npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@antongolub/synp

v2.0.20

Published

Convert yarn.lock to package-lock.json and vice versa

Downloads

8

Readme

Build Status Coverage Status JavaScript Style Guide

synp

Convert yarn.lock to package-lock.json and vice versa.

install

npm install -g synp

command line usage

yarn.lock => package-lock.json

yarn # be sure the node_modules folder dir and is updated
synp --source-file /path/to/yarn.lock
# will create /path/to/package-lock.json

package-lock.json => yarn.lock

npm install # be sure the node_modules dir exists and is updated
synp --source-file /path/to/package-lock.json
# will create /path/to/yarn.lock

Note: if all you need is to convert in this direction (package-lock.json => yarn.lock), as of 1.7.0, Yarn is able to import its dependency tree from npm’s package-lock.json natively, without external tools. Use the yarn import command.

programmatic usage

const { npmToYarn, yarnToNpm } = require('synp')

const libPath = '/path/to/my/lib'
const stringifiedYarnLock = npmToYarn(libPath)
const stringifiedPackageLock = yarnToNpm(libPath)

how does it work?

Since package-lock.json and yarn.lock use different methods in order to deterministically lock down dependency versions, oftentimes they do not contain all the information needed to be purely converted.

For this reason, synp uses the existing node_modules directory of the package to determine the package state and assist in the conversion.

For this reason, it is vital to make sure the node_modules directory of the package is current and was installed by the respective tool (eg. by yarn if converting to package-lock.json and by npm if converting to yarn.lock).

caveats

Bundled dependencies: For various reasons, this tool does not 'play well' with bundled dependencies. This should not be a problem because installing the packages later with the converted file will (by definition) update the proper packages in the file. If this is not the case for you, please open an issue/PR with your use case and I'd be happy to take a look.

Package checksums: Both yarn.lock and package-lock.json include package checksums for dependencies. Since npm is slowly moving to sha-512 checksums which yarn does not (yet) support, converting to package-lock.json will result in weaker checksums (that will still work!) and converting to yarn.lock can sometimes result in a corrupted result file. Thankfully, this issue is 100% solvable. In npm one can update the checksums simply by deleting the integrity field of all or relevant packages. In yarn this can be solved with the --update-checksums* flag when installing from the created file.

Format limitations: Some things that can be expressed in one format simply cannot be expressed in the other. These are (to the best of my knowledge) extreme edge cases and should not worry 99% of this tool's intended users. One example is package-lock.json's ability to translate the same semver string to different versions. (eg. one package requesting version ^1.0.1 of a dependency and receiving 1.0.5 and a different package requesting version ^1.0.1 of the same dependency and receiving 1.0.71. When translating to yarn.lock through synp both will receive the same version).

Optional packages: ~~Like npm (https://github.com/npm/npm/issues/17722),~~ synp ~~also~~ has issues with optional dependencies across different platforms. This is because it uses node_modules as its state, and does not guess about packages that are not installed on the converting platform. Sadly, ~~like npm~~ the only way to avoid this issue is to perform the conversion on the platform that meets most optional dependencies and update the rest manually. If this is a major issue for you, adding some sort of automatic tooling for this can be discussed.

* At the time of this writing, the --update-checksums flag in yarn has been merged but not released yet. Please see: https://github.com/yarnpkg/yarn/pull/4860

troubleshooting

  1. checksum mismatch when installing from converted file? In yarn use --update-checksums, in npm delete the integrity field from the offending package (have no fear! This will be updated upon installation).
  2. synp failing or not converting properly - remove the node_modules from the package to be converted, install it again (with yarn if converting to package-lock.json or npm if converting to yarn.lock) and run synp one more time.
  3. something else? - please open an issue/PR.

License

MIT