package-lock-utd's Introduction

package-lock-utd

Checks if package-lock.json is Up To Date (= UTD)

Have you ever made a change to package.json and forgot to run npm install to apply this change to package-lock.json? Many projects use a CI action to catch such inconsistencies. However, these CI actions often only rely on npm ci, which only catches a subset of inconsistencies. For instance, npm ci does NOT fail when the name or version field are unequal.

This package helps! package-lock-utd very strictly checks whether package-lock.json is up to date. If npm install would somehow modify package-lock.json, package-lock-utd exits with a non-zero exit code.

Usage

package-lock-utd is primarily meant to be used in CI environments, such as GitHub Actions. However, you can also use it locally.

To run package-lock-utd, simply execute the following command in the root directory of your npm project:

npx --yes [email protected]

If package-lock.json is up to date, the program will exit with a 0 exit code. If package-lock.json is not up to date (or an error occurred), the program will exit with a non-zero exit code.

We use the --yes flag in the command to skip a prompt asking whether the package shall be installed. This is particularly useful in automated environments. Technically, npx is able to detect such environments pretty reliably, but it will often print a warning instead, which is also rather irritating.

Sample GitHub Actions config

name: Main Checks

on: [push, pull_request, workflow_dispatch]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 18

      - name: Check if package-lock.json is up to date
        run: npx --yes [email protected]

      # Now, run any command you like. This is just an example.
      - name: Install dependencies
        run: npm ci

      - name: Run the linter
        run: npm run lint

Warning
Make sure to execute npx [email protected] before running any commands that potentially modify package-lock.json. Otherwise, you might get false negative results.

Local installation

If you frequently need to run the command on your local machine, you can also install the package globally:

npm install -g [email protected]

It is recommended to update the package from time to time. To do this, simply rerun the install command mentioned above.

package-lock-utd's People

Contributors

Stargazers

Watchers

package-lock-utd's Issues

It always reports "not up to date" with v1 lock file

I'm using a v1 lock file because I have an older version of npm in deployment and the tool keeps reporting the lock file being not up to date. I'm generating the lock file with npm i --package-lock-only --lockfile-version 1

It also issues a warning about fetching some extra metadata every time I run it. The warning only appears after the run is completed and states that it's a one-time fixup, still it happens every time.

It does work with v2 and v3.

Recommend Projects

mbuchalik / package-lock-utd Goto Github PK

package-lock-utd's Introduction

package-lock-utd

Usage

Sample GitHub Actions config

Local installation

package-lock-utd's People

Contributors

Stargazers

Watchers

package-lock-utd's Issues

It always reports "not up to date" with v1 lock file

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent