I am writing an internal tool which compares the version installed in a project and only allow certain version to be passed. For that I have to check the version which is resolved in the yarn.lock file, as package.json file has a semver range, not specific version and it doesn’t tell you the dependency of the dependency anyway.
I tried using yarn list command, but it prints the semver range too and is very hard to parse (even with --json option).
So yarn.lock seems like the only way. I know that yarn.lock may have separate versions of the same package and in that case I want only the version which is installed in. the node_nodules (must be just one of them). I have no idea how to parse the lockfile though.
Another way I could think of is actually going into node_modules folder and checking the version in the package.json of the package.
None of the above option looks clean to me. Is there any way I can know the resolved version of a specific package (provided I know the name of the package and I know that it’s installed) easily and as cleanly as possible?
Update:
I actually wanted all the versions of the installed package (even if they’re really deep in the dependency tree).
Advertisement
Answer
I found out that yarn whyis the best way to find out the currently installed version of a package (Thanks to one of my colleague who point out to me). This is how my test code looks in the JavaScript.
const { spawnSync } = require('child_process');
const packageName = 'micromatch';
const whyBuffer = spawnSync('yarn', ['why', packageName]);
const grepBuffer = spawnSync('grep', ['Found'], { input: whyBuffer.stdout });
const outputArray = grepBuffer.stdout.toString().split('n');
console.log(outputArray); // ['info r=> Found "micromatch@3.1.10"', 'info r=> Found "fast-glob#micromatch@4.0.2"', '' ]
const parsedOutputArray = outputArray.filter(output => output.length > 0).map((output) => output.split('@')[1].replace('"', ''))
console.log(parsedOutputArray); // [ '3.1.10', '4.0.2' ]