Sherif: Opinionated, zero-config linter for JavaScript monorepos
Sherif is an opinionated, zero-config linter for JavaScript monorepos. It runs fast in any monorepo and enforces rules to provide a better, standardized DX.
- ✨ PNPM, NPM, Yarn...: sherif works with all package managers
- 🔎 Zero-config: it just works and prevents regressions
- ⚡ Fast: doesn't need
node_modulesinstalled, written in 🦀 Rust
Run sherif in the root of your monorepo to list the found issues. Any error will cause Sherif to exit with a code 1:
# PNPM
pnpm dlx sherif@latest
# NPM
npx sherif@latestWe recommend running Sherif in your CI once all errors are fixed. Run it by specifying a version instead of latest. This is useful to prevent regressions (e.g. when adding a library to a package but forgetting to update the version in other packages of the monorepo).
GitHub Actions example
name: Sherif
on:
pull_request:
jobs:
check:
name: Run Sherif
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 20
- run: npx sherif@0.3.1You can ignore a specific rule by using --ignore-rule <name> (or -r <name>):
# Ignore both rules
sherif -r packages-without-package-json -r root-package-manager-fieldYou can ignore all issues in a package by using --ignore-package <name> (or -p <name>):
# Ignore all issues in the package
sherif -p @repo/toolsNote Sherif doesn't have many rules for now, but will likely have more in the future (along with more features).
package.json files should not have empty dependencies fields.
A given dependency should use the same version across the monorepo.
You can ignore this rule for a dependency if you expect to have multiple versions by using --ignore-dependency <name> (or -i <name>):
# Ignore dependencies that are expected to have multiple versions
sherif -i react -i @types/nodeAll packages defined in the root package.json' workspaces field or pnpm-workspace.yaml should have a package.json file.
The root package.json is private, so making a distinction between dependencies and devDependencies is useless - only use devDependencies.
The root package.json should specify the package manager and version to use. Useful for tools like corepack.
The root package.json should be private to prevent accidentaly publishing it to a registry.
Private packages shouldn't have @types/* in dependencies, since they don't need it at runtime. Move them to devDependencies.
- dedubcheck that given me the idea for Sherif
- Manypkg for some of their rules
- This article for the Rust releases on NPM
