npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

parse-lock-files

v0.1.0

Published

Parse lockfiles from npm, yarn, and pnpm

Downloads

57

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

matteo.collinamatteo.collina

Keywords

lockfileparsernpmyarnpnpmpackage-lockyarn-lockpnpm-lock

Readme

parse-lock-files

A comprehensive Node.js library for parsing lockfiles from npm, Yarn (v1, v2, v3, v4), and pnpm (v7, v8, v9, v10).

Features

  • Multi-format support: Parse lockfiles from all major package managers
  • Version compatibility: Supports multiple versions of each package manager
  • Type detection: Automatically detect lockfile type
  • ESM-first: Written as ECMAScript modules
  • Zero dependencies (except yaml for YAML parsing)
  • TypeScript-ready: Structured output format for easy integration

Supported Formats

| Package Manager | Versions | Lockfile Name | |----------------|----------|---------------| | npm | v7+ | package-lock.json | | Yarn Classic | v1.x | yarn.lock | | Yarn Berry | v2.x, v3.x, v4.x | yarn.lock | | pnpm | v7.x, v8.x, v9.x, v10.x | pnpm-lock.yaml |

Installation

npm install parse-lock-files

Usage

Find Lockfile in Directory

Find the lockfile in a directory without parsing it:

import { findLockfile } from 'parse-lock-files';

const lockfilePath = await findLockfile('./my-project');
// Returns: '/absolute/path/to/package-lock.json' (or yarn.lock, or pnpm-lock.yaml)

The function searches for lockfiles in this order:

  1. package-lock.json
  2. yarn.lock
  3. pnpm-lock.yaml

Find and Parse Lockfile in Directory

Find and parse the lockfile in one step:

import { findAndParseLockfile } from 'parse-lock-files';

const result = await findAndParseLockfile('./my-project');

console.log(result.type); // 'npm', 'yarn', or 'pnpm'
console.log(result.packages); // Parsed package information

Parse Lockfile Content

If you already have the lockfile content, you can parse it directly:

import { parseLockfile } from 'parse-lock-files';
import { readFileSync } from 'fs';

const content = readFileSync('package-lock.json', 'utf-8');
const result = parseLockfile(content);

console.log(result.type); // 'npm', 'yarn', or 'pnpm'
console.log(result.packages); // Parsed package information

Detect Lockfile Type

import { detectLockfileType } from 'parse-lock-files';

const type = detectLockfileType(content);
// Returns: 'npm', 'yarn-v1', 'yarn-berry', 'pnpm', or null

Use Specific Parsers

import {
  parseNpmLockfile,
  parseYarnV1Lockfile,
  parseYarnBerryLockfile,
  parsePnpmLockfile
} from 'parse-lock-files';

// Parse npm lockfile
const npmResult = parseNpmLockfile(npmContent);

// Parse Yarn v1 lockfile
const yarnV1Result = parseYarnV1Lockfile(yarnV1Content);

// Parse Yarn Berry (v2+) lockfile
const yarnBerryResult = parseYarnBerryLockfile(yarnBerryContent);

// Parse pnpm lockfile
const pnpmResult = parsePnpmLockfile(pnpmContent);

API

findLockfile(directory: string): Promise<string>

Finds a lockfile in the given directory and returns its path. Searches for package-lock.json, yarn.lock, and pnpm-lock.yaml in that order.

Parameters:

  • directory: Path to the directory containing a lockfile

Returns: Promise resolving to the absolute path of the found lockfile

Throws: Error if no lockfile is found in the directory

Example:

const lockfilePath = await findLockfile('./my-project');
// '/absolute/path/to/my-project/package-lock.json'

findAndParseLockfile(directory: string): Promise<object>

Finds a lockfile in the given directory, automatically detects its type, and parses it. Internally uses findLockfile() to locate the file.

