feat: detect extranous root level dependencies (!23) · Merge requests · GitLab.org / Frontend / untamper-my-lockfile

Lukas Eipert requested to merge leipert-detect-extra-root-dependencies into main Feb 16, 2022

This detects extranous root level dependencies in yarn.lock. If a yarn.lock file contains extra dependencies that aren't declared, yarn will modify yarn.lock but it will not error, not even with --frozen-lockfile.

We can simply circumvent this problem, if we check that all packages listed in yarn.lock either have dependants or are declared in the accompanying package.json.

Fixes #17

Edited Feb 16, 2022 by Lukas Eipert

feat: detect extranous root level dependencies

Merge request reports