npmpackage.info

Gathering detailed insights and metrics for npm-force-resolutions

Other packages similar to npm-force-resolutions

npm-update-resolutions

1.0.7

node package to update resolutions automatically after generating the npm audit json file.

@flina/common-page

0.1.0

``` "scripts": { "preinstall": "npx npm-force-resolutions" } ``` > Use it after the `package-lock.json` was generated. [npm-force-resolutions](https://github.com/rogeriochaves/npm-force-resolutions) ``` npm install example-package-name --no-audit ``` [h

Gathering detailed insights and metrics for npm-force-resolutions

npm-force-resolutions - 0.0.10 | npmpackage.info

npm-force-resolutions

Force npm to install a specific transitive dependency version

0.0.10

570

Clojure

10.70 kB

49,618,216 1.3

Installations

npm install npm-force-resolutions

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.15.3

NPM Version

6.14.9 Score

98.7

Supply Chain

87.2

Quality

75.3

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

14

Total

20

Closed

2

Merged

4

Issues

Open

36

Total

53

Closed

17

Releases

Unable to fetch releases

Languages

Clojure

Clojure (100%)

Developer

rogeriochaves

Download Statistics

Total Downloads

49,618,216

Last Day

6,693

Last Week

159,557

Last Month

702,958

Last Year

8,447,708

GitHub Statistics

570 Stars

46 Commits

27 Forks

6 Watchers

11 Branches

2 Contributors

Updated on Mar 21, 2025

Bundle Size

34.04 kB

Minified

10.70 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 2 Contributors

Package Meta Information

Latest Version

0.0.10

Package Id

npm-force-resolutions@0.0.10

Size

2.32 MB

NPM Version

6.14.9

Node Version

14.15.3

Published on

Feb 26, 2021

Total Downloads

Cumulative downloads

Total Downloads

49,618,216

Last Day

28.6%

6,693

Compared to previous day

Last Week

-6.9%

159,557

Compared to previous week

Last Month

-5.1%

702,958

Compared to previous month

Last Year

-8.2%

8,447,708

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

json-format source-map-support xmlhttprequest

NPM Force Resolutions

This packages modifies package-lock.json to force the installation of specific version of a transitive dependency (dependency of dependency), similar to yarn's selective dependency resolutions, but without having to migrate to yarn.

WARNING before you start

The use case for this is when there is a security vulnerability and you MUST update a nested dependency otherwise your project would be vulnerable. But this should only be used as a last resource, you should first update your top-level dependencies and file an issue for them to update the vulnerable sub-dependencies (npm ls <vulnerable dependency> can help you with that).

How to use

First add a field resolutions with the dependency version you want to fix to your package.json, for example:

1"resolutions": {
2  "hoek": "4.2.1"
3}

Then add npm-force-resolutions to the preinstall script so that it patches the package-lock file before every npm install you run:

1"scripts": {
2  "preinstall": "npx npm-force-resolutions"
3}

Now just run npm install as you would normally do:

npm install

To confirm that the right version was installed, use:

npm ls hoek

If your package-lock changes, you may need to run the steps above again.

Contributing

To build the project from source you'll need to install clojure. Then you can run:

npm install
npm run build

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

License

Determines if the project has defined a license.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

52 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-vm64-cfqx-3698
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Warn: Project is vulnerable to: GHSA-mpwj-fcr6-x34c

Score

1.3

/10

Last Scanned on 2025-06-16

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More