Git Product home page Git Product logo

yowainwright / pastoralist Goto Github PK

View Code? Open in Web Editor NEW
12.0 3.0 1.0 4.12 MB

Pastoralist is a CLI tool for managing package.json overrides (or resolutions) with ease ๐Ÿ‘ฉ๐Ÿฝโ€๐ŸŒพ

Home Page: https://jeffry.in/pastoralist/

License: MIT License

TypeScript 74.36% HTML 4.51% JavaScript 2.24% CSS 0.28% Shell 0.68% MDX 17.93%
dependencies dependency-manager npm overrides pnpm resolutions security security-tools yarn

pastoralist's Introduction

Pastoralist

Typed with TypeScript npm version ci Github Twitter

Manage your package.json *overrides or resolutions with ease!

With the Pastoralist CLI, you can ensure your project's overrides (or resolutions) are kept up-to-date by running a single one word command! Jump to setup or scroll on!

What are *overrides and resolutions?

Overrides and resolutions solve the same problem!
They give developers a way to specify dependency versions downloaded to repository's node_modules folder.

Node package manager CLIs, like npm, yarn, and pnpm, enable engineers to solve dependency specificity issues by adding an overrides or resolutions object to a repository's root package.json. This is awesome for fixing dependency issues with security and/or code. Read more about npm, yarn, and pnpm overrides or resolution solutions.

Why is Pastoralist Awesome?

Is the override still needed? Is there a better fix? Like a security patch or a major release?

After using overrides or resolutions to fix dependency specificity issues for a while, it is easy to lose track of why a dependency is in an overrides or resolutions package.json object! This is an inconvenient problem when trying to maintain dependencies over time. This information is not really knownโ€”until now!

With Pastoralist CLI, you can run the pastoralist CLI command and an overrides (resolution) object that looks like this:

// Note the trim dependency in overrides
"overrides": {
  "trim": "^0.0.3"
},

Will look like this:

// Note the trim dependency is now added to the appendix
"overrides": {
  "trim": "^0.0.3"
},
"pastoralist": {
  "appendix": {
    "trim@^0.0.3": {
      "dependents": {
        "remark-parse": "4.0.0"
      }
    }
  }
}

But there's more!

If Pastoralist is run and an override or resolution is no longer required, Pastoralist will remove the dependency from pastoralist.appendix, overrides, or reslutions!

AKA, the object above, will now look like the object below if trim is no longer needed.

// Note that since trim is no longer needed,
// it has been removed from the appendix and overrides
"overrides": {},
"pastoralist": {
  "appendix": {}
}

There is more to come with Pastoralist! But for now, by adding pastoralist to package.json postInstall script, you don't have to worry about installing unneeded override or resolution packages anymore!

How Pastoralist works

Pastoralist manages overrides and resolutions so you don't have to!

It is comprised of a few functions which read the root package.json file's overrides or resolutions and map the packages in them to a pastoralist.appendix object.

If Pastoralist observes an override or resolution is no longer needed, it removes it from resolutions or overrides, and the pastoralist appendix object.

This means with Pastoralist, your only concern is adding dependencies to the overrides and resolutions objects. Broken down, Pastoralist manages your overrides and resolutions with 4 simple steps demonstrated in the flow chart below.

Key notes

  1. Pastoralist does not manage what is added to overrides or resolutions objects.
  2. Pastoralist does manage dependenceis that exists in a package.json's overrides or resolutions objects.
  3. Pastoralist will remove overrides and resolutions if they become unneeded according to child package.json's spec!

Setup

Okay! Hopefully the breakdowns above were clear enough on why you might want to use Pastoralist!

Please submit a pull request or issue if it wasn't!

Now for the super simple setup!

  1. Install
npm install pastoralist --save-dev
# pastoralist does not expect to be a dependency! It's a tool!!!
  1. run
pastoralist
# => That's it! Check out your package.json
  1. (recommended) add Pastoralist to a postInstall script
// package.json
{
  "scripts": {
    "postinstall": "pastoralist"
  }
}

In the near feature, Pastoralist will fully support a config file but this is it for now!

Read on to understand what is going on under the hood of Pastoralist!

Pastoralist Object Anatomy

When Pastoralist is run in a respository with override or resolution dependencies, it will output a shape like below.

// package.json
"pastoralist": {
  // the appendix contains mapped resolutions/overrides
  "appendix": {
    // the resolution/override is stringified with it's version
    "trim@^0.0.3": {
      // dependents contain dependents which actually require the override/resolution dependency
      "dependenents": {
        "remark-parse": "4.0.0"
      }
    }
  }
}

When ever Pastoralist is run again, it will check the pastoralist.appendix object and remove any resolutions/overrides that are no longer needed.

Roadmap

Updated 2023-03-31

  • Provide caveats, code examples, and more documentation

Thanks

Shout out to Bryant Cabrera and the infamous Mardin for all the fun conversation, insights, and pairing around this topic.

Made by @yowainwright for fun with passion! MIT, 2022

pastoralist's People

Contributors

dependabot[bot] avatar yowainwright avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

pastoralist's Issues

Appendix not updating

Requested Update

Not working as appendix is not listing the overrides.
Installed the package globally first then inside repo as dev dependency,.
Then, ran pastoralist in repo with multiple overrides in package.json:

 "resolutions": {
    "semver": "^7.5.3",
    "word-wrap": "npm:@aashutoshrathi/word-wrap",
    "tough-cookie": "^4.1.3"
  },
  "pastoralist": {
    "appendix": {}
  }

...but the appendix remains empty.
Expected:
Appendix should list 3 packages as they are still causing vulnerability issues.

Why Is This Update Needed?

Are There Examples Of This Requested Update Elsewhere?

Read about references issues here. Provide paragraph text responses to each header.

Test environment

macOS: 13.4.1 (22F82)
node: v18.16.0
package manager in repo: yarn v1.22.19

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.