Enforce Engines Pinned using data collected by Node.js Collector. Automatically check devex build and ci standards on every PR.
How Node.js Collector Powers This Guardrail
The Node.js Collector gathers metadata from your languages, build systems. This data flows into Lunar's Component JSON, where the Engines Pinned guardrail evaluates it against your standards.
When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.
Quick Start Configuration
Add both the collector and policy to your lunar-config.yml to enable this guardrail.
# Step 1: Enable the Node.js Collector
collectors:
- uses: github://earthly/lunar-lib/collectors/nodejs@v1.0.0
# with: ...
# Step 2: Enable the Node.js Project Guardrails
policies:
- uses: github://earthly/lunar-lib/policies/nodejs@v1.0.0
include: [engines-pinned]
# with: ...What Node.js Collector Collects
This collector gathers the following data that the Engines Pinned guardrail evaluates.
project
Analyzes Node.js project structure by detecting package.json, lockfiles, TypeScript configuration, ESLint, Prettier, monorepo setup, and engines.node. Writes project metadata to .lang.nodejs with build system info.
dependencies
Extracts direct and dev dependencies from package.json. Captures package names and version ranges for dependency tracking and policy enforcement.
cicd
Records every npm, yarn, or pnpm command executed in CI pipelines along with the Node.js version. Writes command strings and version info to .lang.nodejs.cicd for audit trails and build reproducibility analysis.
test-coverage
Extracts coverage percentage from existing test coverage output after tests complete. Parses coverage-summary.json to calculate total coverage and writes results to .lang.nodejs.tests.coverage and .testing.coverage.
Example Data Flow
Here's an example of the data that Node.js Collector writes to the Component JSON, which Engines Pinned then evaluates.
{
"lang": {
"nodejs": {
"version": "20.11.0",
"build_systems": ["npm"],
"package_json_exists": true,
"package_lock_exists": true,
"yarn_lock_exists": false,
"pnpm_lock_exists": false,
"tsconfig_exists": true,
"eslint_configured": true,
"prettier_configured": false,
"engines_node": ">=18",
"monorepo": { "type": "workspaces" },
"source": { "tool": "node", "integration": "code" },
"cicd": {
"cmds": [{ "cmd": "npm test", "version": "20.11.0" }],
"source": { "tool": "node", "integration": "ci" }
},
"tests": {
"coverage": {
"percentage": 85.5,
"source": { "tool": "jest", "integration": "ci" }
}
},
"dependencies": {
"direct": [
{ "path": "express", "version": "^4.18.2" }
],
"dev": [
{ "path": "jest", "version": "^29.7.0" }
],
"source": { "tool": "npm", "integration": "code" }
}
}
}
}Configuration Options
Node.js Project Guardrails Inputs
| Input | Required | Default | Description |
|---|---|---|---|
min_node_version |
Optional |
18
|
Minimum required Node.js major version (e.g., "18", "20") |
min_node_version_cicd |
Optional |
18
|
Minimum required Node.js major version for CI/CD commands (e.g., "18", "20") |
Ready to Automate Your Standards?
See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
Infrastructure conventions
Post-mortem action items
Security & compliance policies
Testing & quality requirements