{"id":25523,"library":"eslint-plugin-package-lock","title":"ESLint Plugin Package Lock","description":"An ESLint plugin to lint package-lock.json files, providing rules such as lock-file-version to enforce a specific lock file version (default v3). It uses eslint-plugin-json-es as a parser for JSON files. The plugin helps maintain compatibility and avoid issues with lock file versions, particularly v2's larger footprint. Currently stable at v1.0.0 with no recent releases; requires ESLint >=7. Ideal for teams wanting to standardize lock file versions in CI/CD pipelines.","status":"active","version":"1.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/lucavb/eslint-plugin-package-lock","tags":["javascript","eslint","package-lock"],"install":[{"cmd":"npm install eslint-plugin-package-lock","lang":"bash","label":"npm"},{"cmd":"yarn add eslint-plugin-package-lock","lang":"bash","label":"yarn"},{"cmd":"pnpm add eslint-plugin-package-lock","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Peer dependency: requires ESLint >=7 to function as a plugin","package":"eslint","optional":false},{"reason":"Used as the parser for package-lock.json files in the recommended configuration","package":"eslint-plugin-json-es","optional":true}],"imports":[{"note":"Import the plugin as a string in the 'plugins' array in your ESLint config file. Do not import it as a JavaScript object in CommonJS.","wrong":"const packageLock = require('eslint-plugin-package-lock')","symbol":"plugin","correct":"module.exports = { plugins: ['package-lock'] }"},{"note":"Since v1.0.0, the plugin provides configs. Use ESM import; CommonJS require works but is discouraged for consistency.","wrong":"const { configs } = require('eslint-plugin-package-lock')","symbol":"configs","correct":"import { configs } from 'eslint-plugin-package-lock'"},{"note":"Access rules via ESM import. CommonJS destructuring works but may fail with bundlers.","wrong":"const packageLock = require('eslint-plugin-package-lock'); const rules = packageLock.rules","symbol":"rules","correct":"import { rules } from 'eslint-plugin-package-lock'"}],"quickstart":{"code":"// .eslintrc.json\n{\n    \"extends\": [\"plugin:package-lock/version\"],\n    \"overrides\": [\n        {\n            \"files\": [\"package-lock.json\"],\n            \"parser\": \"eslint-plugin-json-es\",\n            \"plugins\": [\"package-lock\"],\n            \"rules\": {\n                \"package-lock/lock-file-version\": [\"error\", { \"version\": 3 }]\n            }\n        }\n    ]\n}\n\n// Then run: eslint package-lock.json","lang":"javascript","description":"Configures ESLint to lint package-lock.json and enforce lock file version 3 using the plugin's recommended config."},"warnings":[{"fix":"Install eslint-plugin-json-es: npm install --save-dev eslint-plugin-json-es","message":"The plugin requires eslint-plugin-json-es as a parser for package-lock.json files; forgetting to install it causes parse errors.","severity":"gotcha","affected_versions":"*"},{"fix":"Set the version explicitly in the rule options: [\"error\", { \"version\": 2 }]","message":"Lock file version rule default is 3, which may break CI if the lock file is version 2.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use ESLint's 'import' syntax or upgrade ESLint to support ESM configs.","message":"Plugin is ESM-only from v1.0.0; CommonJS require() may not work with some ESLint versions or bundlers.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Use the 'plugin:package-lock/version' extends with explicit overrides instead.","message":"The 'version' config is not officially deprecated but may be removed in a future major release.","severity":"deprecated","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run: npm install --save-dev eslint-plugin-json-es","cause":"Missing eslint-plugin-json-es dependency.","error":"Error: Failed to load parser 'eslint-plugin-json-es' declared in 'parser' of config '...'"},{"fix":"Ensure the parser is set to 'eslint-plugin-json-es' in the override for package-lock.json.","cause":"package-lock.json is malformed or the parser is not set correctly.","error":"Parsing error: Unexpected token } in JSON at position 1234"},{"fix":"Add 'plugins: [\"package-lock\"]' to your ESLint config.","cause":"Plugin is not loaded in the 'plugins' array.","error":"Definition for rule 'package-lock/lock-file-version' was not found"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}