Is it possible to run this for all yarn.lock files?

[GocoolGK]

Currently from the existing CLI commands we are able to provide the exact yarn.lock file path alone. So, we have to configure/run recursively with exact yarn.lock file path locations(subdirectorys yarn.lock files).

Please let me know if we have an option for this(to check all subdirectory's yarn.lock files)? like */yarn.lock

[lirantal]

Hi @GocoolGK

I assume the need here is because you are managing a monorepo or something like it with many projects that include a yarn.lock file colocated in the same repository?

This brings up a few questions in terms of way of how to support it:

• Would you want to match both npm's and yarn's lockfiles in an automated way? as in, just locate any files under a given glob pattern that matches one of those file names?
• What is the behavior if some out of all the files scanned have an issue, does the command fail?
• How do you expect to get the report back? just continuous output one after another?

If you could share a bit more into the expected behavior then we can try and ideate a path for this new feature.

[GocoolGK]

@lirantal Thanks for the Quick reply.

I assume the need here is because you are managing a monorepo or something like it with many projects that include a yarn.lock file colocated in the same repository?

Yes, we have many yarn.lock files colocated in the same repository.

Would you want to match both npm's and yarn's lockfiles in an automated way? as in, just locate any files under a given glob pattern that matches one of those file names?

As of now, my requirement was to automate yarn's lock files alone. Just want to match the specific file(yarn.lock) under all the subdirectories from the current directory.

What is the behavior if some out of all the files scanned have an issue, does the command fail?

The current error-showing behavior is good enough. And if the file name printed along with error will be helpful since we are scanning multiple lock files.

How do you expect to get the report back? just continuous output one after another?

The existing error-showing methodology is fine enough. (currently, we are output one after another)

[lirantal]

Thanks!

[lirantal]

Yes you can now do this. See the README updates:

--path flag: path to the lockfile but you can also provide a glob matching pattern, for example: /path/to/dir/**/package-lock.json to match multiple lockfiles

For example:

npx lockfile-lint --path "/Users/lirantal/projects/repos/lockfile-lint/**/package-lock.json" --validate-https --validate-integrity --validate-package-names --allowed-hosts npm

Don't forget to update to the latest lockfile-lint version to use this ;-)