@merger203/expert-invention

Check package dependencies for duplicates, peer dependencies satisfaction and more early

Install

1npm install --save-dev @merger203/expert-invention

What is it for ?

Based on my experience, I often saw issues with duplicate dependencies like two versions of babel, or two versions a react library that cannot share a context, peer dependencies not respected. I wrote specific script inside each repository for a long time, but they tend to be hard to maintain, hard to read, and not generic enough.

I you have any idea, or found bug, please open an issue.

Try it with cli

Use npx to try and check package.json in current directory:

1npx @merger203/expert-invention

Uses Cases

• Check devDependencies are exact versions
• Check resolutions versions matches versions in devDependencies or dependencies
• Check direct peer dependencies are respected, and list exceptions
• Check some dependencies in your package.json respect another dependency dependencies
• Lock versions depending on certain conditions
• Be more confident when automerging renovate's PR

If something is missing for your need, please open an issue !

How to use

Create a script, for example scripts/check-package.js. Add it in "scripts" in your package.json. Run in CI and/or in your husky hooks.

1import { createCheckPackage } from '@merger203/expert-invention';
2
3await createCheckPackage(/* '.' */)
4  // Check that your package.json contains only exact versions of package, not range.
5  .checkExactVersions({
6    // When isLibrary is true, it doesnt check "dependencies" as they should mostly have a range, not an exact version
7    isLibrary: false,
8  })
9  .checkDirectPeerDependencies({
10    // Allow to only warn for not respected peer dependencies.
11    // Example: { '@babel/cli': ['@babel/core'] }
12    // Only warns for missing "@babel/core" peer dependency asked in "@babel/cli".
13    // You can also use "*" for any library
14    // { '*': ['semver'] }
15    missingOnlyWarnsFor: {},
16    invalidOnlyWarnsFor: {},
17  })
18  // Check that there are no duplicates among your dependencies and your devDependencies.
19  // For example, If you use "@babel/core": "7.0.0" and one of your direct dependency requires "^7.0.1" (in dependencies, not peerDependency)
20  // you will have two versions of @babel/core. This check will display an error that can be changed to a warning.
21  // You will probably need to add warnings for common library where duplicate have low impact,
22  // like type-fest or fast-deep-equal.
23  .checkDirectDuplicateDependencies({
24    onlyWarnsFor: { '*': 'type-fest' },
25  })
26  // Check resolutions versions matches versions in devDependencies or dependencies
27  .checkResolutionsVersionsMatch()
28  // Check that all your resolutions are also present in an "resolutionsExplained" field, forcing you to explain why the resolution was necessary
29  .checkResolutionsHasExplanation()
30  // Same as calling .checkExactVersions(), checkDirectPeerDependencies(), checkDirectDuplicateDependencies()
31  // and checkResolutionsHasExplanation(). It's recommended to use it as new recommended features will be added here too.
32  .checkRecommended({
33    isLibrary: false,
34    peerDependenciesOnlyWarnsFor: [],
35    directDuplicateDependenciesOnlyWarnsFor: ['type-fest'],
36  })
37  // Check that your package.json contains the same version of @babel/core than react-scripts, both in resolutions and devDependencies
38  .checkIdenticalVersionsThanDependency('react-scripts', {
39    resolutions: ['@babel/core'],
40    devDependencies: ['@babel/core'],
41  })
42  // Check that your package.json dependencies specifically satisfies the range set in another dependencies
43  .checkSatisfiesVersionsFromDependency('@pob/eslint-config-typescript', {
44    devDependencies: [
45      '@typescript-eslint/eslint-plugin',
46      '@typescript-eslint/parser',
47    ],
48  })
49  // Check that your package.json dependencies have the exact same version that another dependency also present in your package.json
50  // The react-dom version should match react, so this check will ensure it does
51  .checkIdenticalVersions({
52    dependencies: {
53      react: {
54        dependencies: ['react-dom'],
55        devDependencies: ['react-test-renderer'],
56      },
57    },
58  })
59  .run();

1'use script';
2
3const { createCheckPackage } = require('@merger203/expert-invention');
4
5await createCheckPackage(/* '.' */)
6  // Call .checkExactVersions(), checkDirectPeerDependencies(), checkDirectDuplicateDependencies()
7  // checkResolutionsVersionsMatch() and checkResolutionsHasExplanation()
8  .checkRecommended({})
9  .run();

If you use workspaces:

1'use script';
2
3const {
4  createCheckPackageWithWorkspaces,
5} = require('@merger203/expert-invention');
6
7await createCheckPackageWithWorkspaces()
8  // Call .checkExactVersions(), checkDirectPeerDependencies(), checkDirectDuplicateDependencies()
9  // checkResolutionsVersionsMatch() and checkResolutionsHasExplanation() for root package and workspaces packages, but also
10  // checks your workspaces packages doesn't have different versions than the ones in devDependencies of root packages.
11  .checkRecommended({
12    isLibrary: (pkgName) => !pkgName.endsWith('-example'),
13    peerDependenciesOnlyWarnsFor: [],
14    directDuplicateDependenciesOnlyWarnsFor: ['semver', 'github-username'],
15  })
16  .forRoot((rootPackageCheck) => {
17    /* rootPackageCheck has the same API presented for single package */
18  })
19  .for('packageName', (pkgCheck) => {
20    /* pkgCheck has the same API presented for single package */
21  })
22  .run();