0.2.7 • Published 6 months ago
unlocked v0.2.7
Unlocked
Parse lockfiles from various package managers into a common format
Differences from other tools
- Monorepo support - CommonLock is build around the idea of
importers
which are the projects in your monorepo. - More Metadata - CommonLock includes additional metadata about the lockfile, such as license information and authors.
- Interoperability - CommonLock can be converted into other formats, such as CycloneDX SBOMs.
- CycloneDX & SPDX are just horrible to work with, CommonLock is a lot simpler and not so enterprisey
My primary use case for this is building legalizer which is a tool for generating legal information about your dependencies.
Supported Lockfiles/Package Managers
pnpm-lock.yaml
package-lock.json
(partial)yarn.lock
v1yarn.lock
v2
Unlocked Ecosystem
- unlocked - Common lockfile format
- unlocked-cyclonedx - Generate CycloneDX SBOMs from the CommonLock format
- unlocked-aboutlibraries - Convert AboutLibraries JSON to CommonLock format (for analyzing Android projects)
Related Packages
- pnpm-lock - Parse pnpm-lock.yaml files
Install
$ npm install unlocked
Usage
import { unlock } from "unlocked";
import type { CommonLock } from "unlocked";
const directory = process.cwd();
const lockfile: CommonLock = await unlock(directory);