force-resolutions

This package modifies package-lock.json to force the installation of specified versions of transitive dependencies

Usage no npm install needed!

<script type="module">
  import forceResolutions from 'https://cdn.skypack.dev/force-resolutions';
</script>

README

force-resolutions-logo

This package modifies package-lock.json to force the installation of specified versions of a set of transitive dependencies (dependencies of dependencies).

Getting started

  1. Add a field resolutions with the dependency version you want to fix at the main level of your package.json.

Example:

"resolutions": {
  "ssri": "8.0.5"
}
  1. Add force-resolutions to the preinstall script so that it patches the package-lock.json file before every npm install:
"scripts": {
  "preinstall": "npx force-resolutions"
}
  1. Install dependencies
npm install

Remember that whenever you run npm install, the preinstall command will run automatically.

If a package.lock.json is not detected the script will not run, and any other command after it will be executed as normal.

  1. To confirm that the right version was installed, use:
npm ls ssri

Running this repository locally

  1. Install the dependencies of the project:
npm install
  1. Build the project:
npm run build

Acknowledgments

This project was inspired by the next package: npm-force-resolutions.

Why this project was created

This project was created because npm-force-resolutions became not suitable for the necesities the team I was working in had. We needed to avoid triggering the execution of the script when there was no package-lock.json, descriptive error logs, descriptive logs during the execution, faster download times, compatibility with multiple npm versions and faster execution times.