lpm resolve
Print the resolved dependency tree for one or more package specs — without installing.
lpm resolve <packages...>Runs the resolver against the given specs and prints the dependency tree it would install. Read-only — no filesystem changes, no lockfile, no downloads, no package.json mutation.
Useful for previewing the impact of a candidate dep, debugging unexpected transitive selections, or scripting dep-graph analysis (--json makes the output structured).
Examples
lpm resolve react # latest, full tree
lpm resolve react@^19 # a specific range
lpm resolve react vue zod # multiple at once
lpm resolve @lpm.dev/owner.pkg # @lpm.dev/* through the lpm.dev registry
lpm resolve @my-co/internal # through the current project's .npmrc scoped registry
lpm resolve react --json | jq '.packages' # structured output for scriptsSpec format
Each spec is <name> or <name>@<range>. Bare names default to * (latest matching anything). Scoped names work as expected — the parser handles the leading @ correctly so @lpm.dev/owner.pkg@^1.0.0 parses as (name=@lpm.dev/owner.pkg, range=^1.0.0).
| Spec | Resolves to |
|---|---|
react | Latest react |
react@^19 | Latest react matching ^19 |
react@19.0.0 | Exact 19.0.0 |
react@beta | Latest tag beta |
@lpm.dev/owner.pkg@^1 | Latest ^1 from lpm.dev |
How it works
- Parses each spec into
(name, range). - Calls the resolver with the combined dep map.
@lpm.dev/*names route to lpm.dev;.npmrc-declared scoped or default registries are honored for npm/private packages; everything else resolves against npmjs.org. - Prints the resolved tree as
name@versionrows, nesting transitives under their parent with tree edges.
No tarballs are downloaded. The resolver only needs metadata.
Human output is written as a readable tree:
react@19.0.0
└─ scheduler@0.25.0JSON output
lpm resolve react --json{
"success": true,
"count": 47,
"elapsed_secs": 0.83,
"packages": [
{ "package": "react", "version": "19.0.0" },
{ "package": "scheduler", "version": "0.25.0" }
]
}| Field | Type | Notes |
|---|---|---|
count | number | Total resolved packages (root + transitive). |
elapsed_secs | number | Resolver wall-clock time. |
packages[].package | string | Package name. |
packages[].version | string | Resolved exact version. |
Integrity hashes aren't part of the resolve envelope — pair with lpm download to fetch the tarball + SRI for a specific resolved version.
When to reach for this
- Preview the transitive impact of adding a new dep before touching
package.json. - Investigate why a specific transitive version got picked. Pair with
--jsonandjqfor ad-hoc analysis. - Generate dep-graph fixtures for testing.
- Check whether a candidate version has unexpected peer-dep conflicts.
For installing the result, run lpm install <spec>. For just downloading the tarball, use lpm download.
Flags
lpm resolve takes no specific flags. Use the global flags — --json is especially useful here, and --registry / --token route the lookup against a specific endpoint or session.
See also
lpm install— installs the resolved treelpm download— fetch + extract the tarball without installinglpm graph— visualize the dep tree of an already-installed project- Resolver — design overview