Parameters:

  • directory: Path to the directory containing a lockfile

Returns: Promise resolving to:

  • type: 'npm', 'yarn', or 'pnpm'
  • packages: Object containing parsed package information
  • Additional fields specific to each lockfile format

Throws: Error if no lockfile is found in the directory

parseLockfile(content: string): object

Automatically detects the lockfile type from content and parses it.

Parameters:

  • content: The lockfile content as a string

Returns:

  • type: 'npm', 'yarn', or 'pnpm'
  • packages: Object containing parsed package information
  • Additional fields specific to each lockfile format

detectLockfileType(content: string): string | null

Detects the type of lockfile from its content.

Parameters:

  • content: The lockfile content as a string

Returns: 'npm', 'yarn-v1', 'yarn-berry', 'pnpm', or null

Normalized Package Structure

All parsers return packages in a normalized structure with the following core fields:

{
  version: string,              // Resolved version number
  resolved: string,             // Download URL or resolution string
  integrity: string,            // Integrity/checksum hash
  dependencies: object,         // Runtime dependencies
  devDependencies: object,      // Development dependencies
  optionalDependencies: object, // Optional dependencies
  peerDependencies: object,     // Peer dependencies
  engines: object,              // Engine requirements
  // ... plus format-specific fields
}

Each lockfile format may include additional format-specific fields:

  • npm: license, bin, funding, cpu, os
  • Yarn Berry: languageName, linkType, bin, conditions
  • pnpm: dev, optional, hasBin, cpu, os

Parser-Specific Functions

parseNpmLockfile(content: string)

Parses npm package-lock.json (lockfileVersion 3+).

Package Keys: "node_modules/package-name"

Returns:

{
  type: 'npm',
  lockfileVersion: number,
  name: string,
  version: string,
  packages: { [key: string]: NormalizedPackage },
  dependencies: object,
  requires: object
}

parseYarnV1Lockfile(content: string)

Parses Yarn v1 yarn.lock files.

Package Keys: "package@version-range" (e.g., "lodash@^4.0.0")

Returns:

{
  type: 'yarn',
  version: 1,
  packages: { [key: string]: NormalizedPackage }
}

parseYarnBerryLockfile(content: string)

Parses Yarn Berry (v2, v3, v4) yarn.lock files.

Package Keys: "package@npm:version-range" (e.g., "lodash@npm:^4.0.0")

Returns:

{
  type: 'yarn',
  version: number, // 2, 3, or 4
  metadata: {
    version: number,
    cacheKey: string
  },
  packages: { [key: string]: NormalizedPackage }
}

parsePnpmLockfile(content: string)

Parses pnpm pnpm-lock.yaml files (v7, v8, v9, v10).

Package Keys: "package@version" (e.g., "[email protected]")

Returns:

{
  type: 'pnpm',
  lockfileVersion: string,
  settings: object,
  importers: object, // v9+
  dependencies: object,
  devDependencies: object,
  specifiers: object, // v7
  packages: { [key: string]: NormalizedPackage },
  snapshots: object // v9+ dependency trees
}

Development

Running Tests

npm test

Running Tests in Watch Mode

npm run test:watch

Project Structure

.
├── src/
│   ├── index.js         # Main entry point with unified API
│   ├── npm.js           # npm lockfile parser
│   ├── yarn-v1.js       # Yarn v1 parser
│   ├── yarn-berry.js    # Yarn Berry (v2+) parser
│   └── pnpm.js          # pnpm parser
├── test/
│   ├── index.test.js
│   ├── npm.test.js
│   ├── yarn-v1.test.js
│   ├── yarn-berry.test.js
│   └── pnpm.test.js
└── fixtures/            # Test fixtures with real lockfiles
    ├── npm/
    ├── yarn-v1/
    ├── yarn-v2/
    ├── yarn-v3/
    ├── yarn-v4/
    ├── pnpm-v7/
    ├── pnpm-v8/
    ├── pnpm-v9/
    └── pnpm/

License

Apache-2.0

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.