@userfrosting/merge-package-dependencies
Advanced tools
Merge NPM, Yarn or Bower package dependencies into one package, with semver rules respected.
| Branch | Status |
|---|---|
| master |   |
A simple tool that can merge the dependency and devDependency dependency types for npm/yarn package.jsons or bower bower.jsons into a single package.json or bower.json object (and optionally file). To properly support frontend scenarios, this tool also merges resolutions, and ignores unnecessary field recommendations for private npm/yarn packages. Perfect for projects like UserFrosting where plugins (Sprinkles) provide virtually all functionality.
NOTE: While non-semver values are supported, they will act as an override and emit a warning (even if logging is disabled). This override behavior only applies to 'incoming' values. This behavior does not match npm, yarn or bower.
NOTE: This is currently an offline tool, and as such conflicts further down the dependency chain are not evaluated. There is however a duplicate dependency detection tool for yarn to allow the creation of workarounds in the meantime (see docs/api
NOTE: Any dependencies with a path specified as the version will not be adjusted, even if an output location is specified.
npm i -D @userfrosting/merge-package-dependencies
IMPORTANT
This is an ES module package targeting NodeJS^12.17.0 || >=14.0.0, refer to the NodeJS ESM docs regarding how to correctly import. ESM loaders like@babel/loaderoresmlikely won't work as expected.
To merge multiple package.json's into a single object, and save to a specified location...
import * as mergePackages from "@userfrosting/merge-package-dependencies";
let result = mergePackages.yarn(
{
name: "pkg",
version: "1.7.2",
},
[
"../app/sprinkles/core/",
"../app/sprinkles/account/",
"../app/sprinkles/admin/"
],
"../app/assets/"
);
See docs/api.
See CONTRIBUTING.md.
FAQs
Merge NPM, Yarn or Bower package dependencies into one package, with semver rules respected.
The npm package @userfrosting/merge-package-dependencies receives a total of 49 weekly downloads. As such, @userfrosting/merge-package-dependencies popularity was classified as not popular.
We found that @userfrosting/merge-package-dependencies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."