{"id":15914695,"url":"https://github.com/mlshv/exactify","last_synced_at":"2025-06-25T14:33:22.436Z","repository":{"id":62034119,"uuid":"557266818","full_name":"mlshv/exactify","owner":"mlshv","description":"CLI tool that removes ^ prefix from package.json dependecies and replaces them with specific versions from package-lock.json","archived":false,"fork":false,"pushed_at":"2022-10-26T12:57:11.000Z","size":20,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-03T22:20:07.053Z","etag":null,"topics":["cli","javascript","packagejson","security"],"latest_commit_sha":null,"homepage":"https://dev.to/mishgun/is-your-packagejson-safe-20c1","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mlshv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-10-25T11:32:24.000Z","updated_at":"2023-11-19T09:19:01.000Z","dependencies_parsed_at":"2022-10-25T12:15:14.150Z","dependency_job_id":null,"html_url":"https://github.com/mlshv/exactify","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlshv%2Fexactify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlshv%2Fexactify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlshv%2Fexactify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlshv%2Fexactify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mlshv","download_url":"https://codeload.github.com/mlshv/exactify/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlshv%2Fexactify/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257829928,"owners_count":22609825,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","javascript","packagejson","security"],"created_at":"2024-10-06T17:05:26.580Z","updated_at":"2025-06-25T14:33:22.410Z","avatar_url":"https://github.com/mlshv.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Exactify.js\n\nCLI tool that removes ^ prefix from package.json dependecies and replaces them with specific versions from package-lock.json.\n\n## Usage\n\n```\nnpx exactify\n```\n\n## Motivation\n\nTL;DR: having inexact versions of dependencies in `package.json` is unsafe because it exposes your package to security and compatibility risks.\n\nSee more: [Is your package.json safe?](https://dev.to/mishgun/is-your-packagejson-safe-20c1)\n\n## Example\n```shell\n$ npx exactify\n\nšŸ™Œ You are going to replace all inexact package.json versions with specific versions from package-lock.json\n\n\nExample: \"react\": \"^17.0.3\" -\u003e \"react\": \"17.0.15\"\n\n? Do you want to procceed? Yes\n? Do you also want to add save-exact=true in your .npmrc? (recommended) Yes\n\nPackages with updated minor versions:\n@iframely/embed.js: ^1.3.2 -\u003e 1.9.0\n@juggle/resize-observer: ^3.0.2 -\u003e 3.4.0\n@popperjs/core: ^2.5.4 -\u003e 2.11.6\n@sentry/browser: ^7.15.0 -\u003e undefined\n@types/react-beautiful-dnd: ^13.1.1 -\u003e 13.1.2\n@welldone-software/why-did-you-render: ^4.2.1 -\u003e 4.3.2\naxios: ^0.19.0 -\u003e 0.19.2\nclassnames: ^2.2.6 -\u003e 2.3.2\ncopy-webpack-plugin: ^6.2.1 -\u003e 6.4.1\ncore-js: ^3.6.4 -\u003e 3.25.5\nemoji-mart: ^3.0.0 -\u003e 3.0.1\neslint-plugin-react-hooks: ^4.2.0 -\u003e 4.6.0\nhighlight.js: ^10.6.0 -\u003e 10.7.3\nhotkeys-js: ^3.9.5 -\u003e 3.10.0\nhttp-proxy-middleware: ^1.0.4 -\u003e 1.3.1\nimmutable: ^4.0.0-rc.12 -\u003e 4.1.0\njquery: ^3.5.1 -\u003e 3.6.1\nmini-css-extract-plugin: ^1.2.1 -\u003e 1.6.2\nmoment: ^2.24.0 -\u003e 2.29.4\nnanoevents: ^5.0.1 -\u003e 5.1.13\nnormalize-url: ^4.5.0 -\u003e 4.5.1\noptimize-css-assets-webpack-plugin: ^5.0.3 -\u003e 5.0.8\nprop-types: ^15.7.2 -\u003e 15.8.1\nquill-mention: ^3.0.0 -\u003e 3.1.0\nreact-beautiful-dnd: ^13.0.0 -\u003e 13.1.1\nreact-hotkeys-hook: ^3.4.6 -\u003e 3.4.7\nreact-popper: ^2.2.4 -\u003e 2.3.0\nreact-router-dom: ^5.1.2 -\u003e 5.3.4\nsemver: ^7.3.5 -\u003e 7.3.8\nswiper: ^5.3.7 -\u003e 5.4.5\nuse-long-press: ^1.1.1 -\u003e 1.2.0\nworkbox-precaching: ^6.1.5 -\u003e 6.5.4\nworkbox-routing: ^6.1.5 -\u003e 6.5.4\nworkbox-webpack-plugin: ^6.1.5 -\u003e 6.5.4\nworkbox-window: ^6.1.5 -\u003e 6.5.4\nyjs: ^13.5.10 -\u003e 13.5.41\n@sentry/types: ^7.15.0 -\u003e undefined\n@sentry/webpack-plugin: ^1.11.1 -\u003e 1.19.0\n@storybook/addon-actions: ^6.3.5 -\u003e 6.5.12\n@storybook/addon-essentials: ^6.3.5 -\u003e 6.5.12\n@storybook/addon-links: ^6.3.5 -\u003e 6.5.12\n@storybook/addon-storysource: ^6.3.5 -\u003e 6.5.12\n@storybook/addon-viewport: ^6.3.5 -\u003e 6.5.12\n@storybook/addons: ^6.3.5 -\u003e 6.5.12\n@storybook/react: ^6.3.5 -\u003e 6.5.12\n@swc/core: ^1.2.110 -\u003e 1.3.6\n@swc/jest: ^0.2.22 -\u003e 0.2.23\n@testing-library/jest-dom: ^5.16.2 -\u003e 5.16.5\n@testing-library/react: ^12.1.4 -\u003e 12.1.5\n@types/jest: ^27.0.1 -\u003e 27.5.2\n@types/react: ^16.14.0 -\u003e 16.14.32\n@types/react-dom: ^16.9.8 -\u003e 16.9.16\n@types/react-router-dom: ^5.1.2 -\u003e 5.3.3\n@typescript-eslint/eslint-plugin: ^5.38.0 -\u003e 5.39.0\n@typescript-eslint/parser: ^5.38.0 -\u003e 5.39.0\nautoprefixer: ^10.3.3 -\u003e 10.4.12\ncss-loader: ^3.2.0 -\u003e 3.6.0\ncypress: ^5.3.0 -\u003e 5.6.0\neslint-config-prettier: ^6.4.0 -\u003e 6.15.0\neslint-plugin-import: ^2.18.2 -\u003e 2.26.0\neslint-plugin-prettier: ^3.1.1 -\u003e 3.4.1\neslint-plugin-react: ^7.16.0 -\u003e 7.31.8\nfile-loader: ^5.0.2 -\u003e 5.1.0\nhusky: ^3.0.9 -\u003e 3.1.0\njest-canvas-mock: ^2.2.0 -\u003e 2.4.0\nlint-staged: ^9.4.2 -\u003e 9.5.0\npostcss: ^8.3.6 -\u003e 8.4.17\nprettier: ^2.4.1 -\u003e 2.7.1\nreact-dev-utils: ^10.2.0 -\u003e 10.2.1\nsass: ^1.39.0 -\u003e 1.55.0\nsass-loader: ^10.2.0 -\u003e 10.3.1\nstyle-loader: ^1.0.0 -\u003e 1.3.0\ntypescript: ^4.3.4 -\u003e 4.8.4\nwebpack: ^4.43.0 -\u003e 4.46.0\nwebpack-cli: ^3.1.0 -\u003e 3.3.12\nwebpack-dev-server: ^3.11.2 -\u003e 3.11.3\nwebpack-merge: ^5.3.0 -\u003e 5.8.0\n\nRemoved 111 carets from package versions\n77 minor versions were updated with actual versions from package-lock.json\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmlshv%2Fexactify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmlshv%2Fexactify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmlshv%2Fexactify/lists"}