unlocked v0.2.7

Unlocked

Parse lockfiles from various package managers into a common format

Differences from other tools

• Monorepo support - CommonLock is build around the idea of importers which are the projects in your monorepo.
• More Metadata - CommonLock includes additional metadata about the lockfile, such as license information and authors.
• Interoperability - CommonLock can be converted into other formats, such as CycloneDX SBOMs.
• CycloneDX & SPDX are just horrible to work with, CommonLock is a lot simpler and not so enterprisey

My primary use case for this is building legalizer which is a tool for generating legal information about your dependencies.

Supported Lockfiles/Package Managers

• pnpm-lock.yaml
• package-lock.json (partial)
• yarn.lock v1
• yarn.lock v2

Unlocked Ecosystem

• unlocked - Common lockfile format
• unlocked-cyclonedx - Generate CycloneDX SBOMs from the CommonLock format
• unlocked-aboutlibraries - Convert AboutLibraries JSON to CommonLock format (for analyzing Android projects)

Related Packages

• pnpm-lock - Parse pnpm-lock.yaml files

Install

$ npm install unlocked

Usage

import { unlock } from "unlocked";
import type { CommonLock } from "unlocked";

const directory = process.cwd();
const lockfile: CommonLock = await unlock(directory);