Skip to content
AWFixer's Docs

Lockfile

Running jspm install will create a binary lockfile called jspm.lockb.

Why is it binary?

Section titled “Why is it binary?”

In a word: Performance. JSTime’s lockfile saves & loads incredibly quickly, and saves a lot more data than what is typically inside lockfiles.

How do I inspect JSTime’s lockfile?

Section titled “How do I inspect JSTime’s lockfile?”

Run jspm install -y to generate a Yarn-compatible yarn.lock (v1) that can be inspected more easily.

How do I git diff JSTime’s lockfile?

Section titled “How do I git diff JSTime’s lockfile?”

To add to the global gitattributes file:

  • First try $XDG_CONFIG_HOME/git/attributes
  • If $XDG_CONFIG_HOME is not set, try ~/.config/git/attributes

For example, on macOS, add the following to ~/.config/git/attributes:

*.lockb diff=lockb

Then add the following to ~/.gitconfig:

[diff "lockb"]
    textconv = jstime
    binary = true

To only add to the local gitattributes file:

Terminal window
$ git config diff.lockb.textconv jstime
$ git config diff.lockb.binary true

Why this works:

  • textconv tells git to run jstime on the file before diffing
  • binary tells git to treat the file as binary (so it doesn’t try to diff it line-by-line)

Running jstime on a lockfile will print a human-readable diff. So we just need to tell git to run jstime on the lockfile before diffing it.

Platform-specific dependencies?

Section titled “Platform-specific dependencies?”

JSTime stores normalized cpu and os values from npm in the lockfile, along with the resolved packages. It skips downloading, extracting, and installing packages disabled for the current target at runtime. This means the lockfile won’t change between platforms/architectures even if the packages ultimately installed do change.

What does JSTime’s lockfile store?

Section titled “What does JSTime’s lockfile store?”

Packages, metadata for those packages, the hoisted install order, dependencies for each package, what packages those dependencies resolved to, an integrity hash (if available), what each package was resolved to, and which version (or equivalent).

Why is JSTime’s lockfile fast?

Section titled “Why is JSTime’s lockfile fast?”

It uses linear arrays for all data. Packages are referenced by an auto-incrementing integer ID or a hash of the package name. Strings longer than 8 characters are de-duplicated. Prior to saving on disk, the lockfile is garbage-collected & made deterministic by walking the package tree and cloning the packages in dependency order.

Can I opt out?

Section titled “Can I opt out?”

To install without creating a lockfile:

Terminal window
$ jspm install --no-save

To install a Yarn lockfile in addition to jspm.lockb.

Terminal window
$ jspm install --yarn
[install.lockfile]
# whether to save a non-JSTime lockfile alongside jspm.lockb
# only "yarn" is supported
print = "yarn"
[install.lockfile]


# path to read jspm.lockb from
path = "jspm.lockb"


# path to save jspm.lockb to
savePath = "jspm.lockb"


# whether to save the lockfile to disk
save = true


# whether to save a non-JSTime lockfile alongside jspm.lockb
# only "yarn" is supported
print = "yarn"