249 private links
An alternative to NPM. It looks interesting because it does more than NPM for authors.
Compared to NPM, JSR has native typescript support, ESM Syntax, and some better contraints for interoperability.
More on https://jsr.io/docs/why
A wrapper that throws warnings about security risks
A package.json can be provided in order to scan dependencies. It searches for risks.
Checks how vulnerable is a package.
It provides informations to asses if a package is safe enough for the use case.
The tool provides analysis for each line of code too.
Find unused dependencies: npx depcheck
Or install the package and run the command.
There is also npm-check that checks for outdated, incorrect, and unused dependencies.
Example of usage of degit with a postinstall hook:
{
"scripts": {
"build": "eleventy",
"postinstall": "degit tryGhost/Ghost/core/frontend/src/cards/css node_modules/ghost-cards"
},
"dependencies": {
"@11ty/eleventy": "^1.0.0",
"degit": "^2.8.4"
}
}TL;DR
A timestamp is used to - Some zip programs does not work well with the Unix Epoch and Docker abuse of the zip files. So NPM fixed it by changing the default of mtime and ctime.
They use a specific timestamp: https://github.com/npm/cli/commit/58d2aa58d5f9c4db49f57a5f33952b3106778669
The best hypothesis is misstyping that installs the package - !
Publishing private packages as public ones to get the code executed !
J'ai pas compris les Workspaces 😅 Il y a le RFC correspondant sur Github qui explique bien la chose !
Mais on a :
- des commandes plus rapides avec l'utilisation d'un cache
- le moyen de déclarer que plusieurs modules dépendent d'une seule même version d'un module : les peerDependencies
- la logiqe d'installation des dépendances est un module
@npmcli/arborist - npx est intégré à npm via la commande `npm exec
find the cost of adding a npm package to your bundle
Les soucis liés à NodeJS/NPM
Install properly packages from NPM.
npm config set prefix ~/.npm instead of installing pakages globally. They stay in the user directory.
and then add $HOME/.npm/bin to your PATH with export PATH="$HOME/.npm/bin:$PATH"
EDIT : $PATH must come after $HOME/.npm/bin. LOL