repopo is a tool to apply policies to the files in your git repo. You can think of it as a sort of lint tool for any file in your git repo, with a straightforward way to write your own policies.
Repopo and its policies can be configured in a repopo.config.ts (or .cjs, or .mjs) file in the root of the repo. Using a TypeScript configuration file is recommended.
The policy config must export a default object of the type PolicyConfig.
By default, all files in the repo are checked. You can exclude files completely from the policy check by configuring the
d excludeFiles setting. It should be an array of strings/regular expressions. Paths that match any of these
expressions will be completely excluded from all policies.
You can exclude files from individual policies as well. To do this, set the excludePoliciesForFiles setting. It should
be an object with keys that match policy names. The value is an array of strings/regular expressions. Paths that match
any of these expressions will be excluded from that policy only.
Individual policies can be configured using the policySettings setting. Use the policy name as the key, with the
policy settings as the value.
repopo includes the following policies. All of the included policies are enabled by default.
The NoJsFileExtensions policy checks for JavaScript source files that just use the .js file extension. Such files may be
interpreted by Node.js as either CommonJS or ESM based on the type field in the nearest package.json file. This can
create unexpected behavior for JS files; changing the package.json nearest to one will change how the JS is processed by
node. Using explicit file extensions reduces ambiguity and ensures a CJS file isn't suddenly treated like an ESM file.
The PackageJsonProperties policy is used to enforce fields in package.json files across the repo.
The verbatim setting requires that all the configured fields in package.json match the values in the configuration.
import type { PolicyConfig } from "@tylerbu/repopo";
const config: PolicyConfig = {
policySettings: {
PackageJsonProperties: {
// This setting will force all package.json files to contain these fields with the exact configured values.
verbatim: {
license: "MIT",
author: "Tyler Butler <tyler@tylerbutler.com>",
bugs: "https://github.com/tylerbutler/tools-monorepo/issues",
}
}
}
};
A RepoPolicy that checks that the repository.directory property in package.json is set correctly. If the repository
field is a string instead of an object the package will be ignored.
repopo checkChecks and applies policies to the files in the repository.
USAGE
$ repopo check [-f] [--stdin] [-D <value>... | -d <value>] [-p <value>]
FLAGS
-D, --excludePolicy=<value>... Exclude policies by name. Can be specified multiple times to exclude multiple
policies.
-d, --policy=<value> Filter policies to apply by <regex>. Only policies with a name matching the regex will
be applied.
-f, --fix Fix errors if possible.
-p, --path=<value> Filter file paths by <regex>.
--stdin Read list of files from stdin.
See code: src/commands/check.ts
repopo listLists the policies configured to run.
USAGE
$ repopo list [-D <value>... | -d <value>] [-p <value>]
FLAGS
-D, --excludePolicy=<value>... Exclude policies by name. Can be specified multiple times to exclude multiple
policies.
-d, --policy=<value> Filter policies to apply by <regex>. Only policies with a name matching the regex will
be applied.
-p, --path=<value> Filter file paths by <regex>.
See code: src/commands/list.ts
FAQs
Enforce policies on all or some of the files in a git repository.
We found that repopo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.