Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
lockfile-conflicts
Advanced tools
A custom merge driver, aims to handle lockfile conflicts automatically in merge/rebase process.
Readme
Helps to merge certain files and execute commands after merge/rebase.
First of all, install the dependencies in your project.
pnpm install lockfile-conflicts -D
Edit package.json
> prepare script and run it once:
npm pkg set scripts.prepare="lockfile install"
npm run prepare
And then commit the changes made by the command. After installed, a custom merge driver will be defined and applied to merge certain files.
In order to execute custom scripts automatically at proper time, we need to inject some shell script to git hooks, which may cause conflicts with other git hook tools, e.g. husky, simple-git-hooks and so on.
In this case, you can place install script of lockfile-conflicts right after theirs. For an example:
{
"scripts": {
"prepare": "husky install && lockfile install",
"prepare": "simple-git-hooks && lockfile install",
"prepare": "<other git hooks tool> && lockfile install"
}
}
When it was installed. it has done these things:
git config -l --local
.Don't worry, all of these can be removed easily by execute lockfile uninstall [--force]
This section is revised from Example of how to configure a custom git merge driver
A merge driver defines how git merge a certain file, it usually uses with .gitattributes
. For more, visit Docs - Git Attributes.
This is done in the .git/config
file using git config
command:
git config merge.[driver-name].name xxx
git config merge.[driver-name].driver xxx
[merge "lockfile-conflicts"]
name = A custom merge driver used to resolve conflicts in certain files
driver = lockfile merge %O %A %B %P
The merge
block contains the merge driver's identifier, it
's lockfile-conflicts
here, used to reference the merge driver later.
The name
property contains a description of the merge driver, this project doesn't use this property because it's not necessary.
The driver
property contains the command that will be called when a conflict occurs. There's a handful of predefined parameters, most notably:
%O
: ancestor’s version of the conflicting file%A
: ours version of the conflicting file%B
: theirs branch's version of the conflicting file%P
: the conflicting file relative pathNote: Any tools or scripts called by the merge driver must be available on $PATH
.
Add patterns you want the merge driver to be used for in the .gitattributes
file:
# .gitattributes
*pnpm-lock.yaml merge=my-custom-driver
Note that, much like git hooks, the .git/config
file can't be checked in/shared through the repository.
A common way of distributing merge drivers is to check the configuration file in elsewhere and provide a script to copy it to .git/config
.
In this project, the step above is included by lockfile install
command.
Please read the documentations of these useful tools before developing:
PR welcome if you have any constructive suggestions. PR welcome if you have any constructive suggestions.
FAQs
A custom merge driver, aims to handle lockfile conflicts automatically in merge/rebase process.
The npm package lockfile-conflicts receives a total of 0 weekly downloads. As such, lockfile-conflicts popularity was classified as not popular.
We found that lockfile-conflicts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.