or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

index.md
tile.json

tessl/npm-pnpm--lockfile-detect-dep-types

TypeScript library that analyzes pnpm lockfiles to classify dependencies into different types (development-only, production-only, or both)

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/@pnpm/lockfile.detect-dep-types@1001.0.x

To install, run

npx @tessl/cli install tessl/npm-pnpm--lockfile-detect-dep-types@1001.0.0

index.mddocs/

@pnpm/lockfile.detect-dep-types

A TypeScript library that analyzes pnpm lockfiles to classify dependencies into different types: development-only, production-only, or both development and production dependencies. This utility is specifically designed for pnpm's lockfile format and is used internally by pnpm tooling to optimize dependency installation and bundling processes.

Package Information

  • Package Name: @pnpm/lockfile.detect-dep-types
  • Package Type: npm
  • Language: TypeScript
  • Installation: pnpm add @pnpm/lockfile.detect-dep-types

Core Imports

import { detectDepTypes, DepType, type DepTypes } from "@pnpm/lockfile.detect-dep-types";

CommonJS:

const { detectDepTypes, DepType } = require("@pnpm/lockfile.detect-dep-types");

Basic Usage

import { detectDepTypes, DepType, type DepTypes } from "@pnpm/lockfile.detect-dep-types";
import { type LockfileObject } from "@pnpm/lockfile.types";

// Analyze a pnpm lockfile to classify dependencies
const lockfile: LockfileObject = {
  lockfileVersion: "9.0",
  importers: {
    ".": {
      specifiers: {
        "lodash": "^4.17.21",
        "typescript": "^5.0.0"
      },
      dependencies: {
        "lodash": "4.17.21"
      },
      devDependencies: {
        "typescript": "5.0.2"
      }
    }
  },
  packages: {
    "lodash@4.17.21": {
      resolution: { integrity: "sha512-..." }
    },
    "typescript@5.0.2": {
      resolution: { integrity: "sha512-..." }
    }
  }
};

// Detect dependency types
const depTypes: DepTypes = detectDepTypes(lockfile);

// Check individual dependency classifications
if (depTypes["lodash@4.17.21"] === DepType.ProdOnly) {
  console.log("lodash is production-only");
}

if (depTypes["typescript@5.0.2"] === DepType.DevOnly) {
  console.log("typescript is development-only");
}

Capabilities

Dependency Type Detection

Analyzes pnpm lockfiles to classify each dependency as development-only, production-only, or used in both environments.

function detectDepTypes(lockfile: LockfileObject): DepTypes;

Parameters:

  • lockfile: LockfileObject - The pnpm lockfile data structure to analyze

Returns:

  • DepTypes - A record mapping dependency paths to their classifications

Usage Example:

import { detectDepTypes } from "@pnpm/lockfile.detect-dep-types";

const depTypes = detectDepTypes(lockfile);
// Returns object like: { "package@1.0.0": DepType.ProdOnly, "devtool@2.0.0": DepType.DevOnly }

Dependency Type Classification

Enumeration defining the three possible dependency classifications.

enum DepType {
  DevOnly,
  DevAndProd,
  ProdOnly
}

Values:

  • DepType.DevOnly - Dependencies only used in development environments
  • DepType.DevAndProd - Dependencies used in both development and production environments
  • DepType.ProdOnly - Dependencies only used in production environments

Usage Example:

import { DepType } from "@pnpm/lockfile.detect-dep-types";

// Check if a dependency is production-only
if (depTypes["some-package@1.0.0"] === DepType.ProdOnly) {
  console.log("This package is needed in production");
}

Types

/**
 * Record mapping dependency paths to their type classifications
 */
type DepTypes = Record<string, DepType>;

/**
 * Dependency path string (from @pnpm/types)
 */
type DepPath = string & { __brand: 'DepPath' };

/**
 * Pnpm lockfile object structure (from @pnpm/lockfile.types)
 */
interface LockfileObject {
  lockfileVersion: string;
  importers: Record<string, ProjectSnapshot>;
  packages?: PackageSnapshots;
  // ... other lockfile properties
}

/**
 * Project snapshot containing dependency information
 */
interface ProjectSnapshot {
  specifiers: ResolvedDependencies;
  dependencies?: ResolvedDependencies;
  optionalDependencies?: ResolvedDependencies;
  devDependencies?: ResolvedDependencies;
}

/**
 * Resolved dependency mappings
 */
type ResolvedDependencies = Record<string, string>;

/**
 * Collection of package snapshots
 */
interface PackageSnapshots {
  [packagePath: string]: PackageSnapshot;
}

/**
 * Individual package snapshot with metadata
 */
interface PackageSnapshot {
  resolution: LockfileResolution;
  dependencies?: ResolvedDependencies;
  optionalDependencies?: ResolvedDependencies;
  // ... other package properties
}

Implementation Details

The library uses a graph traversal algorithm to analyze dependency relationships:

  1. Extraction: Separates dependencies from lockfile importers into categories (dev, optional, production)
  2. Graph Walking: Recursively traverses dependency graphs using depth-first search
  3. Classification: Assigns types based on how dependencies are referenced across different sections
  4. Cycle Handling: Tracks visited nodes to prevent infinite loops in circular dependencies

The analysis considers the entire dependency tree, not just direct dependencies, ensuring that transitive dependencies are properly classified based on how they're ultimately used in the project.