Lock all versions in a local package.json file


Locks all of your package.json's versions to a single version number, matching the best version currently available on npm that satisfies the current range.

Useful mostly for providing more reliable deploys when running node applications in production.

Given a package.json file passed in as an object literal, query npm for the appropriate versions to use, returning the locked version of the file as an object literal when ready.

var lock = require('lock-versions')
var fs = require('fs')
var pkgFile = __dirname + '/package.json'
var pkg = JSON.parse(
  fs.readFileSync(pkgFile, 'utf8')
lock(pkg, function(errupdated) {
  if (err) throw err
  fs.writeFileSync(pkgFile, JSON.stringify(updated, null, 2))

You can install this as a command-line tool by running:

npm install -g lock-versions

Which you can use like so:

Usage: lock-versions [file(s)...]
Locks all of your package.json's versions to a single version number,
matching the best version currently available on npm that satisfies the
current range.
Useful mostly for providing more reliable deploys when running node
applications in production.
lock-versions package.json
lock-versions node_modules/*/package.json
cat package.json | lock-versions > package.json

MIT. See LICENSE.md for details.