Skip to content

notjosh/danger-package_json_lockdown

Repository files navigation

package_json_lockdown

Force locking down of version numbers in package.json

Shrinkwrap isn't the solution you want it to be, and none of the other tools quite do what you want. So you'll get fed up and force manual management of your dependencies (after all, npm outdated is fairly easy to deal with.)

This plugin will warn you if you're commiting anything that looks like:

  • "^1.0.0"
  • "~1.0.0"
  • "<=1.0.0"
  • "<1.0.0"
  • ">=1.0.0"
  • ">1.0.0"
  • "1.0.x"
  • "*"
  • ""

So you can still specify a git hash, a tag, or a URL (and so on), and, most importantly, you can specify a version number.

Basic operation, throwing warnings in specified package.json(s)
package_json_lockdown.verify('package.json')
package_json_lockdown.verify('path/to/sub/package.json')
Blacklisting specific dependencies nodes
# Will only check the `dependencies` node, but allow
#  `devDependencies` to contain non-specific versions
package_json_lockdown.dependency_keys = ['dependencies']
package_json_lockdown.verify('package.json')
Returning values to handle manually
problems = package_json_lockdown.inspect('package.json')
puts(problems)

Attributes

dependency_keys - Allows you to specify dependency nodes to check. By default it will check all nodes known to contain dependencies.

Methods

verify - Verifies the supplied package.json file

inspect - Inspects the supplied package.json file and returns problems

About

package.json locker-downer plugin for Danger

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages