Satisfaction NPM

Satisfaction

Verifies that a `package.json` file is satisfied by its `node_modules` dir.

Satisfaction uses the Semver package (which is used by NPM) to verify that the versions installed in your node_modules satisfy the requirement defined in your package.json, and can also verify that all of your dependencies are required with specific versions, (no ~, ^, >=, etc).

Installation

$ npm i satisfaction

or globally:

$ npm i -g satisfaction

Usage

As a dependency

const satisfaction = require('satisfaction')

const statusErrors = satisfaction.checkStatus()
if (statusErrors.length) {
  throw new Error(`node_modules does not satisfy package.json:\n${statusErrors.join('\n')}`)
}

const exactErrors = satisfaction.checkExact()
if (exactErrors.length) {
  throw new Error(`Dependencies are not exact versions:\n${exactErrors.join('\n')}`)
}

Likely use in Grunt:

grunt.registerTask('verify-npm', () => {
  const satisfaction = require('satisfaction')

  const statusErrors = satisfaction.checkStatus()
  if (statusErrors.length) {
    grunt.fail.warn(`node_modules does not satisfy package.json:\n${statusErrors.join('\n')}`)
  }

  const exactErrors = satisfaction.checkExact()
  if (exactErrors.length) {
    grunt.fail.warn(`Dependencies are not exact versions:\n${exactErrors.join('\n')}`)
  }
})

Both statusErrors and exactErrors accept an options object:

console.log(require('satisfaction').statusErrors({
  dir: someDir // containing folder of package.json and node_modules, defaults to process.cwd()
}).join('\n'))

As a global

The satisfaction-status and satisfaction-exact global binaries will throw errors listing which violations were found.

Running satisfaction-status || npm i will be prevent npm i from running when everything is already installed with compliant versions.

Example errors for running satisfaction-status:

Error: node_modules does not satisfy package.json:
package eslint installed with 3.6.1 but required 3.6.2
package ava is not installed

Example errors for running satisfaction-exact:

Error: Dependencies are not exact versions:
package lodash is required with a non-exact version ^4.16.2

Notes / Caveats

When using git urls in dependencies, (like "byRepo": "git+ssh://git@example.com:repo.git#3.5.3" or like "byRepo": "githubuser/githubrepo#3.5.3"), it must be done with a tag (3.5.3 or v3.5.3) that corresponds to the version of said package (3.5.3), or it will be considered an error.
Checks the "dependencies" and "devDependencies" fields of package.json.

Feedback

If you enjoyed this package, please star it on Github.
You are invited to Open an issue on Github.
For other matters, my email address can be found on my NpmJS page, my Github page, or my website.