npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

node-lockfile-doctor-kit

v0.1.0

Published

Inspect Node package-manager lockfile consistency with structured diagnostics.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

recoveredrecovered

Keywords

nodelockfiledoctornpmpnpmyarnbundiagnosticspackage-managertypescriptbrowserdeveloper-tools

Readme

node-lockfile-doctor-kit

License: MPL-2.0 CI

Inspect Node package-manager lockfile consistency with structured diagnostics.

node-lockfile-doctor-kit is a clean-room TypeScript package for checking a project snapshot before a CI install surprises you. The core accepts file contents in memory, has no runtime dependencies, and stays browser-friendly. A small optional CLI reads files from disk when used in Node.

Demo

Try the browser preview: packages.wasta-wocket.fr/node-lockfile-doctor-kit.

Package quality

  • TypeScript types are generated from the source.
  • ESM-only package with no runtime dependencies.
  • Marked as side-effect free for bundlers.
  • CI runs npm ci, typecheck, build, and test.
  • Tested on Node.js 20 and 22 with GitHub Actions.
  • Browser-friendly core with no Node-only APIs; only the optional CLI reads files from disk.

Install

npm install node-lockfile-doctor-kit

Quick Start

import { inspectNodeLockfiles } from "node-lockfile-doctor-kit";

const result = inspectNodeLockfiles({
  "package.json": JSON.stringify({
    packageManager: "[email protected]",
    dependencies: { zod: "^3.0.0" },
    workspaces: ["packages/*"]
  }),
  "pnpm-lock.yaml": "lockfileVersion: '9.0'\n\nimporters:\n  .:\n    dependencies:\n      zod: {}\n"
});

console.log(result.ok);
console.log(result.diagnostics);

CLI

npx node-lockfile-doctor .
npx node-lockfile-doctor . --json

The CLI reads package.json, package-lock.json, npm-shrinkwrap.json, pnpm-lock.yaml, yarn.lock, bun.lock and bun.lockb from one directory. The reusable core does not read the filesystem.

Why This Package

Lockfile failures are often caused by boring drift: packageManager says one thing, the repo contains another lockfile, workspaces are present without the expected root lockfile, a merge conflict marker slipped through, or a dependency was added to package.json without a matching lockfile update.

This package does not try to be a dependency graph solver. It gives a small, inspectable consistency report that can run in tests, CI comments, browser workbenches or local CLIs.

API

inspectNodeLockfiles(files, options?)

Returns:

type NodeLockfileDoctorResult = {
  ok: boolean;
  manager: "npm" | "pnpm" | "yarn" | "bun" | "unknown";
  packageJson?: PackageSummary;
  lockfiles: LockfileSummary[];
  diagnostics: NodeLockfileDoctorDiagnostic[];
};

formatNodeLockfileDoctorReport(result)

Formats a stable text report for CLIs, logs or pull request comments.

createNodeLockfileDoctor(defaultOptions?)

Creates a reusable inspector with default options.

Options

| Option | Default | Description | | --- | --- | --- | | expectedManager | from packageManager or lockfiles | Force the expected package manager. | | packageJsonPath | package.json | Read package metadata from a different key in the file map. | | workspaceGlobs | from workspaces | Override workspace globs for generated snapshots. |

Diagnostics

Stable diagnostic codes:

  • invalid-files
  • invalid-options
  • missing-package-json
  • invalid-package-json
  • missing-lockfile
  • multiple-lockfiles
  • manager-mismatch
  • missing-package-manager
  • unknown-package-manager
  • missing-dependency-in-lockfile
  • workspace-missing-lockfile
  • merge-conflict-marker
  • unsupported-binary-lockfile

Limits

  • It only inspects the top-level files supplied to the core.
  • It does not parse full npm, pnpm, Yarn or Bun dependency graphs.
  • bun.lockb is detected as binary but not decoded.
  • Dependency presence checks are deliberately shallow string checks, useful for drift hints but not a proof of graph correctness.

License

MPL-2.0