Created
September 17, 2025 07:57
-
-
Save joshghent/b8770418f1aa49da32c5b537ffc4e9c4 to your computer and use it in GitHub Desktop.
Detect pinned dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./enforce_pinned_dependencies.sh [path_to_package.json] | |
| # or ./enforce_pinned_dependencies.sh (will find the package.json in the cwd) | |
| PACKAGE_JSON="${1:-./package.json}" | |
| if [ ! -f "$PACKAGE_JSON" ]; then | |
| echo "❌ Error: package.json not found at '$PACKAGE_JSON'" | |
| exit 1 | |
| fi | |
| echo "🔍 Checking for unpinned dependencies in $PACKAGE_JSON..." | |
| # Extract dependencies and devDependencies | |
| UNPINNED=$(jq -r ' | |
| .dependencies + .devDependencies | |
| | to_entries[] | |
| | select(.value | test("^[~^]")) | |
| | "\(.key): \(.value)" | |
| ' "$PACKAGE_JSON") | |
| if [ -z "$UNPINNED" ]; then | |
| echo "✅ All dependencies are pinned." | |
| else | |
| echo "⚠️ Unpinned dependencies detected:" | |
| echo "$UNPINNED" | |
| echo "" | |
| echo "💡 Consider replacing ~ or ^ with exact versions or <= if acceptable." | |
| exit 2 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment