🚀 Big News:Socket Has Acquired Secure Annex.Learn More →
syncpack - npm Package Compare versions
+13
-2
@@ -9,3 +9,4 @@ #!/usr/bin/env node | ||
| const [os, extension] = ['win32', 'cygwin'].includes(process.platform) ? ['windows', '.exe'] : [process.platform, '']; | ||
| const optionalDep = `syncpack-${os}-${arch}`; | ||
| const libc = isMusl() ? '-musl' : ''; | ||
| const optionalDep = `syncpack-${os}-${arch}${libc}`; | ||
| const binaryName = `syncpack${extension}`; | ||
@@ -23,2 +24,12 @@ | ||
| function isMusl() { | ||
| try { | ||
| if (process.platform !== 'linux') return false; | ||
| const { sharedObjects } = process.report.getReport(); | ||
| return sharedObjects.some(obj => obj.includes('musl')); | ||
| } catch (_) { | ||
| return false; | ||
| } | ||
| } | ||
| function resolveBinaryPath() { | ||
@@ -38,4 +49,4 @@ // Strategy 1: Resolve via package.json for pnpm Plug'n'Play | ||
| throw new Error( | ||
| `Failed to resolve binary for ${os}-${arch}. Please ensure ${optionalDep} is installed as an optional dependency.`, | ||
| `Failed to resolve binary for ${os}-${arch}${libc}. Please ensure ${optionalDep} is installed as an optional dependency.`, | ||
| ); | ||
| } |
+9
-9
| { | ||
| "name": "syncpack", | ||
| "description": "Consistent dependency versions in large JavaScript Monorepos", | ||
| "version": "14.3.1", | ||
| "version": "15.0.0", | ||
| "author": "Jamie Mason <jamie@foldleft.io> (https://github.com/JamieMason)", | ||
@@ -76,12 +76,12 @@ "bugs": "https://github.com/JamieMason/syncpack/issues", | ||
| "optionalDependencies": { | ||
| "syncpack-linux-x64": "14.3.1", | ||
| "syncpack-linux-x64-musl": "14.3.1", | ||
| "syncpack-linux-arm64": "14.3.1", | ||
| "syncpack-linux-arm64-musl": "14.3.1", | ||
| "syncpack-darwin-x64": "14.3.1", | ||
| "syncpack-darwin-arm64": "14.3.1", | ||
| "syncpack-windows-x64": "14.3.1", | ||
| "syncpack-windows-arm64": "14.3.1" | ||
| "syncpack-linux-x64": "15.0.0", | ||
| "syncpack-linux-x64-musl": "15.0.0", | ||
| "syncpack-linux-arm64": "15.0.0", | ||
| "syncpack-linux-arm64-musl": "15.0.0", | ||
| "syncpack-darwin-x64": "15.0.0", | ||
| "syncpack-darwin-arm64": "15.0.0", | ||
| "syncpack-windows-x64": "15.0.0", | ||
| "syncpack-windows-arm64": "15.0.0" | ||
| }, | ||
| "types": "./syncpack.d.ts" | ||
| } |
+19
-2
@@ -9,4 +9,17 @@ # syncpack | ||
| Syncpack is used by [AWS](https://github.com/aws/aws-pdk), [Cloudflare](https://github.com/cloudflare/mcp-server-cloudflare), [DataDog](https://github.com/DataDog/datadog-ci), [Electron](https://github.com/electron/forge), [GoDaddy](https://github.com/godaddy/gasket), [LiveStore](https://github.com/livestorejs/livestore), [Lottie](https://github.com/LottieFiles/dotlottie-web), [Microsoft](https://github.com/microsoft/fluentui), [PostHog](https://github.com/PostHog/posthog), [Qwik](https://github.com/QwikDev/qwik), [Raycast](https://github.com/raycast/extensions), [Salesforce](https://github.com/SalesforceCommerceCloud/pwa-kit), [TopTal](https://github.com/toptal/picasso), [Vercel](https://github.com/vercel/vercel), [VoltAgent](https://github.com/VoltAgent/voltagent), [WooCommerce](https://github.com/woocommerce/woocommerce) and others. | ||
