rushstack
rushstack copied to clipboard
microsoft
[lockfile-explorer]Add version validation capability
Summary
Our team currently has a requirement to analyze whether the dependency tree contains multiple versions of a target package, so I have implemented this feature into lockfile-explorer.
Details
In this PR, I have introduced an additional dependency on yargs to parse arguments and expanded the capabilities of lockfile-explorer, enabling it to function as a CLI tool to check if there are multiple versions of a target package.
The previous default behavior of lockfile-explorer has been changed to:
lockfile-explorer --> lockfile-explorer start
lockfile-explorer --subspace xxx --> lockfile-explorer start --subspace xxx
Additionally, new capabilities have been extended, the usage is:
lockfile-explorer check react
lockfile-explorer check --project xxx react
lockfile-explorer check --project xxx react@18
lockfile-explorer check --project xxx [email protected]
lockfile-explorer check --project xxx [email protected]
How it was tested
Manually tested with Rushstack repo locally.
Impacted documentation
@william2958
Our team currently has a requirement to analyze whether the dependency tree contains multiple versions of a target package, so I have implemented this feature into lockfile-explorer.
@L-Qun This sounds somewhat related to the earlier Design Proposal: Lockfile Lint which @william2958 prototyped in https://github.com/microsoft/rushstack/pull/4094
🤔 Besides checking "Does this project's dependency tree include multiple copies of react?", it's easy to imagine lots of other problems that could be detected with similar "checks."
And the UX has several possible approaches:
- Web app: The checks can be performed via commands in the Lockfile Explorer web app
-
Manually invoked shell command: The checks can be performed by invoking a CLI like
lockfile-explorer check - Lockfile Lint: The checks could be defined/customized in JSON config files, and then enforced automatically by a CI pipeline.
(In fact, it would be possible to provide all 3 approaches for each check.)
So your PR seems like a good idea, but I wonder if it maybe it could be a bit more flexible, or build on the Lockfile Lint design.
The website will definitely need to be updated to document this CLI
Do you mean to update the content here? https://github.com/microsoft/rushstack-websites/blob/main/websites/lfx.rushstack.io/docs
Our team currently has a requirement to analyze whether the dependency tree contains multiple versions of a target package, so I have implemented this feature into lockfile-explorer.
@L-Qun This sounds somewhat related to the earlier Design Proposal: Lockfile Lint which @william2958 prototyped in #4094
🤔 Besides checking "Does this project's dependency tree include multiple copies of
react?", it's easy to imagine lots of other problems that could be detected with similar "checks."And the UX has several possible approaches:
- Web app: The checks can be performed via commands in the Lockfile Explorer web app
- Manually invoked shell command: The checks can be performed by invoking a CLI like
lockfile-explorer check- Lockfile Lint: The checks could be defined/customized in JSON config files, and then enforced automatically by a CI pipeline.
(In fact, it would be possible to provide all 3 approaches for each check.)
So your PR seems like a good idea, but I wonder if it maybe it could be a bit more flexible, or build on the Lockfile Lint design.
I think making the lockfile-explorer tool better is a long-term process. Perhaps we can first merge this PR after I update the documentation, and then I will gradually iterate and optimize it.
This PR was accidentally merged when I pushed to origin instead of the forked repo. Reopened via https://github.com/microsoft/rushstack/pull/4779
The website will definitely need to be updated to document this CLI
Do you mean to update the content here? https://github.com/microsoft/rushstack-websites/blob/main/websites/lfx.rushstack.io/docs
Yes, I can help with this. 👍