The :has() pseudo-class matches packages that have descendants
matching a given selector expression. It’s the dependency graph
equivalent of the
CSS :has() selector.
Syntax
:has(<selector-list>)The selector list is evaluated against the descendants of each candidate node.
Examples
Packages with a peer dependency on react
$ vlt query ':has(.peer[name=react])'Given this dependency graph:
my-app├── react@18.2.0├── react-dom@18.2.0│ └── react@18.2.0 (peer)└── @testing-library/react@14.0.0 └── react@18.2.0 (peer):has(.peer[name=react]) selects packages that have a peer dependency
on react:
my-app├── react@18.2.0├── react-dom@18.2.0 ✅ has peer dep on react│ └── react@18.2.0 (peer)└── @testing-library/react@14.0.0 ✅ has peer dep on react └── react@18.2.0 (peer)Packages that depend on vulnerable packages
$ vlt query ':has(> :cve(*))'This finds packages whose direct dependencies have known CVEs.
Packages that depend on outdated packages
$ vlt query ':has(> :outdated(major))'Packages that depend on changed packages
Find packages that have a dependency that was modified:
$ vlt query ':has(> :diff(main))'Using child combinator inside :has()
The > inside :has() means direct dependency:
# Packages with a direct dep named "lodash"$ vlt query ':has(> [name=lodash])'
# Packages with any transitive dep named "lodash"
$ vlt query ':has([name=lodash])'See also
:not()— negation pseudo-class:is()— forgiving selector list matching- Combinators —
>,~