v1.0.1

What's Changed

• fix: sort multiple-dependency-versions for pre-release versions by @QuiiBz in #96
• fix: make sure bun is detected even when yarn.lock file is present by @baptisteArno in #99

New Contributors

• @baptisteArno made their first contribution in #99

Full Changelog: v1.0.0...v1.0.1

v1.0.0

New unordered-dependencies rule

Dependencies should be ordered alphabetically to prevent complex diffs when installing a new dependency via a package manager. This rule is auto-fixable with --fix:

Automatically run your package manager's install command when autofixing

When running Sherif with --fix, your lockfile might need to be refreshed (e.g. when a dependency version is updated, or moved from normal dependencies to devDependencies). Sherif will now automatically run your package manager's install command for you.

Your package manager is auto-detected based on its lockfile - if none is found, Sherif will ask you to choose one. The following package managers are supported:

• NPM
• PNPM
• Yarn
• Bun

This feature is disabled in CI environments, and can be disabled with the --no-install flag.

Support nested packages in the workspace using **

Sherif now supports expanding packages defined in the workspace using **. For example, packages/**/* is now a supported syntax:

{
  "name": "example-workspace",
  "workspaces": [
    "packages/*", // already supported
    "packages/**/*" // new!
  ]
}

What's Changed

• fix: nested ignored packages by @QuiiBz in #91
• feat: expand nested packages by @QuiiBz in #92
• feat: new unordered-dependencies rule by @QuiiBz in #94
• feat: automatic package manager install when autofixing by @Willem-Jaap in #71

Full Changelog: v0.11.0...v1.0.0

v0.11.0

Ignore a specific dependency and version

Let's say your monorepo has two versions of react: 18.3.1 and 19.0.0. One of your application is expected to use the new react 19.0.0, but you still want to make sure you keep the same react 18.* version on all your other applications

Previously, you had to ignore completely the react dependency from the multiple-dependency-versions rule, which means you would completely loose track of potentially different react 18.* versions:

sherif -i react

But now, you can ignore a specific set of dependency and version, so the multiple-dependency-versions rule will keep detecting any other react version and alert you:

sherif -i [email protected]

Report dependency versions mismatch with the root package.json

Previously, Sherif didn't check the multiple-dependency-versions in the root package.json. It now does, meaning you can deduplicate more dependency versions if they are present in both a package in a workspace, and the root package.json.

What's Changed

• feat: multiple-dependency-versions also checks root package by @QuiiBz in #82
• feat: allow ignoring specific dependency and version for multiple-dependency-versions by @QuiiBz in #84
• docs: fix typo in README by @Willem-Jaap in #85
• feat: upload binaries on release by @QuiiBz in #72

New Contributors

• @Willem-Jaap made their first contribution in #85

Full Changelog: v0.10.0...v0.11.0

v0.10.0

What's Changed

• feat: preserve newline with --fix by @QuiiBz in #75
• feat: improve multiple-dependency-versions fix style by @QuiiBz in #76
• fix: grammatical error in packages-without-package-json by @tyleralbee in #77

New Contributors

• @tyleralbee made their first contribution in #77

Full Changelog: v0.9.0...v0.10.0

v0.9.0

What's Changed

• feat: print packages collect errors by @QuiiBz in #65
• feat: sort multiple-dependency-versions autofix by @QuiiBz in #66

Full Changelog: v0.8.4...v0.9.0

v0.8.4

What's Changed

• Revert "feat(multiple-dependency-versions): report peerDependencies (#50) by @QuiiBz

Full Changelog: v0.8.1...v0.8.4

v0.8.1

What's Changed

• fix: remove println by @QuiiBz in #58

Full Changelog: v0.8.0...v0.8.1

v0.8.0

Preserve the JSON indentation on autofix

If you're using a formatter (e.g. Prettier) for your package.json files, you might have noticed that Sherif ignores the indentation and always uses two spaces. This is no longer the case and Sherif will automatically detect and use the correct indentation (2 spaces, 4 spaces, tabs) when autofixing issues!

Yarn nohoist workspaces

We now support the Yarn nohoist workspaces configuration, where the root package.json's workspaces field looks like:

"workspaces": {
  "packages": ["packages/*"],
  "nohoist": []
}

Misc

• The multiple-dependency-versions will now also report duplicated versions in peerDependencies
• Reduce the binary size by half

What's Changed

• perf: reduce binary size by @QuiiBz in #48
• feat(multiple-dependency-versions): report peerDependencies by @QuiiBz in #50
• chore: update ignoring with star example by @QuiiBz in #52
• fix: clippy warnings by @QuiiBz in #55
• feat: preserve JSON indentation by @QuiiBz in #56
• feat: support Yarn nohoist workspaces by @QuiiBz in #57

Full Changelog: v0.7.0...v0.8.0

v0.7.0

Skipping autofix for multiple-dependency-versions rule

When running Sherif with --fix, the multiple-dependency-versions asks to choose a version to use across the monorepo. If you're not sure yet which version you need, you can now choose to skip it by pressing "Escape":

Allow folder path and globs for --ignore-package option

It's now even easier to ignore a specific package, either by its name or path, or all packages matching a specific name or path:

# Ignore all issues in the `@repo/tools` package
sherif -p @repo/tools
# Ignore all issues for packages name matching `@repo-internal/*`
sherif -p @repo-internal/*
# Ignore all issues in the package inside `./integrations/react`
sherif -p ./integrations/react
# Ignore all issues for packages inside `./integrations/*`
sherif -p ./integrations/*

What's Changed

• feat(multiple-dependency-versions): allow skipping autofix by @QuiiBz in #42
• fix: packages resolution when workspace path is at root by @QuiiBz in #44
• feat: allow paths and globs for --ignore-package by @QuiiBz in #47

Full Changelog: v0.6.1...v0.7.0

v0.6.0

Autofix for multiple-dependency-versions

When running Sherif with --fix, the multiple-dependency-versions rule will ask you which version to use by showing all the ones currently declared in the monorepo. The selected version will then automatically be updated in every package using this dependency:

Fix root-package-manager-field

The check to show this rule was checking the presence of the private field instead of the packageManager field of the root package.

What's Changed

• fix(root-package-manager-field): wrong detection by @QuiiBz in #32
• feat: autofix multiple-dependency-versions by @QuiiBz in #33
• feat: disallow --fix in CI by @QuiiBz in #35

Full Changelog: v0.5.0...v0.6.0