{"id":23707046,"url":"https://github.com/mbuchalik/package-lock-utd","last_synced_at":"2025-09-03T12:32:28.480Z","repository":{"id":65131852,"uuid":"582292031","full_name":"MBuchalik/package-lock-utd","owner":"MBuchalik","description":"Checks if package-lock.json is Up To Date (= UTD)","archived":false,"fork":false,"pushed_at":"2023-04-20T09:04:41.000Z","size":1070,"stargazers_count":6,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-08-10T21:32:52.965Z","etag":null,"topics":["continuous-integration","npm","package-json","package-lock"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MBuchalik.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-12-26T11:03:42.000Z","updated_at":"2023-04-07T15:12:10.000Z","dependencies_parsed_at":"2023-02-12T21:55:14.299Z","dependency_job_id":null,"html_url":"https://github.com/MBuchalik/package-lock-utd","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MBuchalik%2Fpackage-lock-utd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MBuchalik%2Fpackage-lock-utd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MBuchalik%2Fpackage-lock-utd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MBuchalik%2Fpackage-lock-utd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MBuchalik","download_url":"https://codeload.github.com/MBuchalik/package-lock-utd/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231882156,"owners_count":18440325,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["continuous-integration","npm","package-json","package-lock"],"created_at":"2024-12-30T16:02:59.675Z","updated_at":"2024-12-30T16:03:00.468Z","avatar_url":"https://github.com/MBuchalik.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# package-lock-utd\n\n\u003e Checks if package-lock.json is Up To Date (= UTD)\n\nHave you ever made a change to `package.json` and forgot to run `npm install` to apply this change to `package-lock.json`? Many projects use a CI action to catch such inconsistencies. However, these CI actions often only rely on `npm ci`, which only catches a subset of inconsistencies. For instance, `npm ci` does **NOT** fail when the `name` or `version` field are unequal.\n\nThis package helps! `package-lock-utd` very strictly checks whether `package-lock.json` is up to date. If `npm install` would somehow modify `package-lock.json`, `package-lock-utd` exits with a non-zero exit code.\n\n## Usage\n\n\u003e `package-lock-utd` is primarily meant to be used in CI environments, such as GitHub Actions. However, you can also use it locally.\n\nTo run `package-lock-utd`, simply execute the following command in the root directory of your npm project:\n\n```\nnpx --yes package-lock-utd@1.x.x\n```\n\nIf `package-lock.json` is up to date, the program will exit with a `0` exit code. If `package-lock.json` is not up to date (or an error occurred), the program will exit with a non-zero exit code.\n\n\u003e We use the `--yes` flag in the command to skip a prompt asking whether the package shall be installed. This is particularly useful in automated environments. Technically, npx is able to detect such environments pretty reliably, but it will often print a warning instead, which is also rather irritating.\n\n### Sample GitHub Actions config\n\n```yml\nname: Main Checks\n\non: [push, pull_request, workflow_dispatch]\n\njobs:\n  lint:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v3\n      - uses: actions/setup-node@v3\n        with:\n          node-version: 18\n\n      - name: Check if package-lock.json is up to date\n        run: npx --yes package-lock-utd@1.x.x\n\n      # Now, run any command you like. This is just an example.\n      - name: Install dependencies\n        run: npm ci\n\n      - name: Run the linter\n        run: npm run lint\n```\n\n\u003e **Warning**  \n\u003e Make sure to execute `npx package-lock-utd@1.x.x` **before** running any commands that potentially modify `package-lock.json`. Otherwise, you might get false negative results.\n\n### Local installation\n\nIf you frequently need to run the command on your local machine, you can also install the package globally:\n\n```\nnpm install -g package-lock-utd@1.x.x\n```\n\n\u003e It is recommended to update the package from time to time. To do this, simply rerun the install command mentioned above.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmbuchalik%2Fpackage-lock-utd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmbuchalik%2Fpackage-lock-utd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmbuchalik%2Fpackage-lock-utd/lists"}