How do I get the "version range" or "specifier" of a package when using catalogs?

[tringenbach]

When using a catalog, is there a good way to find out the "version range" of a package? By "version range" I mean ^1.2.3 or >5.4.3 or whatever the version spec is. Note that I don't want to know the exact version. And I'd rather not parse the pnpm-workspaces.yml myself. Ideally the solution would handle workspace:, and overrides too.

I would have thought that pnpm why or maybe pnpm list would give this information but it does not seem to.

So far the best solution I've found is to run pnpm pack and inspect the package.json in the generated tarball. But that's a bit inconvenient, and won't give me the answer for "dependencies of my dependencies" the way pnpm why would.

Maybe the right answer is to consult the pnpm-lock.yaml file myself?

[tt-a1i]

A few options:

1. Parse the lockfile
The lockfile has catalog definitions:

catalogs:
  default:
    lodash: ^4.17.21

Read with:

cat pnpm-lock.yaml | yq ".catalogs.default.lodash"

2. Direct catalog lookup from workspace file

yq ".catalog.lodash" pnpm-workspace.yaml

3. For programmatic access

import { readWantedLockfile } from "@pnpm/lockfile.fs";
const lockfile = await readWantedLockfile(".", { ignoreIncompatible: true });
console.log(lockfile.catalogs);

4. Check resolved specifier in lockfile importers

importers:
  packages/app:
    dependencies:
      lodash:
        specifier: catalog:
        version: 4.17.21

The lockfile approach is most reliable since it handles overrides and workspace protocols too.