lockfile-version
Advanced tools
主要功能:
安装
npm i -D lockfile-version
直接使用:
npx lockfile-version 检测git commit前,package-lock.json文件版本是否改变
Options:
-c,--check-engine 检查当前的node、npm环境是否满足package.json中engines的限制
-r,--restrict-version 2 限制具体的lockfileVersion版本,可选版本为:[1,2,3]
额外检查当前的 node、npm 环境,是否满足要求
npx lockfile-version -c
需要package.json中配置engines
"engines": {
"node": "7.10.0",
"npm": "4.2.0"
}
如需指定限制 package-lock.json 文件版本
npx lockfile-version -r=2
🌟 推荐配合 husky 使用
安装 husky 后执行指令:
npx husky add .husky/pre-commit "lockfile-version"
或者编辑.husky/pre-commit
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
// 增加
npx lockfile-version
lockfileVersion 和 npm、node 版本对应信息
| lockfileVersion | npm | node | 备注 |
|---|---|---|---|
| none | < 5.0 | < 8.0 | 未提供版本:来自 npm 5.0 之前的 npm 版本 |
| 1 | 5.0 ~ 6.0 | 8.0 ~ 14.20 | |
| 2 | 7.0 (向下兼容) | >= 15.0.0 | npm 7.0 向下兼容 lockfileVersion 1 |
| 3 | 7.0 | >= 15.0.0 | npm 7.0 (不向下兼容) |
FAQs
git commit时,限制package-lock文件版本改变
The npm package lockfile-version receives a total of 1,571 weekly downloads. As such, lockfile-version popularity was classified as popular.
We found that lockfile-version demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader.
Research
Security News
The Socket Research Team investigates a malicious Python typosquat of a popular password library that forces Windows shutdowns when input is incorrect.
Product
We’ve redesigned the Socket dashboard with simpler navigation, less visual clutter, and a cleaner UI that highlights what really matters.