tessl/npm-pnpm--lockfile-pruner
Prune a pnpm-lock.yaml by removing unused package entries and optimizing lockfile structure.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Pending
The risk profile of this skill
PNPM Lockfile Pruner
PNPM Lockfile Pruner provides utilities for removing unused package entries and optimizing pnpm-lock.yaml files. It maintains lockfile integrity while removing dependencies that are no longer referenced, supporting both individual projects and workspace/monorepo environments.
Package Information
- Package Name: @pnpm/lockfile.pruner
- Package Type: npm
- Language: TypeScript
- Installation:
pnpm add @pnpm/lockfile.pruner
Core Imports
import { pruneSharedLockfile, pruneLockfile } from "@pnpm/lockfile.pruner";For CommonJS:
const { pruneSharedLockfile, pruneLockfile } = require("@pnpm/lockfile.pruner");Import types (also re-exported from this package):
import {
LockfileObject,
PackageSnapshots,
ProjectSnapshot,
ResolvedDependencies
} from "@pnpm/lockfile.pruner";Basic Usage
import { pruneLockfile, pruneSharedLockfile } from "@pnpm/lockfile.pruner";
import { ProjectId } from "@pnpm/types";
// Prune a single project's lockfile
const prunedLockfile = pruneLockfile(
originalLockfile,
packageManifest,
"." as ProjectId,
{
warn: (msg: string) => console.warn(msg)
}
);
// Prune a shared lockfile (workspace/monorepo)
const prunedSharedLockfile = pruneSharedLockfile(originalLockfile, {
warn: (msg: string) => console.warn(msg)
});Capabilities
Single Project Lockfile Pruning
Prunes a lockfile based on specific package manifest requirements, handling development, production, and optional dependencies appropriately.
/**
* Prune lockfile based on specific package manifest and project requirements
* @param lockfile - The lockfile object to prune
* @param pkg - Package manifest (package.json content) to base pruning on
* @param importerId - Project identifier within the lockfile
* @param opts - Pruning options including warning callback and dependencies graph
* @returns Pruned lockfile object tailored to the specific package requirements
*/
function pruneLockfile(
lockfile: LockfileObject,
pkg: PackageManifest,
importerId: ProjectId,
opts: {
warn?: (msg: string) => void;
dependenciesGraph?: DependenciesGraph;
}
): LockfileObject;Usage Examples:
import { pruneLockfile } from "@pnpm/lockfile.pruner";
import { ProjectId } from "@pnpm/types";
// Basic pruning for a single project
const result = pruneLockfile(
lockfile,
{
name: "my-app",
version: "1.0.0",
dependencies: {
"lodash": "^4.17.21",
"express": "^4.18.0"
},
devDependencies: {
"typescript": "^4.8.0"
}
},
"." as ProjectId,
{
warn: (msg) => console.warn(`Warning: ${msg}`)
}
);
// Pruning with dependencies graph for advanced scenarios
const advancedResult = pruneLockfile(
lockfile,
packageManifest,
"packages/frontend" as ProjectId,
{
warn: (msg) => logger.warn(msg),
dependenciesGraph: {
"package@1.0.0": { optional: false },
"optional-package@2.0.0": { optional: true }
}
}
);Shared Lockfile Pruning
Removes unused packages from shared/workspace lockfiles by analyzing all importers and keeping only referenced packages.
