Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/milahu/parse-package-lock
parse lockfiles of npm, yarn, pnpm. generic lockfile parser for javascript, to get the deep tree of dependencies, without deduplication. alternative to snyk-nodejs-lockfile-parser
https://github.com/milahu/parse-package-lock
lockfile lockfile-parser node nodejs nodejs-lockfile-parser npm parser pnpm yarn
Last synced: about 1 month ago
JSON representation
parse lockfiles of npm, yarn, pnpm. generic lockfile parser for javascript, to get the deep tree of dependencies, without deduplication. alternative to snyk-nodejs-lockfile-parser
- Host: GitHub
- URL: https://github.com/milahu/parse-package-lock
- Owner: milahu
- License: mit
- Created: 2022-03-28T16:12:27.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-03-27T17:42:43.000Z (10 months ago)
- Last Synced: 2024-03-27T18:50:37.052Z (10 months ago)
- Topics: lockfile, lockfile-parser, node, nodejs, nodejs-lockfile-parser, npm, parser, pnpm, yarn
- Language: JavaScript
- Homepage:
- Size: 102 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: license.txt
Awesome Lists containing this project
README
# parse-package-lock
parse lockfiles of npm, yarn, pnpm
* only 300 lines of code: readable, hackable
* using the original code to parse lockfiles
## why
useful for
* implementing a custom `npm install`
* example: [pnpm-install-only](https://github.com/milahu/pnpm-install-only)
* analysis of the dependency tree
## todo
* [ ] workspaces
* [x] [npm](https://docs.npmjs.com/cli/v7/using-npm/workspaces) (TODO verify)
* [ ] [yarn](https://yarnpkg.com/features/workspaces)
* [x] [pnpm](https://pnpm.io/workspaces) (TODO verify)
* [ ] test cycles (cyclic dependency graphs)
* [x] fix infinite recursion: `RangeError: Maximum call stack size exceeded`
* caused by `./bin/print-package-lock.js ./test/tmp/test/workspace-npm/npm/workspaces/arborist/ ./test/tmp/test/workspace-npm/npm/package-lock.json`
* fix: `name` → `dep.name`
* [x] convert to ESM
* [ ] add typescript declaration file `*.d.ts`
* [x] separate code: lib vs bin
* [ ] validate lockfile: must be in sync with package.json
* this should be covered by `ErrorCode.NotResolved` (TODO verify)
* [x] tolerate missing dependencies? peerDependencies, devDependencies. just install as much as possible from the lockfile
* [ ] alias names are needed in the result
* [ ] protocols for spec-versions
* [ ] `npm:`
* [ ] `file:`
* https://docs.npmjs.com/cli/v7/configuring-npm/package-json#local-paths
* [ ] `workspace:`
* [ ] `github:`
* https://docs.npmjs.com/cli/v7/configuring-npm/package-json#github-urls
* [ ] `git:` `git+ssh:` `git+http:` `git+https:` `git+file:`
* [ ] `https:` `ftps:`
* https://docs.npmjs.com/cli/v7/configuring-npm/package-json#urls-as-dependencies
* more?
## similar projects
* [snyk-nodejs-lockfile-parser](https://github.com/snyk/nodejs-lockfile-parser)
* [pnpm is not supported](https://github.com/snyk/nodejs-lockfile-parser/issues/111)
* [integrity is missing](https://github.com/snyk/nodejs-lockfile-parser/pull/112)
* 1354 lines of code in `lib/`
* [pnpm import](https://pnpm.io/cli/import) - generate a pnpm-lock.yaml from another package manager's lockfile. Supported source files: package-lock.json npm-shrinkwrap.json yarn.lock. note: workspaces must be declared in pnpm-workspace.yaml
* [antongolub/lockfile](https://github.com/antongolub/lockfile) - many protocols for spec-versions ("dependency protocols"), no pnpm support