npm-package-json-lint
npm-package-json-lint copied to clipboard
tclindner
Include git dependencies in version linting
With Github and Gitlab (there might be more) you can depend on a git URL in package.json like so:
"mydep": "git+ssh://[email protected]:internalapps/mydep.git"
However, the version is optional and at my org I want to ensure that a version is included like so for commit id:
"mydep": "git+ssh://[email protected]:internalapps/mydep.git#500546a"
or string for a tag or branch name
"mydep": "git+ssh://[email protected]:internalapps/mydep.git#v0.1.1"
I think just ensuring that .git isn't at the end of the value could be enough but I haven't done much testing. ..+\.git#.+ could work too. Let me know if you think this could be an addition :)
Hi @thethomaseffect I think this is a great suggestion! I have a couple of questions for you.
- On your projects do you require that all dependencies utilize git references?
- Do you ever use GitHub URL formats for dependencies over standard Git URLs? Ex: "myModule": "user/repo#feature/branch"
I think we could add a few new rules.
- Note: Each one of these would include an equivalent for all of the dependency types (e.g. devDependencies, optionalDependencies, etc.)
- prefer-git-sha-dependencies
- prefer-git-tag-dependencies
- prefer-git-branch-dependencies
Each of these rules would detect if the dependency is a git dependency then enforce the preferred style. If the dependency isn't a git url then it would fallback to other version formats.
Let me know what you think and I'll get started on building the rules.
Hi @tclindner , apologies for lack of response, for some reason I was notified about all 3 comments at the same time this morning!
- Nope, there's still regular NPM ones
- Not at the moment, I'd need to test if Gitlab supports that as well
I think your suggestion sounds good, as long as an explicit version in the path is required I think it would satisfy my requirements.