{"id":12019,"library":"sherif-linux-x64","title":"Sherif Linter for Monorepos","description":"Sherif is an opinionated, zero-config linter specifically designed for TypeScript and JavaScript monorepos. Written in Rust for speed, it efficiently enforces consistency and prevents common regressions across multiple packages without requiring `node_modules` to be installed. It supports all major package managers (PNPM, Bun, NPM, Yarn) and is ideal for CI/CD environments. The current stable version is 1.11.1, with frequent minor releases indicating active development. Its key differentiators include its zero-configuration approach, high performance due to its Rust implementation, and comprehensive monorepo-specific rules, such as checking for multiple dependency versions or package manager consistency.","status":"active","version":"1.11.1","language":"javascript","source_language":"en","source_url":"https://github.com/QuiiBz/sherif","tags":["javascript","cli","monorepo","linter"],"install":[{"cmd":"npm install sherif-linux-x64","lang":"bash","label":"npm"},{"cmd":"yarn add sherif-linux-x64","lang":"bash","label":"yarn"},{"cmd":"pnpm add sherif-linux-x64","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Sherif is primarily used as a CLI tool via `npx` or package manager equivalents (`bunx`, `pnpm dlx`, `yarn dlx`) for temporary, version-controlled execution. Installing globally is not recommended as it bypasses version pinning.","wrong":"npm install -g sherif; sherif","symbol":"CLI Invocation (recommended)","correct":"npx sherif@latest"},{"note":"For CI/CD or production environments, always pin to a specific version to ensure reproducible builds and prevent unexpected regressions from new releases. `npx sherif@latest` should generally be avoided in CI.","wrong":"npx sherif --fix","symbol":"CLI Invocation (version-pinned)","correct":"npx sherif@1.11.1 --fix"},{"note":"When using the GitHub Action, explicitly specifying the `version` input is highly recommended. The `v1` major version tag for the action might automatically update, but pinning the `version` input ensures stability across CI runs. The action automatically searches for a `sherif` script in `package.json`.","wrong":"uses: QuiiBz/sherif@v1","symbol":"GitHub Action","correct":"uses: QuiiBz/sherif@v1\nwith:\n version: 'v1.11.1'"},{"note":"Sherif supports configuration directly in the root `package.json` under the `sherif` field. CLI arguments take precedence over `package.json` configuration.","wrong":"{\n \"name\": \"my-monorepo-root\",\n \"config\": {\n \"sherif\": {\n \"fix\": false\n }\n }\n}","symbol":"Configuration in package.json","correct":"{\n \"name\": \"my-monorepo-root\",\n \"sherif\": {\n \"fix\": false,\n \"select\": \"highest\"\n }\n}"}],"quickstart":{"code":"{\n \"name\": \"my-monorepo\",\n \"version\": \"1.0.0\",\n \"private\": true,\n \"workspaces\": [\n \"packages/*\"\n ],\n \"scripts\": {\n \"lint:monorepo\": \"sherif\",\n \"lint:monorepo:fix\": \"sherif --fix\"\n },\n \"sherif\": {\n \"failOnWarnings\": false,\n \"ignoreRule\": [\n \"root-package-manager-field\"\n ]\n }\n}\n\n// Create a dummy package to lint\n// packages/ui/package.json\n// {\"name\": \"@my-monorepo/ui\", \"version\": \"1.0.0\", \"dependencies\": {\"lodash\": \"^4.17.21\"}}\n\n// Run from your monorepo root\nnpm install # or pnpm install, bun install, yarn install\nnpm run lint:monorepo\nnpm run lint:monorepo:fix","lang":"javascript","description":"Demonstrates how to set up Sherif in a monorepo's root `package.json` with scripts for linting and autofixing, including basic configuration options. It shows invoking Sherif via a `package.json` script."},"warnings":[{"fix":"Update your GitHub Actions workflow to use `actions/setup-node@v4` or higher with `node-version: 24` or ensure your runner environment provides Node.js v24.","message":"The official GitHub Action for Sherif (`QuiiBz/sherif@v1`) now requires Node.js v24 for execution. If your CI runner is configured with an older Node.js version, the action will fail.","severity":"breaking","affected_versions":">=1.11.0"},{"fix":"To fix issues in CI, run Sherif locally with `--fix`. If you need to perform an autofix step in CI (e.g., as part of a pre-commit check), you must explicitly run it in a non-CI environment or manage the changes outside the typical linting flow.","message":"Sherif's `--fix` (autofix) functionality is automatically disabled in CI environments when the `$CI` environment variable is set. This prevents unintended modifications to your codebase during automated checks.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always pin the Sherif version in your CI scripts and GitHub Actions workflows to ensure consistent behavior across builds.","message":"When running Sherif in CI, it is strongly recommended to specify a pinned version (e.g., `npx sherif@1.11.1` or `version: '1.11.1'` in the GitHub Action) instead of `@latest`. Using `@latest` can lead to unexpected regressions if a new Sherif release introduces breaking changes or new rules.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use the `--fail-on-warnings` flag (or `failOnWarnings: true` in `package.json` config) to force Sherif to exit with code `1` if any warnings are found, ensuring stricter CI enforcement.","message":"By default, Sherif will exit with a non-zero code (`1`) only if error-level issues are found. If only warnings are present, it exits with `0`. This might cause CI pipelines to pass even with warnings.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"In non-interactive environments, use the `--select highest` or `--select lowest` flag in conjunction with `--fix` to automatically choose the highest or lowest version for all conflicting dependencies. This bypasses the interactive prompt.","message":"When using `--fix` for the `multiple-dependency-versions` rule, Sherif interactively prompts the user to select which version to standardize on. This interactive prompt will block non-interactive environments like CI/CD.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure you are using `npx sherif` (or `pnpm dlx sherif`, `bunx sherif`, `yarn dlx sherif`) to run the command without global installation. Verify your `PATH` if attempting a direct global execution.","cause":"Sherif is a CLI tool and not globally installed, or `npx`/`dlx` is not correctly invoking it.","error":"Command not found: sherif"},{"fix":"Autofix should be run locally by developers before committing code. If an autofix step is required in CI, it usually indicates a deviation from best practices for CI/CD or needs to be explicitly enabled in a non-standard way (not recommended).","cause":"Sherif's `--fix` flag is automatically disabled when the `$CI` environment variable is detected to prevent unintended changes in automated builds.","error":"Autofix did not run in my CI/CD pipeline."},{"fix":"Run `sherif --fix` to interactively select a canonical version for each conflicting dependency. For non-interactive environments, use `sherif --fix --select highest` or `sherif --fix --select lowest` to automatically resolve conflicts.","cause":"The `multiple-dependency-versions` rule detects inconsistencies in dependency versions across different packages within your monorepo.","error":"Error: multiple-dependency-versions rule: Dependency 'foo' has multiple versions across packages: 1.0.0, 1.2.0, 2.0.0"},{"fix":"Update your workflow to use `actions/setup-node@v4` (or newer) to configure Node.js v24 for the action or ensure the GitHub Actions runner environment provides Node.js 24.","cause":"The GitHub Action `QuiiBz/sherif@v1` upgraded its internal Node.js runtime requirement to v24 in Sherif v1.11.0, making it incompatible with workflows still using Node.js v20 or older for the action step.","error":"Node.js 20 actions are deprecated. Please update the action to use Node.js 24. For more information see https://github.blog/changelog/2023-09-22-github-actions-update-to-node-20/"}],"ecosystem":"npm"}