npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@kie/lock-treatment-tool

v0.2.4

Published

Npm (package-lock-json, npm-shrinkwrap.json), Yarn lock and Pnpm lock files treatment tool

Downloads

4,003

Readme

lock-treatment-tool

Helpers for treating npm lock files, like removing/replacing the registry from there...

Install from npmjs.org:

npm install -g @kie/lock-treatment-tool

or run using npx or exec

npm exec @kie/lock-treatment-tool
npx @kie/lock-treatment-tool

Note: In case you are behind a proxy or you need to use an internal registry please check The --registry problem

Current commands

  • locktt
    • Runs the lock treatment tool

locktt

What locktt will do:

  • looks for package-lock.json, npm-shrinkwrap.json, yarn.lock and pnpm-lock.yaml files
  • removes the resolved and integrity fields from the package-lock.json and/or npm-shrinkwrap.json files in case it finds them
  • replaces the resolved field from yarn.lock file adding the --registry value instead of the host and remove the integrity field
  • replaces all hosts (in resolution field, in dependency references etc) with value specified in --registry and removes all the integrity fields from pnpm-lock.yaml file
  • overwrites/saves the file

Usage: locktt [options]

Options:

  • --registry sets the registry to replace the host from lock files' resolved field
  • -p, --replacePackageLockRegistry replaces the package-lock.json the registry instead of removing it
  • -s, --skipIntegrity skips integrity removal
  • --folder sets the project folder to be treated
  • --outputFolder sets the output folder to save the lock files, otherwise will use the project folder and the files will be overwritten

Examples:

  • locktt --registry=https://npmregistry.redhat.com sets the registry just for the yarn.lock file
  • locktt --registry=https://npmregistry.redhat.com -p sets the registry for every lock file
  • locktt -s skips the integrity field removal

locktt will abort if:

  • the package-json.lock or npm-shrinkwrap.json file formats are not correct

locktt will NOT abort if:

  • the package-json.lock, npm-shrinkwrap.json or yarn.lock does not exist

Typical usage, if you want to remove the fields:

locktt

The --registry problem

One of the problems locktt tries to solve is to be able to install npm packages behind a proxy by using your own registry, and let's suppose the first thing you do is to execute locktt by executing npx or npm exec like:

npm exec @kie/lock-treatment-tool

It will fail (in case you haven't define @kie for using your registry on .npmrc file) since @kie/lock-treatment-tool library is not installed (let's suppose that) and you are behind a proxy, so you decide to specify a --registry=THE_URL_TO_YOUR_REGISTRY expecting to install the library using your registry. Fine!! It now works!! but... due to the -- npm problem you are not able to specify --registry either for npm and locktt execution. We are glad to tell you this problem disappears since locktt version >0.0.1, we decided to parse process.env.npm_config_argv arguments in case registry is not specified for locktt (npm exec @kie/lock-treatment-tool -- --registry=THE_URL_TO_YOUR_REGISTRY) but for npm (npm exec @kie/lock-treatment-tool --registry=THE_URL_TO_YOUR_REGISTRY).

Note: In case you are behind a proxy or you need to use an internal registry just add @kie:registry=YOUR_NPM_REGISTRY_URL (replace YOUR_NPM_REGISTRY_URL by yours) or even @kie:registry=${NPM_REGISTRY_URL} (being NPM_REGISTRY_URL the environment variable pointing to your npm registry, you can use any other variable name)

frontend-maven-plugin example

<plugin>
  <groupId>com.github.eirslett</groupId>
  <artifactId>frontend-maven-plugin</artifactId>
  <executions>
      <execution>
          <id>install node and npm</id>
          <phase>initialize</phase>
          <goals>
              <goal>install-node-and-npm</goal>
          </goals>
          <configuration>
              <nodeVersion>${node.version}</nodeVersion>
              <npmVersion>${npm.version}</npmVersion>
          </configuration>
      </execution>
      <execution>
          <id>lock-treatment-tool execution</id>
          <phase>initialize</phase>
          <goals>
              <goal>npx</goal>
          </goals>
          <configuration>
              <arguments>@kie/lock-treatment-tool</arguments>
          </configuration>
      </execution>
  </executions>
</plugin>

Note: In case you are behind a proxy or you need to use an internal registry please check The --registry problem

Restrictions

  • NodeJS >= 12

copyright

Looks at all the .js files in the current git repo and adds/updates a standard copyright notice to the top. The exact wording of the copyright statement is based on the license declared in package.json, your git author details, and the first and last commits made to a file (years only).