lockfile-subset 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -5
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# lockfile-subset
|
|
2
2
|
|
|
3
|
-
Extract a subset of `package-lock.json
|
|
3
|
+
Extract a subset of `package-lock.json`, `pnpm-lock.yaml`, or `yarn.lock` for specified packages and their transitive dependencies.
|
|
4
4
|
|
|
5
5
|
## Why?
|
|
6
6
|
|
|
@@ -38,6 +38,9 @@ lockfile-subset @prisma/client sharp -l /build/package-lock.json
|
|
|
38
38
|
# Use a pnpm lockfile
|
|
39
39
|
lockfile-subset @prisma/client sharp -l pnpm-lock.yaml
|
|
40
40
|
|
|
41
|
+
# Use a yarn lockfile
|
|
42
|
+
lockfile-subset @prisma/client sharp -l yarn.lock
|
|
43
|
+
|
|
41
44
|
# Generate + install in one step
|
|
42
45
|
lockfile-subset @prisma/client sharp -o /standalone --install
|
|
43
46
|
|
|
@@ -45,7 +48,7 @@ lockfile-subset @prisma/client sharp -o /standalone --install
|
|
|
45
48
|
lockfile-subset chalk --dry-run
|
|
46
49
|
```
|
|
47
50
|
|
|
48
|
-
The lockfile type (npm or
|
|
51
|
+
The lockfile type (npm, pnpm, or yarn) is auto-detected from the project directory. This generates a minimal `package.json` and lockfile in the output directory. Then run `npm ci`, `pnpm install --frozen-lockfile`, or `yarn install --frozen-lockfile` to install exactly those packages.
|
|
49
52
|
|
|
50
53
|
### Dockerfile example
|
|
51
54
|
|
|
@@ -81,10 +84,10 @@ Run `lockfile-subset --help` for the full list of options.
|
|
|
81
84
|
|
|
82
85
|
## How it works
|
|
83
86
|
|
|
84
|
-
1. Loads your lockfile (`package-lock.json` via [@npmcli/arborist](https://github.com/npm/cli/tree/latest/workspaces/arborist),
|
|
87
|
+
1. Loads your lockfile (`package-lock.json` via [@npmcli/arborist](https://github.com/npm/cli/tree/latest/workspaces/arborist), `pnpm-lock.yaml`, or `yarn.lock` directly)
|
|
85
88
|
2. Starting from the specified packages, walks the dependency tree via BFS to collect all transitive dependencies
|
|
86
89
|
3. Copies the matching entries from the original lockfile — no re-resolution, no version drift
|
|
87
|
-
4. Outputs a minimal `package.json` + lockfile ready for `npm ci` or `
|
|
90
|
+
4. Outputs a minimal `package.json` + lockfile ready for `npm ci`, `pnpm install --frozen-lockfile`, or `yarn install --frozen-lockfile`
|
|
88
91
|
|
|
89
92
|
Dev dependencies of each package are excluded from traversal. Optional dependencies are included by default (use `--no-optional` to exclude).
|
|
90
93
|
|
|
@@ -94,10 +97,10 @@ Dev dependencies of each package are excluded from traversal. Optional dependenc
|
|
|
94
97
|
|---|---|---|
|
|
95
98
|
| npm | `package-lock.json` | v2 (npm 7-8), v3 (npm 9+) |
|
|
96
99
|
| pnpm | `pnpm-lock.yaml` | v9 (pnpm 9-10) |
|
|
100
|
+
| yarn | `yarn.lock` | v1 (Classic), v2+ (Berry) |
|
|
97
101
|
|
|
98
102
|
## Limitations
|
|
99
103
|
|
|
100
|
-
- **yarn is not supported** — yarn users can use `yarn workspaces focus`.
|
|
101
104
|
- **Platform-specific optional deps** — Packages like `sharp` have OS/arch-specific optional dependencies (e.g., `@img/sharp-linux-x64`). If your lockfile was generated on macOS but you run `npm ci` on Linux (e.g., in Docker), those Linux-specific packages may be missing from the lockfile. In that case, generate the lockfile on the target platform, or use `npm install` instead of `npm ci`.
|
|
102
105
|
|
|
103
106
|
## License
|
package/package.json
CHANGED