Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

force-resolutions

angelogiuseppe207.9kMIT1.0.11

This package modifies package-lock.json to force the installation of specified versions of transitive dependencies

force-resolutions, transitive, dependencies

readme

force-resolutions-logo

This package modifies package-lock.json to force the installation of specified versions of a set of transitive dependencies (dependencies of dependencies).

Getting started

  1. Add a field resolutions with the dependency version you want to fix at the main level of your package.json.

Example:

"resolutions": {
  "ssri": "8.0.5"
}
  1. Add force-resolutions to the preinstall script so that it patches the package-lock.json file before every npm install:
"scripts": {
  "preinstall": "npx force-resolutions"
}
  1. Install dependencies
npm install

Remember that whenever you run npm install, the preinstall command will run automatically.

If a package.lock.json is not detected the script will not run, and any other command after it will be executed as normal.

  1. To confirm that the right version of the package you are trying to override was installed, use:
npm ls ssri

Running this repository locally

NodeJS and NPM versions NodeJS version:

v16.13.1

NPM version:

8.1.2

Instructions

  1. Install the dependencies of the project:
npm install
  1. Build the project:
npm run build
  1. Go to the dist folder
cd dist

  1. Copy a package.json and a package-lock.json file into the dist folder

  2. Add a resolutions field in the package.json and inside of it a package to override

  3. Run the compiled file

node index.js
  1. Search in the package-lock.json to see that the versions of the packages are updated

Why this project was created

This project was created because npm-force-resolutions became not suitable for the necesities the team I was working in had. We needed to avoid triggering the execution of the script when there was no package-lock.json, descriptive error logs, descriptive logs during the execution, faster download times, compatibility with multiple npm versions and faster execution times.

Discord community

To simplify communication I have created a discord community, if you detect an issue with this package or want to improve it in some way, you can contact me here:

Join discord community

NPM

Find the package on NPM

See other versions of the package on NPM

Acknowledgments

This project was inspired by the next package: npm-force-resolutions.

Special thanks to Denis Gulin for contributing to fix issues that were happening with the package and improving the code.