check-for-pinned-deps
v0.0.4
Published
![npm](https://img.shields.io/npm/v/check-for-pinned-deps?style=flat-square)
Downloads
6
Maintainers
Readme
check-for-pinned-deps
check-for-pinned-deps is a convenient Node.js CLI script designed to check for unpinned dependencies within your package.json
.
It supports checking dependencies from the following fields:
🕰️ How it works
- Loops above-mentioned dependency fields in
package.json
in current working directory - Checks the dependency version
- for valid semver pattern like
1.2.3
or4.5.6.alpha
- URLs (or GitHub repositories) need to contain a commitish string or semver string
file:
version values are marked as pinned
- for valid semver pattern like
- Exits with
- 0 in case all dependencies are pinned
- 1 if the dependencies were found that are not pinned and prints their names
🎯 Motivation
Pinning dependencies has several advantages in terms of reproducibility and security.
Renovate has a good blog post about this topic: Should you Pin your JavaScript Dependencies?
🚀 Usage
To use check-for-pinned-deps
, you can easily invoke it with npx as follows:
npx check-for-pinned-deps
🧰 Requirements
- node.js 18 or higher