README
This package modifies package-lock.json to force the installation of specified versions of a set of transitive dependencies (dependencies of dependencies).
Getting started
- Add a field
resolutions
with the dependency version you want to fix at the main level of yourpackage.json
.
Example:
"resolutions": {
"ssri": "8.0.5"
}
- Add force-resolutions to the preinstall script so that it patches the
package-lock.json
file before everynpm install
:
"scripts": {
"preinstall": "npx force-resolutions"
}
- Install dependencies
npm install
Remember that whenever you run npm install
, the preinstall
command will run automatically.
If a package.lock.json
is not detected the script will not run, and any other command after it will be executed as normal.
- To confirm that the right version was installed, use:
npm ls ssri
Running this repository locally
- Install the dependencies of the project:
npm install
- Build the project:
npm run build
Acknowledgments
This project was inspired by the next package: npm-force-resolutions.
Why this project was created
This project was created because npm-force-resolutions became not suitable for the necesities the team I was working in had. We needed to avoid triggering the execution of the script when there was no package-lock.json
, descriptive error logs, descriptive logs during the execution, faster download times, compatibility with multiple npm versions and faster execution times.