freeze-deps

Using package-lock.json, determine the current installed version of the dependencies and replace it in package.json with the exact version.

I created this module to avoid manually having to freeze dependencies in package.json for big JS apps. Currently, there is no restriction towards how the developers of a certain package handle versioning, projects can easily break if one dependency upgrades a minor or patch but should have been a major. I intended this module to be used on big projects where refactoring based on a small dependency can consume serious resources.

Usage

Terminal

# Default (takes package.json and package-lock.json from the current root directory).
npx freeze-deps

# Optional pass arguments
npx freeze-deps -j <path/to/package.json> -l <path/to/package-lock.json>
npx freeze-deps -json <path/to/package.json> -lock <path/to/package-lock.json>

Alternatively

npm install -g freeze-deps
freeze-deps <args>

Options

You can get this list by running npx freeze-deps --help.

-V, --version	output the version number
-j, --json [value]	Set package.json path (default: "< root dir >/package.json")
-l, --lock [value]	Set package-lock.json path (default: "< root dir >/package-lock.json")
-p, --prop [value]	Property from package.json to freeze (default: "dependencies")
-h, --help	output usage information

Node

npm install --save freeze-deps

import { freezeDeps } from 'freeze-deps';

const packageJSON = {
  dependencies: {}
};
const packageLock = {
  dependencies: {}
};

try {
  const newPackageJSON = freezeDeps(packageJSON, packageLock);
} catch (ex) {
  console.error(ex);
}

Example

# project-root-dir/package.json
{ dependencies: { react: "^16.0.0" } }

# project-root-dir/package-lock.json
{ dependencies: { react: { version: "16.1.0" } } }

npx freeze-deps
# same as: npx freeze-deps -j ./package.json -l ./package-lock.json
# 
# project-root-dir/package.json
{ dependencies: { react: "16.1.0" } }

Instead of freezing to an exact version, add another argument that allow adding a patch ("~") prefix. E.g. from the example at the top, "react": "~16.1.0".
~~Allow changing not only dependencies but peer and dev dependencies.~~ Added in v0.5.0.
Allow passing json formatting arguments. E.g. "spaces".
Add a way to run this with yarn-lock.json
Add whitelist and blacklist arguments to skip certain packages or only update certain packages. This could be done with regexp.
Allow changing some packages to ^, others to ~, etc. Although this could be done with separate commands using a whitelist and a prefix argument.

License

Contributors

Thanks goes to these wonderful people (emoji key):

_{Pablo Garcia}
💻 📖

⚠️

This project follows the all-contributors specification. Contributions of any kind welcome!

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
src		src
.all-contributorsrc		.all-contributorsrc
.babelrc		.babelrc
.editorconfig		.editorconfig
.eslintrc		.eslintrc
.gitignore		.gitignore
.npmrc		.npmrc
.nvmrc		.nvmrc
.travis.yml		.travis.yml
CONTRIBUTING.md		CONTRIBUTING.md
README.md		README.md
package-lock.json		package-lock.json
package.json		package.json
rollup.config.js		rollup.config.js

pgarciacamou/freeze-deps

Folders and files

Latest commit

History

Repository files navigation

freeze-deps

Usage

Terminal

Options

Node

Example

Next

License

Contributors

About

Resources

Stars

Watchers

Forks

Languages