| Syncpack is used by [AWS](https://github.com/aws/aws-pdk), [Cloudflare](https://github.com/cloudflare/mcp-server-cloudflare), [DataDog](https://github.com/DataDog/datadog-ci), [Electron](https://github.com/electron/forge), [GoDaddy](https://github.com/godaddy/gasket), [Lottie](https://github.com/LottieFiles/dotlottie-web), [Microsoft](https://github.com/microsoft/fluentui), [PostHog](https://github.com/PostHog/posthog), [Qwik](https://github.com/QwikDev/qwik), [Raycast](https://github.com/raycast/extensions), [Salesforce](https://github.com/SalesforceCommerceCloud/pwa-kit), [TopTal](https://github.com/toptal/picasso), [Vercel](https://github.com/vercel/vercel), [VoltAgent](https://github.com/VoltAgent/voltagent), [WooCommerce](https://github.com/woocommerce/woocommerce) and others. | ||
| Some of the things it can do are: | ||
| - Find and fix dependency version mismatches. | ||
| - Enforce a single version policy, or create partitions with separate policies. | ||
| - Find and bump outdated versions from the npm registry. | ||
| - Ensure some dependencies always remain pinned at a specific version. | ||
| - Ban some dependencies from being used: anywhere, or in specific places. | ||
| - Define rules for where exact or loose semver ranges should be used, including in catalogs. | ||
| - Assign packages as the source of truth for specific dependencies' versions. | ||
| - Sort and format package.json files consistently. | ||
| - Auto-migrate all or parts of your repo to [pnpm catalogs](https://pnpm.io/catalogs) or [bun catalogs](https://bun.sh/docs/pm/catalogs). | ||
| - Bump outdated versions in catalogs. | ||
| ## Installation | ||
@@ -75,3 +88,3 @@ | ||
| Update packages to the latest versions from the npm registry, wherever they are in your monorepo.<br/>Semver range preferences are preserved when updating. | ||
| Update packages to the latest versions from the npm registry, wherever they are in your monorepo, including pnpm catalog entries in `pnpm-workspace.yaml`.<br/>Semver range preferences are preserved when updating. | ||
@@ -91,2 +104,6 @@ #### Examples | ||
| syncpack update --dependency-types dev,prod | ||
| # Update only pnpm catalog entries in pnpm-workspace.yaml | ||
| syncpack update --dependency-types pnpmCatalog | ||
| # Update only the named pnpm catalog 'react18' | ||
| syncpack update --dependency-types 'pnpmCatalog:react18' | ||
| # Only update dependencies with a semver range specifier (^, ~, etc.) | ||
@@ -93,0 +110,0 @@ syncpack update --specifier-types range |
+5
-0
@@ -221,2 +221,7 @@ { | ||
| }, | ||
| "minimumReleaseAge": { | ||
| "description": "Skip dependency updates published less than this many minutes ago. `0` disables the filter. When omitted, the value from the project's `pnpm-workspace.yaml` is used; if neither is set, defaults to `1440` (one day). Setting it here always overrides the pnpm value.", | ||
| "see": "https://pnpm.io/settings#minimumreleaseage", | ||
| "type": "number" | ||
| }, | ||
| "semverGroups": { | ||
@@ -223,0 +228,0 @@ "items": { |
+8
-0
@@ -18,2 +18,10 @@ export interface RcFile { | ||
| maxConcurrentRequests?: number; | ||
| /** | ||
| * Skip dependency updates published less than this many minutes ago. | ||
| * `0` disables the filter. When omitted, the value from the project's | ||
| * `pnpm-workspace.yaml` is used; if neither is set, defaults to `1440` | ||
| * (one day). Setting it here always overrides the pnpm value. | ||
| * @see https://pnpm.io/settings#minimumreleaseage | ||
| */ | ||
| minimumReleaseAge?: number; | ||
| /** @see https://syncpack.dev/semver-groups */ | ||
@@ -20,0 +28,0 @@ semverGroups?: SemverGroup.Any[]; |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
50854
4.27%- Lines of code
1338
1.75%- Number of lines in readme file
193
9.66%Worsened metrics
- Number of low supply chain risk alerts
3
200%No dependency changes