GitShow/ljharb/ls-engines
ljharb

ls-engines

Determine if your dependency graph's stated "engines" criteria is met.

by ljharb
enginesls-enginesnodenpmpackagevalidate
Star on GitHubForknpm

JavaScript

56 stars4 forks3 contributorsActive · 2w agoSince 2020MIT

Meet the team

See all 3 on GitHub →
ljharb
ljharb270 contributions
XhmikosR
XhmikosR2 contributions
travi
travi1 contribution

Languages

View on GitHub →
JavaScript100%

Commit activity

Last 12 weeks · 15 commits

Full graph →

Community health

4 of 6 standards met

Community profile →
85
✓README✓License✓Contributing✓Code of Conduct○Issue Template○PR Template

Recent PRs & issues

Active · 1 in progress · Last activity 2w ago
See all on GitHub →
evan-kinney
Add proxy supportOpenPR

Adds proxy support to the method.

evan-kinney · 6mo ago
nyoma-diamond
Improper handling of OR ( || ) allows invalid resultOpenIssue

Hello, I have a project for which I'm trying to use ls-engines to identify the minimum node version for and upon inspecting the requirements myself I ran into a notable edge case that I'm not sure about the choices for: Upon inspection, the package had the most recent engine requirement, stating . Notably, this explicitly excludes node version 21. However, the result of ls-engines produces as the result, which will erroneously accept version 21. I believe the desired behavior should be to either inherit the same requirement as in this case, or just default to the highest of the specified values (). Practically speaking wrt implementation, it may make sense to track which versions are excluded by dependencies to validate the output does not conflict.

nyoma-diamond · 1y ago
ljharb
when `engines.node` is explicitly set to `*`, still errorsOpenIssue

I can't recall atm if this was intentional or not, but i have a package that actually does work on literally everything, and it forced me to use an actual range.

ljharb · 2y ago

Recent fixes

View closed PRs →
ericcornelissen
Bump `@npmcli/arborist` and `pacote`MergedPR

Upgrade and to newer versions in order to resolve 13 deprecation warnings. This comes at the cost of dropping support for Node.js and . These are the minimum (major version) upgrades necessary to achieve this goal. Note: some of the deprecation warnings are still present due to the dependency on , to resolve these too it would need to receive similar upgrades. Since you're maintaining both of these packages I figured I can start with one PR and see if you're open to upgrading :slightly_smiling_face:

ericcornelissen · 11mo ago
babblebey
Security Advisory: Vulnerability in `phin` DependencyClosedIssue

I received a security advisory indicating that there is a moderate severity vulnerability in the dependency used by the dependency in the package. The package may include sensitive headers in subsequent requests after a redirect. There is currently no fix available for this vulnerability. Audit Report: Dependency Tree: Steps to Reproduce: 1. Run to see the vulnerability report. 2. Run to view the dependency tree involving the package. Context: We are using as a development dependency in our project. While this does not directly affect our users, it is important to address the vulnerability for the security and integrity of our development environment. References:** https://github.com/semantic-release/semantic-release/security/dependabot/33

babblebey · 2y ago
aminya
Supprt pnpm-lock.yaml in virtual modeClosedIssue

ls-engines doesn't support in

aminya · 3y ago
Structured data for AI agents

Repository: ljharb/ls-engines. Description: Determine if your dependency graph's stated "engines" criteria is met. Stars: 56, Forks: 4. Primary language: JavaScript. Languages: JavaScript (100%). License: MIT. Topics: engines, ls-engines, node, npm, package, validate. Open PRs: 1, open issues: 3. Last activity: 2w ago. Community health: 85%. Top contributors: ljharb, XhmikosR, travi.

·@ofershap

Replace github.com with gitshow.dev