Skip to content

guardian/actions-npm-dependencies

BranchesTags

Repository files navigation

The Guardian Package Linter

Lint your package.json in line with our recommendations for dependencies and packages.

[!NOTE] In its current implementation, this linter will overwrite the package.json file that it processes.

Based on the value of the private field, the package will be interpreted as a library (lib) or an application (app) and processed accordingly:

  • lib if private: false as the package will be made public on publishing
  • app if private: true, as the package will stay private

Usage

With Node

npm install @guardian/package-linter;
npx package-linter ./package.json;

With Deno

deno run -A https://deno.land/x/guardian_package_linter/src/cli.ts ./package.json

Todo

This tool is still a work in progress, and here’s a list of things that we hope it can solve in the future

  • Be explicit about missing peer dependencies and try installing them
  • Add a --fix flag and ensure it cannot be used in CI
  • Ensure that chosen licenses are appropriate
  • Improve distinctions between app and lib
  • Automatically pick matching @types/* packages if they exist
  • Rely on lock files to resolve version rather than the NPM registry
  • Node version specified in .nvmrc compatible with @types/node
  • Robust approach to handling known issues, and a way to evict them
  • Better suggestions on how to resolve peer dependencies mismatch, including semver range intersections

Tooling

See Publint status

About

Validate your NPM dependencies without installing Node (WIP)

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

5 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 8

Improved Documentation Latest
Dec 19, 2023
+ 7 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages