GitHub Action
package-json-validator
A Github Action for validating package.json conventions.
Use the rules
input to specify one or more rules you would like to check for your package.json
.
The "ranges" rule validates that all package.json dependencies are exact versions, or use only the allowed version ranges specified. Click here for details about version ranges.
The following usage would allow "my-package": "1.2.3"
but prevent "my-package": "^1.2.3"
.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
You can also specify allowed-ranges
. The following would allow "my-package": "^1.2.3"
but prevent "my-package": "~1.2.3"
.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
allowed-ranges: ^
The "tags" rule validates that all package.json dependencies contain no tagged versions, or use only the allowed tags specified. Click here for details about tags.
The following usage would allow "my-package": "1.2.3"
but prevent "my-package": "1.2.3-alpha.456.0"
.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: tags
The following usage would allow "my-package": "1.2.3-canary.456.0"
but prevent "my-package": "1.2.3-alpha.456.0"
.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: tags
allowed-tags: canary
The "resolutions" rule validates that your package.json does not contain the resolutions
option.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: resolutions
Specify ignore-resolutions
to skip resolution validation entirely for certain packages. Optionally provide a newline separated list of package names here
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: resolutions
ignore-resolutions: resolution-package-to-ignore
Specify ignore-resolutions-until
to skip resolution validation entirely for certain amount of time. You can use any format supported by Date constructor MDN
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: resolutions
ignore-resolutions-until: 2000-01-01
The "keys" rule validates that your package.json does not contain duplicate dependency keys.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: keys
Example invalid package.json this will prevent:
{
"dependencies": {
"some-dependency": "1.0.0",
"some-dependency": "2.0.0"
}
}
Specify package-json-location
to specify another location for the package.json to validate. Defaults to ./package.json
.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
package-json-location: ./project/package.json
Specify dependency-types
to denote which type of package.json dependencies you wish to validate. Valid options include dependencies
, devDependencies
, peerDependencies
, and optionalDependencies
. Defaults to dependencies
.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
dependency-types: devDependencies
Specify ignore-packages
to skip validation entirely for certain packages. Optionally provide a newline separated list of package names here.
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: ranges
ignore-packages: package-to-ignore
You may also enforce multiple rules (and pass additional inputs) like this:
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: ExpediaGroup/package-json-validator@v1
with:
rules: |
ranges
tags
allowed-ranges: |
^
*
allowed-tags: |
alpha
canary
dependency-types: |
dependencies
devDependencies
ignore-packages: |
package-to-ignore
another-package-to-ignore
This project is part of Expedia Group Open Source but also maintained by Dan Adajian
- Expedia Group OSS
The scripts and documentation in this project are released under the Apache 2 License.
- Follow semantic-release commit formatting. See CONTRIBUTING.md for details.