A Github Action for validating package.json conventions.
Use the rules input to specify one or more rules you would like to check for your package.json.
The "ranges" rule validates that all package.json dependencies are exact versions, or use only the allowed version ranges specified. Click here for details about version ranges.
The following usage would allow "my-package": "1.2.3" but prevent "my-package": "^1.2.3".
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: rangesYou can also specify allowed-ranges. The following would allow "my-package": "^1.2.3" but prevent "my-package": "~1.2.3".
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
allowed-ranges: ^The "tags" rule validates that all package.json dependencies contain no tagged versions, or use only the allowed tags specified. Click here for details about tags.
The following usage would allow "my-package": "1.2.3" but prevent "my-package": "1.2.3-alpha.456.0".
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: tagsThe following usage would allow "my-package": "1.2.3-canary.456.0" but prevent "my-package": "1.2.3-alpha.456.0".
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: tags
allowed-tags: canaryThe "resolutions" rule validates that your package.json does not contain the resolutions option.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: resolutionsSpecify ignore-resolutions to skip resolution validation entirely for certain packages. Optionally provide a newline separated list of package names here
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: resolutions
ignore-resolutions: resolution-package-to-ignoreSpecify ignore-resolutions-until to skip resolution validation entirely for certain amount of time. You can use any format supported by Date constructor MDN
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: resolutions
ignore-resolutions-until: 2000-01-01The "keys" rule validates that your package.json does not contain duplicate dependency keys.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: keysExample invalid package.json this will prevent:
{
"dependencies": {
"some-dependency": "1.0.0",
"some-dependency": "2.0.0"
}
}Specify dependency-types to denote which type of package.json dependencies you wish to validate. Valid options include dependencies, devDependencies, peerDependencies, and optionalDependencies. Defaults to dependencies.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
dependency-types: devDependenciesSpecify ignore-packages to skip validation entirely for certain packages. Optionally provide a newline separated list of package names here.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
ignore-packages: package-to-ignoreYou may also enforce multiple rules (and pass additional inputs) like this:
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: |
ranges
tags
allowed-ranges: |
^
*
allowed-tags: |
alpha
canary
dependency-types: |
dependencies
devDependencies
ignore-packages: |
package-to-ignore
another-package-to-ignoreThis project is part of Expedia Group Open Source but also maintained by Dan Adajian
- Expedia Group OSS
The scripts and documentation in this project are released under the Apache 2 License.
- Follow semantic-release commit formatting. See CONTRIBUTING.md for details.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
