bitHound Blog

Muting Vetted Packages

Staying up to date with the state of your dependencies is critical for understanding the impact that third party code has on your software project. That being said, we understand that there are times when you come across a dependency for which you have no alternative, or, have vetted the issues that accompany a specific dependency and knowingly choose to accept the risks that are associated.

To stay focused on unknown issues and packages you might not have investigated, we've introduced a new configuration in .bithoundrc that allows you to mute packages.

As part of the dependencies section of your .bithoundrc file, include an array of package names you want to mute, like so:

"dependencies": {
    "mute": ["crumb"]

For a complete example of a .bithoundrc file with muted dependencies, see our gist.

As a reminder to you and your team, bitHound will continue to display the number of muted dependencies on the project dashboard, and a filter to see muted packages on the dependencies view. That way you can regularly check on your muted dependencies and be aware of the issues that may arise.

Muted dependencies filter on dependencies view in bitHound


With great power, comes great responsibility.

Properly vetting your packages and having an understanding of their impact is a crucial step to take before muting. We urge you to contribute to the packages you use to help address issues it may have. Just because you mute something, doesn't mean you should ignore it forever. In fact, muting for the sake of muting can really put your project at risk. Use wisely!

bitHound identifies risks and priorities in your Node.js projects.