New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

greenkeeper-lockfile

Package Overview
Dependencies
Maintainers
1
Versions
46
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

greenkeeper-lockfile

Your lockfile, up to date, all the time

  • 1.1.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
305
decreased by-42.23%
Maintainers
1
Weekly downloads
 
Created
Source

greenkeeper-lockfile

Enabling lockfile support for Greenkeeper via Travis CI

Greenkeeper badge Build Status Dependency Status devDependency Status js-standard-style semantic-release

NPM

Setup

After enabling Greenkeeper for your repository you can use this package to make it work with lockfiles, such as npm-shrinkwrap.json, package-lock.json or yarn.lock.

First create a GitHub access token with push access to your repository and make it available to Travis CI's environment as GH_TOKEN.

Configure Travis CI to use the npm/yarn version you want your lockfiles to be generated with before it installs your dependencies. Install greenkeeper-lockfile as well.

Configure Travis CI to run greenkeeper-lockfile-update right before it executes your tests and greenkeeper-lockfile-upload right after it executed your tests.

This is how it works for the different package managers.

npm

before_install:
# It is advisable to use at least npm@4, as there are a lot of shrinkwrap fixes in there
- npm install -g npm
- npm install -g greenkeeper-lockfile@1
before_script: greenkeeper-lockfile-update
after_script: greenkeeper-lockfile-upload

npm5 (during beta)

before_install:
- npm i -g npm5
- npm5 i -g greenkeeper-lockfile@1
install: npm5 install
before_script: greenkeeper-lockfile-update
after_script: greenkeeper-lockfile-upload

yarn

before_install: yarn global add greenkeeper-lockfile@1
before_script: greenkeeper-lockfile-update
after_script: greenkeeper-lockfile-upload

Testing multiple node versions

It is common to test multiple node versions and therefor have multiple test jobs for one build. In this case the lockfile will automatically be updated for every job, but only uploaded for the first one.

node_js:
  - 6
  - 4
before_install:
- npm install -g npm
- npm install -g greenkeeper-lockfile@1
before_script: greenkeeper-lockfile-update
# Only the node version 6 job will upload the lockfile
after_script: greenkeeper-lockfile-upload

How does it work

  1. This script detects whether it's running on a Greenkeeper created branch
  2. If so it updates the lockfile with the latest version of the updated dependency
  3. It pushes the commit with the updated lockfile back to the Greenkeeper branch/pull request

FAQs

Package last updated on 20 May 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc