<m>At Coana, we are dedicated to building tools for developers that ease the burden of package management in npm.
As most developers, we have faced many challenges related to dependency management such as difficult-to-address breaking changes, numerous security alarms, and puzzling peer dependency constraints.
As a first step toward improving the processes around dependency management, we recently released the beta of [Coana Package Manager](https://marketplace.visualstudio.com/items?itemName=Coana.coana-package-manager), a VS Code extension designed to help with various aspects of dependency management.
No tool or technique can relieve us from all dependency challenges overnight, but Coana Package Manager includes features such as dependency usage information, peer dependency update resolutions, and vulnerability alarms that make various dependency management tasks a little bit easier.</m>

<m>### Dependency usage</m>

<img src="https://raw.githubusercontent.com/coana-tech/assets/main/blogs/api-usage.png" alt="Coana Package Manager Dependency usage" width="400"/>

‍

<m>The *Dependency usage* mechanism is designed to help you answer questions such as:</m>

<m>- *Why do I depend on package A?*  
- *Where do I use package B?*  
- *Are any of the breaking changes in this update of C relevant to me?*</m>

<m>The dependency usage uses a technique called static analysis to analyze and understand your code without running it.
The analysis gathers information about how and where you use dependencies.
It then serves this information to you in a list view so you can quickly see which packages you use the most, and which you don't use.
You can also inspect the dependency usage for a specific dependency to understand exactly where you use the various features from that package.
Note that the analysis only applies to JavaScript/TypeScript code and will not show usage for dependencies like linters, bundlers, and TypeScript type packages.</m>

<m>### Peer dependency resolution</m>

<img src="https://raw.githubusercontent.com/coana-tech/assets/main/blogs/peer-deps-upgrades.png" alt="Coana Package Manager peer dependency upgrader" width="400"/>

‍
<m>Faced with peer dependency errors after updating a package?
Tried using --force or --legacy-peer-deps to install it anyway?
Coana helps you avoid these issues by providing information on how updates affect peer dependencies.
The information works both ways: if package *A* depends on *B*, Coana will tell you if upgrading *B* requires upgrading *A*, and to what version.
And if an update of *A* changes its peer dependency requirement for *B*, Coana will inform you of the change.</m>

<m>### Vulnerability warnings</m>

<img src="https://raw.githubusercontent.com/coana-tech/assets/main/blogs/vulnerable-webpack.png" alt="Coana Package Manager vulnerable webpack" width="400"/>
‍

‍
<m>Coana reports the same vulnerability warnings as `npm audit` or `npm install`, but with a more accessible GUI.
The npm audit report can be difficult to understand, especially with many warnings.
Currently, Coana does not provide a solution for fixing these warnings, but it is planned for future releases.</m>

<m>If any of these features sound interesting to you, head over to the [VS Code marketplace](https://marketplace.visualstudio.com/) and install the [Coana Package Manager Extension beta](https://marketplace.visualstudio.com/items?itemName=Coana.coana-package-manager).
If you have any feedback or suggestions for new features, don't hesitate to contact us directly at feedback@coana.tech or use our [public GitHub issue tracker](https://github.com/coana-tech/coana-issue-tracker).</m>