pm-guard
v0.1.0
Published
Detect your project's package manager and guard against lock file conflicts
Maintainers
Readme
pm-guard
Detects which package manager a project uses and prevents lock file conflicts from sneaking in.
The problem
A project uses Bun. A contributor runs npm install. A package-lock.json lands in the PR. Now your repo has two lock files and no clear answer for which package manager to use.
pm-guard catches this - locally and in CI.
Usage
npx pm-guardRuns the guard check. Exits 0 if everything is clean, exits 1 if foreign lock files are found.
Detection
Package manager is detected in order:
packageManagerfield inpackage.json(e.g."packageManager": "[email protected]")- Lock file presence -
bun.lock,pnpm-lock.yaml,yarn.lock,package-lock.json
CI
Add to your pipeline to block PRs that introduce the wrong lock file:
- run: npx pm-guardIf the project's package manager can't be inferred automatically, declare it explicitly:
- run: npx pm-guard --expect bunExits 1 with a clear error message if a foreign lock file is detected.
Clean up
Interactively remove lock files that don't belong:
npx pm-guard cleanIf the package manager is ambiguous, you'll be prompted to choose which one to keep before anything is deleted.
Inspect
Show what's detected without taking any action:
npx pm-guard detectCommands
| Command | Description |
|---|---|
| (none) | Guard check - same as guard |
| guard | CI check, exits 1 on foreign lock files |
| clean | Interactively remove foreign lock files |
| detect | Show detected package manager and lock files |
Options
| Option | Description |
|---|---|
| --expect <pm> | Explicitly set expected package manager (npm, yarn, pnpm, bun) |
| -C, --cwd <path> | Run in a different directory |
Lock files tracked
| Package manager | Lock files |
|---|---|
| npm | package-lock.json, npm-shrinkwrap.json |
| Yarn | yarn.lock |
| pnpm | pnpm-lock.yaml |
| Bun | bun.lock, bun.lockb |
