tessl/npm-pnpm--lockfile-detect-dep-types

TypeScript library that analyzes pnpm lockfiles to classify dependencies into different types (development-only, production-only, or both)

—

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview

Eval results

Files

@pnpm/lockfile.detect-dep-types

Name: tessl/npm-pnpm--lockfile-detect-dep-types
Author: tessl

A TypeScript library that analyzes pnpm lockfiles to classify dependencies into different types: development-only, production-only, or both development and production dependencies. This utility is specifically designed for pnpm's lockfile format and is used internally by pnpm tooling to optimize dependency installation and bundling processes.

Package Information

Package Name: @pnpm/lockfile.detect-dep-types
Package Type: npm
Language: TypeScript
Installation: pnpm add @pnpm/lockfile.detect-dep-types

Core Imports

import { detectDepTypes, DepType, type DepTypes } from "@pnpm/lockfile.detect-dep-types";

CommonJS:

const { detectDepTypes, DepType } = require("@pnpm/lockfile.detect-dep-types");

Basic Usage

import { detectDepTypes, DepType, type DepTypes } from "@pnpm/lockfile.detect-dep-types";
import { type LockfileObject } from "@pnpm/lockfile.types";

// Analyze a pnpm lockfile to classify dependencies
const lockfile: LockfileObject = {
  lockfileVersion: "9.0",
  importers: {
    ".": {
      specifiers: {
        "lodash": "^4.17.21",
        "typescript": "^5.0.0"
      },
      dependencies: {
        "lodash": "4.17.21"
      },
      devDependencies: {
        "typescript": "5.0.2"
      }
    }
  },
  packages: {
    "lodash@4.17.21": {
      resolution: { integrity: "sha512-..." }
    },
    "typescript@5.0.2": {
      resolution: { integrity: "sha512-..." }
    }
  }
};

// Detect dependency types
const depTypes: DepTypes = detectDepTypes(lockfile);

// Check individual dependency classifications
if (depTypes["lodash@4.17.21"] === DepType.ProdOnly) {
  console.log("lodash is production-only");
}

if (depTypes["typescript@5.0.2"] === DepType.DevOnly) {
  console.log("typescript is development-only");
}

Capabilities

Dependency Type Detection

Analyzes pnpm lockfiles to classify each dependency as development-only, production-only, or used in both environments.

function detectDepTypes(lockfile: LockfileObject): DepTypes;

Parameters:

lockfile: LockfileObject - The pnpm lockfile data structure to analyze

Returns:

DepTypes - A record mapping dependency paths to their classifications

Usage Example:

import { detectDepTypes } from "@pnpm/lockfile.detect-dep-types";

const depTypes = detectDepTypes(lockfile);
// Returns object like: { "package@1.0.0": DepType.ProdOnly, "devtool@2.0.0": DepType.DevOnly }

Dependency Type Classification

Enumeration defining the three possible dependency classifications.

enum DepType {
  DevOnly,
  DevAndProd,
  ProdOnly
}

Values:

DepType.DevOnly - Dependencies only used in development environments
DepType.DevAndProd - Dependencies used in both development and production environments
DepType.ProdOnly - Dependencies only used in production environments

Usage Example:

import { DepType } from "@pnpm/lockfile.detect-dep-types";

// Check if a dependency is production-only
if (depTypes["some-package@1.0.0"] === DepType.ProdOnly) {
  console.log("This package is needed in production");
}

Types

/**
 * Record mapping dependency paths to their type classifications
 */
type DepTypes = Record<string, DepType>;

/**
 * Dependency path string (from @pnpm/types)
 */
type DepPath = string & { __brand: 'DepPath' };

/**
 * Pnpm lockfile object structure (from @pnpm/lockfile.types)
 */
interface LockfileObject {
  lockfileVersion: string;
  importers: Record<string, ProjectSnapshot>;
  packages?: PackageSnapshots;
  // ... other lockfile properties
}

/**
 * Project snapshot containing dependency information
 */
interface ProjectSnapshot {
  specifiers: ResolvedDependencies;
  dependencies?: ResolvedDependencies;
  optionalDependencies?: ResolvedDependencies;
  devDependencies?: ResolvedDependencies;
}

/**
 * Resolved dependency mappings
 */
type ResolvedDependencies = Record<string, string>;

/**
 * Collection of package snapshots
 */
interface PackageSnapshots {
  [packagePath: string]: PackageSnapshot;
}

/**
 * Individual package snapshot with metadata
 */
interface PackageSnapshot {
  resolution: LockfileResolution;
  dependencies?: ResolvedDependencies;
  optionalDependencies?: ResolvedDependencies;
  // ... other package properties
}

Implementation Details

The library uses a graph traversal algorithm to analyze dependency relationships:

Extraction: Separates dependencies from lockfile importers into categories (dev, optional, production)
Graph Walking: Recursively traverses dependency graphs using depth-first search
Classification: Assigns types based on how dependencies are referenced across different sections
Cycle Handling: Tracks visited nodes to prevent infinite loops in circular dependencies

The analysis considers the entire dependency tree, not just direct dependencies, ensuring that transitive dependencies are properly classified based on how they're ultimately used in the project.

Install with Tessl CLI

npx tessl i tessl/npm-pnpm--lockfile-detect-dep-types

Workspace: tessl
Visibility: Public
Created: 6 months ago
Last updated: about 1 month ago
Describes: pkg:npm/@pnpm/lockfile.detect-dep-types@1001.0.x
Publish Source: CLI
Badge