{"id":22843350,"url":"https://github.com/milahu/parse-package-lock","last_synced_at":"2026-04-16T08:31:56.557Z","repository":{"id":109861017,"uuid":"475080878","full_name":"milahu/parse-package-lock","owner":"milahu","description":"parse lockfiles of npm, yarn, pnpm. generic lockfile parser for javascript, to get the deep tree of dependencies, without deduplication. alternative to snyk-nodejs-lockfile-parser","archived":false,"fork":false,"pushed_at":"2024-03-27T17:42:43.000Z","size":104,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-02T00:27:39.574Z","etag":null,"topics":["lockfile","lockfile-parser","node","nodejs","nodejs-lockfile-parser","npm","parser","pnpm","yarn"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/milahu.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-28T16:12:27.000Z","updated_at":"2024-03-27T17:12:15.000Z","dependencies_parsed_at":"2025-02-06T09:33:39.518Z","dependency_job_id":"e2e68385-9ca5-435d-99ee-227a0948bb1a","html_url":"https://github.com/milahu/parse-package-lock","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/milahu/parse-package-lock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milahu%2Fparse-package-lock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milahu%2Fparse-package-lock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milahu%2Fparse-package-lock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milahu%2Fparse-package-lock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/milahu","download_url":"https://codeload.github.com/milahu/parse-package-lock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/milahu%2Fparse-package-lock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31877497,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T07:36:03.521Z","status":"ssl_error","status_checked_at":"2026-04-16T07:35:53.576Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lockfile","lockfile-parser","node","nodejs","nodejs-lockfile-parser","npm","parser","pnpm","yarn"],"created_at":"2024-12-13T02:14:26.745Z","updated_at":"2026-04-16T08:31:56.541Z","avatar_url":"https://github.com/milahu.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# parse-package-lock\n\nparse lockfiles of npm, yarn, pnpm\n\n* only 300 lines of code: readable, hackable\n* using the original code to parse lockfiles\n\n## why\n\nuseful for\n\n* implementing a custom `npm install`\n  * example: [pnpm-install-only](https://github.com/milahu/pnpm-install-only)\n* analysis of the dependency tree\n\n## todo\n\n* [ ] workspaces\n  * [x] [npm](https://docs.npmjs.com/cli/v7/using-npm/workspaces) (TODO verify)\n  * [ ] [yarn](https://yarnpkg.com/features/workspaces)\n  * [x] [pnpm](https://pnpm.io/workspaces) (TODO verify)\n* [ ] test cycles (cyclic dependency graphs)\n  * [x] fix infinite recursion: `RangeError: Maximum call stack size exceeded`\n    * caused by `./bin/print-package-lock.js ./test/tmp/test/workspace-npm/npm/workspaces/arborist/ ./test/tmp/test/workspace-npm/npm/package-lock.json`\n    * fix: `name` \u0026rarr; `dep.name`\n* [x] convert to ESM\n* [ ] add typescript declaration file `*.d.ts`\n* [x] separate code: lib vs bin\n* [ ] validate lockfile: must be in sync with package.json\n  * this should be covered by `ErrorCode.NotResolved` (TODO verify)\n* [x] tolerate missing dependencies? peerDependencies, devDependencies. just install as much as possible from the lockfile\n* [ ] alias names are needed in the result\n* [ ] protocols for spec-versions\n  * [ ] `npm:`\n  * [ ] `file:`\n    * https://docs.npmjs.com/cli/v7/configuring-npm/package-json#local-paths\n  * [ ] `workspace:`\n  * [ ] `github:`\n    * https://docs.npmjs.com/cli/v7/configuring-npm/package-json#github-urls\n  * [ ] `git:` `git+ssh:` `git+http:` `git+https:` `git+file:`\n  * [ ] `https:` `ftps:`\n    * https://docs.npmjs.com/cli/v7/configuring-npm/package-json#urls-as-dependencies\n  * more?\n\n## similar projects\n\n* [snyk-nodejs-lockfile-parser](https://github.com/snyk/nodejs-lockfile-parser)\n  * [pnpm is not supported](https://github.com/snyk/nodejs-lockfile-parser/issues/111)\n  * [integrity is missing](https://github.com/snyk/nodejs-lockfile-parser/pull/112)\n  * 1354 lines of code in `lib/`\n* [pnpm import](https://pnpm.io/cli/import) - generate a pnpm-lock.yaml from another package manager's lockfile. Supported source files: package-lock.json npm-shrinkwrap.json yarn.lock. note: workspaces must be declared in pnpm-workspace.yaml\n* [antongolub/lockfile](https://github.com/antongolub/lockfile) - many protocols for spec-versions (\"dependency protocols\"), no pnpm support\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmilahu%2Fparse-package-lock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmilahu%2Fparse-package-lock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmilahu%2Fparse-package-lock/lists"}