releases.shpreview

Dependency metadata included in Worker uploads

1 featureThis release1 featureNew capabilitiesAI-tallied from the release notes

Wrangler now collects npm package dependency information from your project's package.json during wrangler deploy and wrangler versions upload, and includes it in the upload metadata sent to the Cloudflare API. This data, each dependency's name, declared version range, and exact installed version, enables dependency analytics and future supply chain security features such as vulnerability alerting.

To opt out, set dependencies_instrumentation.enabled to false in your Wrangler configuration file:

  • wrangler.jsonc

    <div><div><span>{</span></div></div><div><div><span>  </span><span>"</span><span>dependencies_instrumentation</span><span>"</span><span>:</span><span> </span><span>{</span></div></div><div><div><span>    </span><span>"</span><span>enabled</span><span>"</span><span>:</span><span> </span><span>false</span></div></div><div><div><span>  </span><span>}</span></div></div><div><div><span>}</span></div></div>
  • wrangler.toml

    <div><div><span>[</span><span>dependencies_instrumentation</span><span>]</span></div></div><div><div><span>enabled</span><span> </span><span>=</span><span> </span><span>false</span></div></div>

For more details, refer to Wrangler configuration.

Fetched July 9, 2026