Open in app

Sign in

Write

Sign in

what about the packages not a part of npm registry?
33
1

Vidur Khanna

Jhey Tompkins
2 min readNov 3, 2017

--

Hey Vidur Khanna đź‘‹

That’s a great spot! 👍

They can indeed be bypassed. The package value needs to be checked to see if it contains values that would trigger a skip or if the value is valid SemVer. For example, if you had package references pointing to git endpoints, these would be skipped.

git://github.com/someawesomeorg/someawesomerepo.git

Inside the wipeDependencies function we can check the value using includes or match.

Let’s first consider skipping anything that uses a git endpoint using includes;

wipeDependencies = function() {
  var file  = fs.readFileSync('package.json'),
    content = JSON.parse(file);
  for (var devDep in content.devDependencies) {
    if (!content.devDependencies[devDep].includes(git)) {
      content.devDependencies[devDep] = '*';
    }
  }
  for (var dep in content.dependencies) {
    if (!content.dependencies[dep].includes(git)) {
      content.dependencies[dep] = '*';
    }
  }
  fs.writeFileSync('package.json', JSON.stringify(content));
};

That’s not ideal though 👎

It only works for git endpoints. And if we have other patterns we would like to match then we are going to have to add a check for them too.

One thing that is known is that if something is in the npm registry, in most cases its version number will only contain numbers and symbols such as 15.0.0 or 0.11.1 preceded by some symbols. There are cases where the version may also contain prerelease strings such as alpha or beta.

So instead of excluding values that contain values, include ones that match a certain structure. We can create a registered expression and use match against the value to determine whether the value should be updated. This means that the value will only be updated if it matches SemVer. Consider;

wipeDependencies = function() {
  var file  = fs.readFileSync('package.json'),
    content = JSON.parse(file);
  for (var devDep in content.devDependencies) {
    if (content.devDependencies[devDep].match(/\W+\d+.\d+.\d+-?((alpha|beta|rc)?.\d+)?/g)) {
      content.devDependencies[devDep] = '*';
    }
  }
  for (var dep in content.dependencies) {
    if (content.dependencies[dep].match(/\W+\d+.\d+.\d+-?((alpha|beta|rc)?.\d+)?/g)) {
      content.dependencies[dep] = '*';
    }
  }
  fs.writeFileSync('package.json', JSON.stringify(content));
};

And that should only update packages that are using the npm registry 🎉

Hope that helps! đź‘Ť

--

--

Jhey Tompkins
Jhey Tompkins

Written by Jhey Tompkins

1.6K Followers
41 Following

I make awesome things for awesome people!

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams