A tiny, zero-dependency lockfile parser for npm, Yarn, pnpm, and Bun.
npm install lockparseimport { parse } from 'lockparse';
import { readFile } from 'node:fs/promises';
const lockfileContent = await readFile('./package-lock.json', 'utf-8');
const packageJson = JSON.parse(await readFile('./package.json', 'utf-8'));
const lockfile = await parse(lockfileContent, 'npm', packageJson);
console.log(lockfile.root);Parses a lockfile and returns a structured representation of the dependency tree.
input(string): The lockfile content as a stringtypeOrFileName(string): The lockfile type or filename. Supported values:'npm'or'package-lock.json'- npm lockfile'yarn'or'yarn.lock'- Yarn lockfile'pnpm'or'pnpm-lock.yaml'- pnpm lockfile'bun'or'bun.lock'- Bun lockfile
packageJson(PackageJsonLike, optional): The package.json object (optional but recommended for better accuracy)
Promise<ParsedLockFile> - A promise that resolves to an object with:
type(LockFileType): The detected lockfile typepackages(ParsedDependency[]): A flat array of all packages in the lockfileroot(ParsedDependency): The root dependency node representing the project's dependency tree
When parsing Yarn lockfiles, the packageJson parameter is highly recommended. Without it, the root node will not contain any dependencies as the Yarn lock file does not include this information. All packages will however still be contained in the packages array.
MIT