Lockfile Sanity Checker
Prevent "works on my machine" issues by ensuring your `package.json` and lockfile are perfectly in sync.
How to Use
Upload Files: Provide your `package.json` and your lockfile (`package-lock.json` or `yarn.lock`).
Check Sanity: Click the button to start the analysis. The tool will compare the two files.
Review Report: Any inconsistencies found will be listed in the report area below.
Sanity Report
Upload both files and click "Check" to generate a report.
Why Your Lockfile Needs a Sanity Check
A lockfile is the source of truth for your project's dependencies, ensuring deterministic builds. However, it can sometimes "drift" or become out of sync with your `package.json` manifest. This can happen due to manual edits, incorrect merges, or using different package manager versions. A sanity check ensures that what you've declared in `package.json` is accurately reflected in the lockfile, preventing a wide range of dependency-related bugs.
Frequently Asked Questions
What is a lockfile?
A lockfile (like `package-lock.json` for npm or `yarn.lock` for Yarn) records the exact versions of all your project's dependencies. This ensures that every developer on your team, and your production environment, uses the exact same versions, preventing the 'works on my machine' problem.
What kind of issues can this tool find?
This tool checks for common inconsistencies, such as: 1) **Missing Packages:** A package is in your `package.json` but not in the lockfile. 2) **Extra Packages:** A package is in your lockfile but no longer in `package.json`. 3) **Version Mismatches:** The version of a package in your lockfile doesn't satisfy the version range specified in your `package.json`.
Why is lockfile drift a problem?
Lockfile drift, where the lockfile and `package.json` are out of sync, can lead to unpredictable builds. You might be testing with one version of a dependency locally, while your CI/CD pipeline installs a different one, potentially leading to bugs or build failures.
How do I fix issues found by the checker?
Usually, the fix is to run your package manager's install command again (e.g., `npm install` or `yarn install`). This will regenerate the lockfile based on your `package.json`, resolving most inconsistencies.
Is it safe to upload my dependency files?
Yes. This tool is client-side only. Your `package.json` and lockfile are processed directly in your browser and are never uploaded to a server, ensuring your project's information remains secure.