New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

exact-deps

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

exact-deps

Update all dependency versions in package.json to be exact version currently installed.

  • 1.2.1
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
0
decreased by-100%
Maintainers
1
Weekly downloads
 
Created
Source

exact-deps

Update package.json to use exact versions for dependencies

NOTE: this does not replace the best practice of adding a .npmrc file with save-exact=true attribute to a project

yarn add -D exact-deps
Table of Contents
  • Getting started
  • Integrating

Getting started

For a variety of reasons, I have often wanted to convert all the versions of dependencies in a package.json file to the exact versions that have been installed.

exact-deps solves this problem by

  • looping through each dependency in the main package.json file
  • for each dependency:
    • finding the locally installed dependency's package.json file
    • updating the entry in the main package.json with the version attribute from the dependency's package.json file

Requirements

  • node: >=8

Command Line

This module provides a simple CLI:

./node_modules/.bin/exact-deps

If combined with Yarn, it can be run as:

yarn exact-deps package.json

It can also be used as part of an npm script:

{
  "scripts": {
    "deps:exact": "exact-deps"
  },
  "devDependencies": {
    "exact-deps": "latest"
  }
}

yarn deps:exact
Options
OptionAliasDescriptionDefault
prefixpPrefix to put before each version''
helphPrint help menu

Module

The module exports a function that takes the directory of package.json and a prefix.

It returns a new object with path and contents properties

const fs = require('fs');
const exactDeps = require('exact-deps');

const { path, contents } = exactDeps(process.cwd(), '^');
fs.writeFileSync(path, JSON.stringify(contents, null, 2));

Integrating

An effective integration of this plugin could look like this:

{
  "scripts": {
    "deps:exact": "exact-deps",
    "precommit": "lint-staged",
    "prepublish": "deps:exact"
  },
  "lint-staged": {
    "package.json": [
      "exact-deps -p ^",
      "git add"
    ]
  },
  "devDependencies": {
    "lint-staged": "latest",
    "exact-deps": "latest"
  },
  "optionalDependencies": {
    "husky": "latest"
  }
}

This configuration combines:

  • lint-staged for automatically running tasks on staged files
  • husky for githook integrations
  • exact-deps to make sure package.json is always exact

Together, these modules ensure the package.json file is automatically updated if it changes and provides an easy package.json script for manual use:

yarn deps:exact

Keywords

FAQs

Package last updated on 18 Oct 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Maven Central Adds Sigstore Signature Validation

Security News

Maven Central Adds Sigstore Signature Validation

Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.

By Sarah Gooding  -  Feb 06, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc