Helpers for treating npm lock files, like removing/replacing the registry from there...
Install from npmjs.org:
npm install -g @kie/lock-treatment-tool
or run using npx
or exec
npm exec @kie/lock-treatment-tool
npx @kie/lock-treatment-tool
Note: In case you are behind a proxy or you need to use an internal registry please check The
--registry
problem
locktt
- Runs the lock treatment tool
What locktt will do:
- looks for package-lock.json, npm-shrinkwrap.json, yarn.lock and pnpm-lock.yaml files
- removes the
resolved
andintegrity
fields from the package-lock.json and/or npm-shrinkwrap.json files in case it finds them - replaces the
resolved
field from yarn.lock file adding the--registry
value instead of the host and remove theintegrity
field - replaces all hosts (in resolution field, in dependency references etc) with value specified in
--registry
and removes all theintegrity
fields from pnpm-lock.yaml file - overwrites/saves the file
Usage: locktt [options]
Options:
--registry
sets the registry to replace the host from lock files'resolved
field-p, --replacePackageLockRegistry
replaces the package-lock.json the registry instead of removing it-s, --skipIntegrity
skips integrity removal--folder
sets the project folder to be treated--outputFolder
sets the output folder to save the lock files, otherwise will use the project folder and the files will be overwritten
Examples:
locktt --registry=https://npmregistry.redhat.com
sets the registry just for the yarn.lock filelocktt --registry=https://npmregistry.redhat.com -p
sets the registry for every lock filelocktt -s
skips the integrity field removal
locktt will abort if:
- the package-json.lock or npm-shrinkwrap.json file formats are not correct
locktt will NOT abort if:
- the package-json.lock, npm-shrinkwrap.json or yarn.lock does not exist
Typical usage, if you want to remove the fields:
locktt
One of the problems locktt
tries to solve is to be able to install npm packages behind a proxy by using your own registry, and let's suppose the first thing you do is to execute locktt by executing npx
or npm exec
like:
npm exec @kie/lock-treatment-tool
It will fail (in case you haven't define @kie
for using your registry on .npmrc file) since @kie/lock-treatment-tool
library is not installed (let's suppose that) and you are behind a proxy, so you decide to specify a --registry=THE_URL_TO_YOUR_REGISTRY
expecting to install the library using your registry. Fine!! It now works!! but... due to the -- npm problem
you are not able to specify --registry
either for npm
and locktt
execution.
We are glad to tell you this problem disappears since locktt version >0.0.1, we decided to parse process.env.npm_config_argv
arguments in case registry is not specified for locktt (npm exec @kie/lock-treatment-tool -- --registry=THE_URL_TO_YOUR_REGISTRY
) but for npm (npm exec @kie/lock-treatment-tool --registry=THE_URL_TO_YOUR_REGISTRY
).
Note: In case you are behind a proxy or you need to use an internal registry just add
@kie:registry=YOUR_NPM_REGISTRY_URL
(replaceYOUR_NPM_REGISTRY_URL
by yours) or even@kie:registry=${NPM_REGISTRY_URL}
(beingNPM_REGISTRY_URL
the environment variable pointing to your npm registry, you can use any other variable name)
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<executions>
<execution>
<id>install node and npm</id>
<phase>initialize</phase>
<goals>
<goal>install-node-and-npm</goal>
</goals>
<configuration>
<nodeVersion>${node.version}</nodeVersion>
<npmVersion>${npm.version}</npmVersion>
</configuration>
</execution>
<execution>
<id>lock-treatment-tool execution</id>
<phase>initialize</phase>
<goals>
<goal>npx</goal>
</goals>
<configuration>
<arguments>@kie/lock-treatment-tool</arguments>
</configuration>
</execution>
</executions>
</plugin>
Note: In case you are behind a proxy or you need to use an internal registry please check The
--registry
problem
- NodeJS >= 12
Looks at all the .js files in the current git repo and adds/updates a standard copyright notice to the top. The exact wording of the copyright statement is based on the license declared in package.json, your git author details, and the first and last commits made to a file (years only).