Range Only

Loosens syncpack to only enforce that every dependency uses the semver range prefix required by its semver group — ^, ~, exact, etc. and ignores the version number. This is useful when you want to standardise how packages pin their dependencies, but are otherwise not ready or don't want to enforce a specific version they all should use.

Note

This is not sameRange. sameRange checks that every range overlaps on at least one shared version. semverRangeOnly only checks the prefix.

When the update command runs, the new version is taken from the registry and the prefix from the semver group is applied to it.

Examples

In this example we are only ensuring that semver ranges are used consistently. dependencies should use exact versions and devDependencies should use ~, the specific versions are left unchanged.

.syncpackrc.json

{
  "semverGroups": [
    {
      "label": "Use exact versions for dependencies",
      "dependencyTypes": ["prod"],
      "range": ""
    },
    {
      "label": "Use ~ for devDependencies",
      "dependencyTypes": ["dev"],
      "range": "~"
    }
  ],
  "versionGroups": [
    {
      "label": "Only enforce semver ranges, leave versions unchanged",
      "policy": "semverRangeOnly"
    }
  ]
}

Configuration

policy Required

Choose the "semverRangeOnly" policy to apply this behaviour to a Version Group.

.syncpackrc.json

{
  "versionGroups": [
    {
      "dependencies": ["react"],
      "policy": "semverRangeOnly"
    }
  ]
}

dependencies Optional

• An array of names of dependencies you've installed or otherwise reference in your package.json files.
• If omitted, the default behaviour is to match every dependency.
• The strings can be any combination of exact matches or glob patterns:

Examples of valid values

// match any dependency
dependencies: ["**"]

// match all dependencies with a certain scope
dependencies: ["@aws-sdk/**"]

// match specific dependencies by name
dependencies: ["react", "react-dom"]

Where this pattern is matched against

{
  "name": "HERE",
  "dependencies": { "HERE": "0.0.0" },
  "devDependencies": { "HERE": "0.0.0" },
  "overrides": { "HERE": "0.0.0" },
  "peerDependencies": { "HERE": "0.0.0" },
  "pnpm": { "overrides": { "HERE": "0.0.0" } },
  "resolutions": { "HERE": "0.0.0" }
}

dependencyTypes Optional

A "dependency type" refers to the path/location/nested property of package.json files where dependencies can be found.

• When set, only dependencies present in the named locations will be assigned to this group.
• If omitted, the default behaviour is to match dependencies everywhere they are found.
• Negated types are also supported, so a value of ["!dev", "!prod"] would assign everything except dependencies and devDependencies to this group.
• Auto-generated catalog dep types (pnpmCatalog, pnpmCatalog:<name>, bunCatalog, bunCatalog:<name>) are valid values in projects using pnpm or Bun catalogs.

Tip

• You can extend syncpack by defining your own customTypes.
• pnpm and bun catalog names are auto-registered as dependency types.

See the Dependency Types guide for the list of possible values.

specifierTypes Optional

• When set, only dependencies whose version specifier matches the given specifier types will be assigned to this group.
• If omitted, the default behaviour is to match all dependencies.
• Negated types are also supported, so a value of ["!latest", "!file"] would assign everything except specifiers of the format * and file:path/to/package.tgz to this group.

label Optional

• A short name or description displayed as a header in syncpack's output.
• If a label is not set then eg. "Version Group 3" will be used instead.

packages Optional

• An array of strings which should match the name properties of your package.json files.
• If omitted, the default behaviour is to match every package.
• Negated types are also supported, so a value of ["!my-client", "!my-server"] would assign everything except the packages my-client and my-server to this group.
• The strings can be any combination of exact matches or glob patterns:

Examples of valid values

// ✅ match any package name
packages: ["**"]

// ✅ match any package name with this scope
packages: ["@my-repo/**"]

// ✅ match specific packages by name
packages: ["my-server", "my-client"]

// ✅ match all packages except negated ones
packages: ["!my-server", "!@my-repo/**]

// ❌ no mixing of specific and negated packages
packages: ["my-client", "!@my-repo/**"]

// ❌ not file system paths, name properties of package.json files
packages: ["packages/my-client"]

// ❌ not file system globs, name properties of package.json files
packages: ["packages/**"]

Where this pattern is matched against

{
  "name": "HERE",
  "version": "1.0.2"
}

severity Optional

Override the default severity of any status code this group can produce.

.syncpackrc.json

{
  "versionGroups": [
    {
      "dependencies": ["react"],
      "policy": "semverRangeOnly",
      "severity": {
        "SemverRangeMismatch": "warn"
      }
    }
  ]
}

Permitted keys:

• SemverRangeMismatch

Status Codes

These are all the issues that a Range Only Version Group can find:

Valid

• MatchesSemverGroup
• IsLocalAndValid
• IsIgnored

Fixable

• SemverRangeMismatch
• DiffersToNpmRegistry