents, returns the following data:
{
"dependentCount": 17051,
"directDependentCount": 4792,
"indirectDependentCount": 12459
}
This indicates that there are a total of 17,051 dependents for the React package version 18.2.0, with 4,792 being direct dependents and 12,459 being indirect dependents.
The second API, dependencies, returns limited dependency information:
{
"nodes": [
{
"versionKey": {
"system": "NPM",
"name": "react",
"version": "18.2.0"
},
"bundled": false,
"relation": "SELF",
"errors": []
},
{
"versionKey": {
"system": "NPM",
"name": "js-tokens",
"version": "4.0.0"
},
"bundled": false,
"relation": "INDIRECT",
"errors": []
},
{
"versionKey": {
"system": "NPM",
"name": "loose-envify",
"version": "1.4.0"
},
"bundled": false,
"relation": "DIRECT",
"errors": []
}
],
"edges": [
{
"fromNode": 0,
"toNode": 2,
"requirement": "^1.1.0"
},
{
"fromNode": 2,
"toNode": 1,
"requirement": "^3.0.0 || ^4.0.0"
}
],
"error": ""
}
This data shows that React has only a few dependencies listed, including loose-envify (direct) and js-tokens (indirect).
The issue I am facing is that the number of dependents reported by the first API does not seem to correlate with the limited dependency information provided by the second API. I'm looking for clarification on why there is such a discrepancy between the two sets of data.

[cuixq]

The first API returns the dependent count and the second API returns the list of dependencies. Which data are you looking for?

[a2ure123]

I want to find an API that can provide all the dependencies of a software package. The issue I see with the two APIs mentioned above is that the dependency list returned by the second API does not correspond to the number of direct dependents in the first API. I hope to use an API to retrieve the names of all direct dependencies, and I'm wondering if that's possible.

[cuixq]

as I said, the first API returns the dependent count and the second API returns the list of dependencies so they are about different sets of data. If you are looking for all the dependencies of a package, GetDependencies should do the work.

[a2ure123]

According to what you said, the first API indicates that React has 4,792 direct dependencies. Therefore, the second API, GetDependencies, should provide me with the names and corresponding relationships of those 4,792 dependency packages. Why are there only two packages?

[cuixq]

The first API indicates that react has 4792 direct dependents (not dependencies), and the second API lists the dependencies (not dependents), so it is not expected that the two data sets are the same.

[a2ure123]

Thank you, I understand now. I appreciate your response.