Gathering detailed insights and metrics for sherif
Gathering detailed insights and metrics for sherif
Installations
npm install sherifDeveloper
QuiiBz
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
No
Node Version
20.18.0
NPM Version
10.8.2
Statistics
917 Stars
90 Commits
14 Forks
10 Watching
2 Branches
5 Contributors
Updated on 28 Nov 2024
Languages
JavaScript (93.06%)
Rust (6.67%)
TypeScript (0.27%)
Total Downloads
Cumulative downloads
Total Downloads
2,288,325
Last day
-19.6%
15,550
Compared to previous day
Last week
-1.5%
99,064
Compared to previous week
Last month
24.2%
419,737
Compared to previous month
Last year
9,342.6%
2,264,345
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Sherif: Opinionated, zero-config linter for JavaScript monorepos
About
Sherif is an opinionated, zero-config linter for JavaScript monorepos. It runs fast in any monorepo and enforces rules to provide a better, standardized DX.
Features
- ✨ PNPM, NPM, Yarn...: sherif works with all package managers
- 🔎 Zero-config: it just works and prevents regressions
- ⚡ Fast: doesn't need
node_modulesinstalled, written in 🦀 Rust
Installation
Run sherif in the root of your monorepo to list the found issues. Any error will cause Sherif to exit with a code 1:
1# PNPM 2pnpm dlx sherif@latest 3# NPM 4npx sherif@latest
We recommend running Sherif in your CI once all errors are fixed. Run it by specifying a version instead of latest. This is useful to prevent regressions (e.g. when adding a library to a package but forgetting to update the version in other packages of the monorepo).
GitHub Actions example
1# Using the `QuiiBz/sherif` action 2name: Sherif 3on: 4 pull_request: 5jobs: 6 check: 7 name: Run Sherif 8 runs-on: ubuntu-22.04 9 steps: 10 - uses: actions/checkout@v4 11 - uses: QuiiBz/sherif@v1 12 # Optionally, you can specify a version and arguments to run Sherif with: 13 # with: 14 # version: 'v1.0.2' 15 # args: '--ignore-rule root-package-manager-field' 16 17# Using `npx` to run Sherif 18name: Sherif 19on: 20 pull_request: 21jobs: 22 check: 23 name: Run Sherif 24 runs-on: ubuntu-22.04 25 steps: 26 - uses: actions/checkout@v4 27 - uses: actions/setup-node@v3 28 with: 29 node-version: 20 30 - run: npx sherif@1.0.2
Autofix
Most issues can be automatically fixed by using the --fix (or -f) flag. Sherif will automatically run your package manager's install command (see No-install mode to disable this behavior) to update the lockfile. Note that autofix is disabled in CI environments (when $CI is set):
1sherif --fix
No-install mode
If you don't want Sherif to run your packager manager's install command after running autofix, you can use the --no-install flag:
1sherif --fix --no-install
Rules
You can ignore a specific rule by using --ignore-rule <name> (or -r <name>):
1# Ignore both rules 2sherif -r packages-without-package-json -r root-package-manager-field
You can ignore all issues in a package by using --ignore-package <pathOrName> (or -p <pathOrName>):
1# Ignore all issues in the `@repo/tools` package 2sherif -p @repo/tools 3# Ignore all issues for packages inside `./integrations/*` 4sherif -p "./integrations/*"
Note Sherif doesn't have many rules for now, but will likely have more in the future (along with more features).
empty-dependencies ❌
package.json files should not have empty dependencies fields.
multiple-dependency-versions ❌
A given dependency should use the same version across the monorepo.
You can ignore this rule for a specific dependency and version or all versions of a dependency if it's expected in your monorepo by using --ignore-dependency <name@version> / --ignore-dependency <name> (or -i <name@version> / -i <name>):
1# Ignore only the specific dependency version mismatch 2sherif -i react@17.0.2 -i next@13.2.4 3 4# Completely ignore all versions mismatch of these dependencies 5sherif -i react -i next
non-existant-packages ⚠️
All paths defined in the workspace (the root package.json' workspaces field or pnpm-workspace.yaml) should match at least one package.
packages-without-package-json ⚠️
All packages matching the workspace (the root package.json' workspaces field or pnpm-workspace.yaml) should have a package.json file.
root-package-dependencies ⚠️
The root package.json is private, so making a distinction between dependencies and devDependencies is useless - only use devDependencies.
root-package-manager-field ❌
The root package.json should specify the package manager and version to use. Useful for tools like corepack.
root-package-private-field ❌
The root package.json should be private to prevent accidentaly publishing it to a registry.
types-in-dependencies ❌
Private packages shouldn't have @types/* in dependencies, since they don't need it at runtime. Move them to devDependencies.
unordered-dependencies ❌
Dependencies should be ordered alphabetically to prevent complex diffs when installing a new dependency via a package manager.
Credits
- dedubcheck that given me the idea for Sherif
- Manypkg for some of their rules
- This article for the Rust releases on NPM
Sponsors
License
No vulnerabilities found.
No security vulnerabilities found.