Implementation:Treeverse LakeFS WebUI Package Lock

Overview

The package-lock.json file is the NPM lock file for the lakeFS web UI (lakefs-ui), pinning exact versions of all direct and transitive dependencies to ensure reproducible builds.

Description

This 16,366-line NPM lockfile (lockfileVersion 3) belongs to the lakefs-ui application at version 0.1.0. It records the full resolved dependency tree for the lakeFS web frontend, a React-based single-page application. The project requires Node.js >= 18.

Key production dependencies:

• react (^18.2.0) and react-dom (^18.2.0) - Core UI framework
• @mui/material (^5.14.20) - Material UI component library
• @emotion/react (^11.11.1) and @emotion/styled (^11.11.0) - CSS-in-JS styling engine for MUI
• react-router-dom (^6.20.1) - Client-side routing
• react-bootstrap (^2.9.1) and bootstrap (^5.3.2) - Additional Bootstrap-based components
• @duckdb/duckdb-wasm (1.28.0) - DuckDB WebAssembly for in-browser SQL queries (pinned exact version)
• apache-arrow (^15.0.0) - Columnar data format for DuckDB integration
• react-markdown (^8.0.7), remark-gfm (^4.0.0), rehype-raw (^7.0.0) - Markdown rendering pipeline
• prismjs (^1.30.0) and react-syntax-highlighter (^15.5.0) - Code syntax highlighting
• leaflet (^1.9.4) and react-leaflet (^4.2.1) - Map visualization
• dayjs (^1.11.10) - Date/time utility library
• lodash (^4.17.21) - General-purpose utility library
• react-dropzone (14.2.3) - File upload drag-and-drop
• react-diff-viewer-continued (^3.3.1) - Visual diff rendering
• react-ipynb-renderer (^2.2.1) - Jupyter notebook rendering
• validator (^13.11.0) - String validation utilities

Key dev dependencies:

• vite (^7.3.1) - Build tool and dev server
• @vitejs/plugin-react (^5.0.1) and @vitejs/plugin-react-swc (^4.0.1) - React Vite plugins
• typescript (^5.3.3) - TypeScript compiler
• vitest (^3.2.4) - Unit test framework
• @playwright/test (^1.40.1) - End-to-end browser testing
• @testing-library/react (^16.3.0) - React component testing utilities
• eslint (^9.39.2) with prettier (^3.7.4) - Linting and code formatting
• sass (^1.69.5) - SCSS preprocessor
• @stoplight/prism-cli (^5.14.2) - API mocking server for development

Usage

This file is automatically generated and updated by npm install or npm ci. It should be committed to version control to ensure all developers and CI/CD pipelines use identical dependency versions. Do not edit manually. Run npm ci for deterministic installs in CI environments.

Code Reference

Source Location

• Repository: Treeverse_LakeFS
• File: webui/package-lock.json
• Lines: 1-16366

Signature

{
  "name": "lakefs-ui",
  "version": "0.1.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "lakefs-ui",
      "version": "0.1.0",
      "dependencies": { ... },
      "devDependencies": { ... },
      "engines": {
        "node": ">= 18"
      }
    }
  }
}

Import

# Install all dependencies using the lock file for deterministic builds
cd webui && npm ci

# Or update dependencies (modifies package-lock.json)
cd webui && npm install

I/O Contract

Inputs

Outputs

Usage Examples

# Clean install in CI (uses lock file strictly)
cd webui && npm ci

# Add a new dependency (updates both package.json and package-lock.json)
cd webui && npm install new-package@^1.0.0

# Audit dependencies for known vulnerabilities
cd webui && npm audit

Related Pages

• Principle:Treeverse_LakeFS_WebUI_Dependency_Management