README
Pin Dependencies Checker CLI
Sometimes you need some reminder for boring tasks
Table of Contents
Why
The development world is wild. Every team has its own ways to do things.
Some, trust that those open source libraries always strictly follow semantic versing and when installing dependencies, just accept that the caret
(^) will be fine. But some... want to have max control about everything and like to have all dependencies under their control.
Personally, I don't mind and don't judge. Both approaches have pros and cons. At Renovate's blog, they wrote an entire post explaining when we should pin dependencies version.
What I do mind is having to remember to pin a dependency version every time I install one. Also when my PR is almost ready to be merged and I receive a comment message like:
"Hey, you forgot to pin this dependency. (;"
So then I've decided to automate this process. :)
How it works
The idea is quite simple. This CLI:
- Reads a
package.json
file from the folder you're calling it; - Based on the config (default or args passed), it'll search in each dependency version if it has caret (
^
); - If so, it'll print a list of all dependencies unpinned and exit with error (
process.exit(1)
), otherwise no errors and exit withprocess.exit(0)
Getting started
You can use this CLI globally or as a project dependency.
Global
yarn global add pin-dependencies-checker
## Or
npm install -g pin-dependencies-checker
Then, in your project root dir (where the package.json file is located), you can just call
pin-checker
From registry (npx)
An alternative from installing it globally it might be using it via npx
. If you're not familiar with this concept check this blog post but in a nutshell, it can execute packages directly from the registry.
It's good for CLI environments where you can create a step to run this CLI and based on the output, it'll fail or not your pipeline.
npx pin-dependencies-checker
Local
If you want to have it as part of your project:
yarn global add pin-dependencies-checker
# Or via npm...
npm install -g pin-dependencies-checker
Then, in your project root dir (where the package.json file is located), you can just call
yarn pin-checker
Git hooks
The goal of this project is automating a boring task, right? So you can add as a pre-commit hook using husky
.
For that, install husky
as devDependency
:
yarn add -D husky
# Or via npm...
npm install --save-dev husky
After that, open your package.json
file and add husky config with pre-commit:
{
"husky": {
"pre-commit": "pin-checker"
}
}
Arguments
Maybe you only want to check for devDependency
or only for dependency
. You can customize that via cli args:
Note: you can combine multiple args.
--peerDeps
Default: false
To enable peerDependencies
:
yarn pin-checker --peerDeps=true
All perDependencies
, dependencies
, and devDependencies
will be evaluated.
--deps
Default: true
To disable dev dependencies:
yarn pin-checker --deps=false
Only devDependencies
will be evaluated.
--devDeps
Default: true
To disable dev dependencies:
yarn pin-checker --devDeps=false
Only dependencies
will be evaluated.
TODOS
- Accept
--path
for a custompackage.json
path - Maybe check for
tilde
by default and other characters like<
,>
via arguments
License
MIT