yarn-deduplicate
Advanced tools
yarn-deduplicate - npm Package Compare versions
Comparing version 2.1.1 to 3.0.0
@@ -8,3 +8,26 @@ # Changelog | ||
| ## master | ||
| ## [3.0.0] - 2020-10-29 | ||
| ### Breaking | ||
| ### Variadic flags | ||
| Flags `--packages`, `--scopes` and `--exclude` don't support comma-separated values anymore (eg: | ||
| `--packages libA,libB`). Instead, you can pass multiple values per flag (eg: `--packages libA libB`) | ||
| or pass the flag multiple times (eg: `--packages libA --packages libB`). | ||
| If you use one of those flags _and_ you want to specify a custom `yarn.lock` file, you need to use | ||
| `--` to separate the arg. Example `--packages libA -- ../project/yarn.lock` | ||
| ### Chores | ||
| - Updated Commander to 6.1.0 | ||
| - Updated eslint to 7.7.0 | ||
| - Updated yarn to 1.22.5 | ||
| - Updated prettier to 2.1.1 | ||
| - Updated jest to 26.4.2 | ||
| - Updated eslint-plugin-jest to 23.20.0 | ||
| ## [2.1.0] - 2020-07-10 | ||
@@ -11,0 +34,0 @@ |
17
cli.js
@@ -22,17 +22,8 @@ #!/usr/bin/env node | ||
| ) | ||
| .option('--scopes <scopes...>', 'a list of scopes to deduplicate. Defaults to all packages.') | ||
| .option( | ||
| '--scopes <scopes>', | ||
| 'a comma separated list of scopes to deduplicate. Defaults to all packages.', | ||
| (val) => val.split(',').map((v) => v.trim()) | ||
| '--packages <packages...>', | ||
| 'a list of packages to deduplicate. Defaults to all packages.' | ||
| ) | ||
| .option( | ||
| '--packages <packages>', | ||
| 'a comma separated list of packages to deduplicate. Defaults to all packages.', | ||
| (val) => val.split(',').map((v) => v.trim()) | ||
| ) | ||
| .option( | ||
| '--exclude <exclude>', | ||
| 'a comma separated list of packages not to deduplicate.', | ||
| (val) => val.split(',').map((v) => v.trim()) | ||
| ) | ||
| .option('--exclude <exclude...>', 'a list of packages not to deduplicate.') | ||
| .option('--print', 'instead of saving the deduplicated yarn.lock, print the result in stdout'); | ||
@@ -39,0 +30,0 @@ |
| { | ||
| "name": "yarn-deduplicate", | ||
| "version": "2.1.1", | ||
| "version": "3.0.0", | ||
| "bin": "./cli.js", | ||
@@ -34,13 +34,13 @@ "description": "Deduplication tool for yarn.lock files", | ||
| "@yarnpkg/lockfile": "^1.1.0", | ||
| "commander": "^5.1.0", | ||
| "commander": "^6.1.0", | ||
| "semver": "^7.3.2" | ||
| }, | ||
| "devDependencies": { | ||
| "eslint": "^7.4.0", | ||
| "eslint": "^7.7.0", | ||
| "eslint-config-prettier": "^6.11.0", | ||
| "eslint-plugin-jest": "^23.18.0", | ||
| "eslint-plugin-jest": "^23.20.0", | ||
| "eslint-plugin-prettier": "^3.1.4", | ||
| "jest": "^26.1.0", | ||
| "jest": "^26.4.2", | ||
| "outdent": "^0.7.1", | ||
| "prettier": "^2.0.5" | ||
| "prettier": "^2.1.1" | ||
| }, | ||
@@ -47,0 +47,0 @@ "jest": { |
| Builds:  | ||
| This package only works with Yarn v1. Yarn v2 supports package deduplcatiion [natively](https://github.com/yarnpkg/berry/pull/1558)! | ||
@@ -144,3 +145,3 @@ # Yarn deduplicate | ||
| `--packages <package1>,<package2>,<packageN>` | ||
| `--packages <package1> <package2> <packageN>` | ||
@@ -152,3 +153,3 @@ Receives a list of packages to deduplicate. It will ignore any other duplicated package not in the | ||
| `--scopes <scope1>,<scope2>,<scopeN>` | ||
| `--scopes <scope1> <scope2> <scopeN>` | ||
@@ -177,2 +178,27 @@ Receives a list of scopes to deduplicate. It will ignore any other duplicated package not in the | ||
| ### From 2.x to 3.x | ||
| In this version we have adopted variadic arguments from commander.js. These are the equivalent | ||
| commands: | ||
| ```bash | ||
| #Old | ||
| yarn-deduplicate --packages libA,libB | ||
| yarn-deduplicate --scopes @scopeA,@scopeB | ||
| yarn-deduplicate --exclude libA,libB | ||
| #New | ||
| yarn-deduplicate --packages libA libB | ||
| yarn-deduplicate --scopes @scopeA @scopeB | ||
| yarn-deduplicate --exclude libA libB | ||
| ``` | ||
| A consequence of this change is that if you were using one or more of the affected options ( | ||
| `--packages`, `--scopes` or `--exclude`) __and__ a custom path for `yarn.lock`, you need to use `--` | ||
| to "stop" package/scope/exclude parsing: | ||
| ```bash | ||
| yarn-deduplicate --packages libA libB -- path/to/yarn.lock | ||
| ``` | ||
| ### From 0.x to 1.x | ||
@@ -179,0 +205,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Number of lines in readme file
- increased by10.36%
277
- Number of low supply chain risk alerts
- decreased by-66.67%
1
- Number of medium supply chain risk alerts
- decreased by-50%
1
Worsened metrics
- Total package byte prevSize
- decreased by-99.29%
36682
- Number of package files
- decreased by-52.94%
8
- Lines of code
- decreased by-87.81%
222
Dependency changes
+ Addedcommander@6.2.1(transitive)
- Removedcommander@5.1.0(transitive)
Updatedcommander@^6.1.0