/**
* Remove unused packages from shared/workspace lockfiles
* @param lockfile - The lockfile object to prune
* @param opts - Optional pruning options
* @returns Pruned lockfile object with unused packages removed
*/
function pruneSharedLockfile(
lockfile: LockfileObject,
opts?: {
dependenciesGraph?: DependenciesGraph;
warn?: (msg: string) => void;
}
): LockfileObject;Usage Examples:
import { pruneSharedLockfile } from "@pnpm/lockfile.pruner";
// Basic shared lockfile pruning
const pruned = pruneSharedLockfile(workspaceLockfile);
// With warning callback
const prunedWithWarnings = pruneSharedLockfile(workspaceLockfile, {
warn: (msg) => console.warn(`Lockfile pruning: ${msg}`)
});
// With dependencies graph for advanced dependency tracking
const advancedPruned = pruneSharedLockfile(workspaceLockfile, {
dependenciesGraph: dependencyGraph,
warn: (msg) => logger.warn(msg)
});Types
Core Types
/**
* Main lockfile structure containing all project dependencies and metadata
*/
interface LockfileObject {
/** Version of the lockfile format */
lockfileVersion: string | number;
/** Individual project/package dependency snapshots */
importers: Record<ProjectId, ProjectSnapshot>;
/** Package resolution snapshots with dependency information */
packages?: PackageSnapshots;
/** Checksum for pnpmfile.js if present */
pnpmfileChecksum?: string;
/** List of ignored optional dependencies */
ignoredOptionalDependencies?: string[];
}
/**
* Individual project snapshot within a lockfile
*/
interface ProjectSnapshot {
/** Version specifiers from package.json */
specifiers: ResolvedDependencies;
/** Production dependencies */
dependencies?: ResolvedDependencies;
/** Optional dependencies */
optionalDependencies?: ResolvedDependencies;
/** Development dependencies */
devDependencies?: ResolvedDependencies;
}
/**
* Mapping of package names to their resolved versions/references
*/
interface ResolvedDependencies {
[depName: string]: string;
}
/**
* Collection of package snapshots indexed by dependency path
*/
interface PackageSnapshots {
[depPath: DepPath]: PackageSnapshot;
}
/**
* Individual package snapshot with resolution and dependency information
*/
interface PackageSnapshot {
/** Package resolution information */
resolution: Resolution;
/** Runtime dependencies */
dependencies?: ResolvedDependencies;
/** Optional dependencies */
optionalDependencies?: ResolvedDependencies;
/** Development dependencies */
devDependencies?: ResolvedDependencies;
/** Whether this package is optional */
optional?: boolean;
}
/**
* Package manifest structure (package.json content)
*/
interface PackageManifest {
name?: string;
version?: string;
dependencies?: Record<string, string>;
devDependencies?: Record<string, string>;
optionalDependencies?: Record<string, string>;
[key: string]: any;
}
/**
* Dependencies graph for advanced pruning scenarios
* Maps dependency paths to their optional status
*/
type DependenciesGraph = Record<DepPath, { optional?: boolean }>;Utility Types
/**
* Dependency path identifier (from @pnpm/types)
*/
type DepPath = string & { readonly brand: unique symbol };
/**
* Project identifier within a workspace (from @pnpm/types)
*/
type ProjectId = string & { readonly brand: unique symbol };
/**
* Package resolution information
*/
interface Resolution {
/** Package integrity hash */
integrity?: string;
/** Package tarball URL */
tarball?: string;
/** Git repository information */
repo?: string;
/** Git commit hash */
commit?: string;
[key: string]: any;
}Key Features
Dependency Management
- Optional Dependencies: Properly handles optional dependencies with correct flagging
- Linked Dependencies: Preserves local and linked packages (link: protocol)
- Workspace Support: Full support for monorepo/workspace environments
- Multi-Project: Handles multiple projects within a single lockfile
Pruning Logic
- Unused Package Removal: Removes packages not referenced by any project
- Dependency Chain Analysis: Recursively analyzes dependency trees
- Optional Flag Management: Correctly manages optional flags based on usage context
- Specifier Preservation: Maintains version specifiers from package.json
Error Handling
- Warning Callbacks: Provides warning notifications for missing resolutions
- Missing Package Handling: Gracefully handles missing package entries
- Validation: Ensures lockfile integrity during pruning operations
Common Use Cases
CI/CD Pipeline Optimization
// Optimize lockfile before deployment
const optimizedLockfile = pruneSharedLockfile(lockfile, {
warn: (msg) => console.log(`[CI] ${msg}`)
});Development Environment Cleanup
// Remove unused dev dependencies from production lockfile
const productionLockfile = pruneLockfile(
lockfile,
{ ...pkg, devDependencies: {} }, // Remove dev deps
"." as ProjectId,
{ warn: console.warn }
);Workspace Maintenance
// Clean up workspace lockfile
const cleanWorkspace = pruneSharedLockfile(workspaceLockfile, {
warn: (msg) => logger.info(`Workspace cleanup: ${msg}`)
});- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Publish Source
- CLI
- Badge
