ci
verdaccio
ci | verdaccio | |
---|---|---|
4 | 8 | |
19 | 15,928 | |
- | 0.7% | |
5.8 | 9.7 | |
4 days ago | about 22 hours ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ci
-
JS-X-Ray 6.0
i18n (for translation in CI or CLI).
-
π¦ Everything you need to know: package managers
@nodesecure/ci, a tool allowing to run SAST, SCA and many more analysis in CI/CDs or in a local environment
- NodeSecure - What's new in 2022 ?
-
Make your JavaScript project safer by using this workflow
@nodesecure/ci brings together a set of tools to identify dependencies vulnerabilities and track most common malicious code and patterns using Static Code Analysis and Vulnerabilities Analysis
verdaccio
- verdaccio v5.20.1 has been rolled out
-
3rd party package repositories?
do you know the project https://github.com/verdaccio/verdaccio
-
π¦ Everything you need to know: package managers
Verdaccio allows to setup a private proxy registry for Node.js
-
Npm link doesn't work with React Native, what do you use for testing local modules?
Verdaccio does okay for this
-
Hosting my own node_modules
Thereβs also this: https://www.npmjs.com/package/verdaccio
-
Self-Hosted Private Registry
Cool! What makes Package Depot better than existing solutions such as verdaccio?
-
Monorepo or not?
I highly recommend using a package proxy like https://github.com/verdaccio/verdaccio instead of git submodules if you have more then one developer using your code/repo. Biggest factor is the cost of the developers time. Why teach them a different way to install dependancies when there is a standard way of doing things your CI/CD is simplified, the knowledge of git submodules is good to know, but this is now tribal knowledge on how to setup this up, update dependancies, etc...
-
Researcher hacks over 35 tech firms in novel supply chain attack
The goal of verdaccio is to make this less complicated. https://github.com/verdaccio/verdaccio
What are some alternatives?
cli - JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
yalc - Work with yarn/npm packages locally like a boss.
ci-action - The official GitHub action of the @nodesecure/ci package
registry-sync - synchronize selected packages from a remote npm registry
js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns π¬.
AWS Lambda Router for NodeJS - AWS Lambda router for NodeJS
vulnera - Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).
artifactory-pypi-scanner - Saves you from package injection!
rc - NodeSecure runtime configuration
Express - Fast, unopinionated, minimalist web framework for node.
webappsec-subresource-integrity - WebAppSec Subresource Integrity
dawson-cli - A serverless web framework for Node.js on AWS (CloudFormation, CloudFront, API Gateway, Lambda)