An sbt plugin to create a dependency lockfile similar to package-lock.json for npm or Gemfile.lock for RubyGems.
Install the plugin by adding the following to project/plugins.sbt:
addSbtPlugin("software.purpledragon" % "sbt-dependency-lock" % "<version>")Then generate a lockfile with sbt dependencyLockWrite. This will resolve dependencies and output a lockfile containing
all dependencies (including transitive ones) to build.sbt.lock.
The lockfile can then be checked with sbt dependencyLockCheck:
[info] Dependency lock check passed
A mismatch between the lockfile and current dependencies will generate an error report:
[error] (dependencyLockCheck) Dependency lock check failed:
[error] 3 dependencies changed:
[error] org.apache.commons:commons-lang3 (test) -> (compile,test) 3.9
[error] org.scala-lang.modules:scala-xml_2.12 (test) 1.2.0 -> 1.1.0
[error] org.scalactic:scalactic_2.12 (test) 3.0.8 -> 3.0.7
[error] org.scalatest:scalatest_2.12 (test) 3.0.8 -> 3.0.7
See the docs for further information on how the plugin works.