201 private links
A wrapper that throws warnings about security risks
A package.json can be provided in order to scan dependencies. It searches for risks.
Checks how vulnerable is a package.
It provides informations to asses if a package is safe enough for the use case.
The tool provides analysis for each line of code too.
Find unused dependencies: npx depcheck
Or install the package and run the command.
There is also npm-check that checks for outdated, incorrect, and unused dependencies.
Example of usage of degit with a postinstall hook:
{
"scripts": {
"build": "eleventy",
"postinstall": "degit tryGhost/Ghost/core/frontend/src/cards/css node_modules/ghost-cards"
},
"dependencies": {
"@11ty/eleventy": "^1.0.0",
"degit": "^2.8.4"
}
}TL;DR
A timestamp is used to - Some zip programs does not work well with the Unix Epoch and Docker abuse of the zip files. So NPM fixed it by changing the default of mtime and ctime.
They use a specific timestamp: https://github.com/npm/cli/commit/58d2aa58d5f9c4db49f57a5f33952b3106778669
The best hypothesis is misstyping that installs the package - !
Publishing private packages as public ones to get the code executed !
J'ai pas compris les Workspaces 😅 Il y a le RFC correspondant sur Github qui explique bien la chose !
Mais on a :
- des commandes plus rapides avec l'utilisation d'un cache
- le moyen de déclarer que plusieurs modules dépendent d'une seule même version d'un module : les peerDependencies
- la logiqe d'installation des dépendances est un module
@npmcli/arborist - npx est intégré à npm via la commande `npm exec
find the cost of adding a npm package to your bundle
Les soucis liés à NodeJS/NPM
Install properly packages from NPM.
npm config set prefix ~/.npm instead of installing pakages globally. They stay in the user directory.
and then add $HOME/.npm/bin to your PATH with export PATH="$HOME/.npm/bin:$PATH"
EDIT : $PATH must come after $HOME/.npm/bin. LOL
Pourquoi ne suis-je pas surpris ?
Dépendances-ception. Avec du code qui n'a rien à voir avec le module original. Le nombre de GB qui est perdu... Whaouh !
Express envoie une requête du fichier like-tweet.js à un tweet particulier.
Ember has 95KB (95% percent of Ember's codebase) due to Flimmer. Glimmer brings in the entirety of Encyclopedia Brittanica, just to display the definition for the word “glimmer” in its help menu.
Babel: It’s true. Each installation of Babel includes a picture of Guy Fieri, and there is nothing you can do about it.
Compte rendu du choix de Rust comme langage de développement pour les CPU-bound bottlenecks de npm.