js-correct-lockfile

Test that no new code changes introduce multiple package manager lock files

Usage no npm install needed!

<script type="module">
  import jsCorrectLockfile from 'https://cdn.skypack.dev/js-correct-lockfile';
</script>

README

js-correct-lockfile

Test that incoming pull requests use the correct lockfile (npm, yarn, pnpm). This automates a check that is often done manually by open source maintainers to verify that a new contributor used the correct package manager. This is intended to be used in CI tests.

For example, if a project uses yarn, new contributions to the project should not add package-lock.json or pnpm-lock.yaml files.

Installation

npm install --save-dev js-correct-lockfile

yarn add --dev js-correct-lockfile

pnpm install --save-dev js-correct-lockfile

narn add --dev js-correct-lockfile

CLI

You can use the js-correct-lockfile command inside of package.json scripts, or via npx, as a CLI. The CLI accepts one argument - the correct package manager for the current project. The js-correct-lockfile project will check for the presence of lockfiles in the current working directory.

npx js-correct-lockfile npm

yarn dlx js-correct-lockfile yarn

pnpmx js-correct-lockfile pnpm
{
  "scripts": {
    "test": "js-correct-lockfile yarn"
  }
}

JS API

You can also use js-correct-lockfile as a javascript module:

import { checkCorrectLockfile } from "js-correct-lockfile";

checkCorrectLockFile(
  // Required. Must be "npm", "yarn", or "pnpm"
  packageManager,

  // Optional, defaults to current working directory - process.cwd()
  (directory: "/Users/name/code/my-project")
).then(
  () => {
    console.log("Correct lockfiles present!");
  },
  (err) => {
    console.error(err);
    process.exit(1);
  }
);