docs(spec): optimize the lockfile format

alexanderGugel · Dec 28, 2016 · 86c69a8 · 86c69a8
1 parent 9069a5f
commit 86c69a8
Showing 1 changed file with 22 additions and 27 deletions.
diff --git a/spec/LOCKFILE.md b/spec/LOCKFILE.md
@@ -5,45 +5,40 @@ In order to get consistent installs across machines, package managers need more
 For storing this information, the `dependencies-lock.yaml` file is used in the root of the project. A simple lockfile looks like this:
 
 ```yaml
-checksums:
-  package-1:
-    1.0.3: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
-  package-2:
-    2.0.1: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
-  package-3:
-    3.1.9: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
-  package-4:
-    4.5.1: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
 registry: https://registry.npmjs.org
 resolutions:
   ied:
-    alexanderGugel/ied#2.3.4: alexanderGugel/ied#373c7fa787e486438a998b4b4574ac5684d42e5f
+    alexanderGugel/ied#2.3.4:
+      commit: 373c7fa787e486438a998b4b4574ac5684d42e5f
+      checksum: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
   package-1:
-    ^1.0.0: 1.0.3
+    ^1.0.0, ~1.0.0:
+      version: 1.0.3
+      checksum: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
   package-2:
-    ^2.0.0: 2.0.1
+    ^2.0.0:
+      version: 2.0.1
+      checksum: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
   package-3:
-    ^3.0.0: 3.1.9
+    ^3.0.0:
+      version: 3.1.9
+      checksum: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
   package-4:
-    ^4.0.0: 4.5.1
-    ^4.5.0: 4.5.1
+    ^4.0.0, ^4.5.0:
+      version: 4.5.1
+      checksum: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
 ```
 
 ## `dependencies-lock.yaml` structure
 
-The lockfile is a YAML file with sorted keys.
-
-### `resolutions`
-
-The resolutions property maps fuzzy dependencies to exact ones.
-
-### `checksums`
-
-Optional. Contains checksums of packages.
-
-### `registry`
+The lockfile is a [YAML](http://yaml.org/) file with sorted keys.
 
-Contains the registry that was used to resolve the dependencies.
+* `resolutions` - the resolutions property maps fuzzy dependencies to exact ones.
+  * `.<package name>` - resolutions of a specific package.
+    * `.<fuzzy dependencies>` - the key is a comma-separated list of fuzzy dependencies (e.g., `^1.0.0`, `>=2`, `2|3`) and the value is the resolution.
+      * `.checksum` - optional. The checksum of the resolved package.
+      * Other properties are different for different source types.
+* `registry` - contains the registry that was used to resolve the dependencies.
 
 ## Current package only