corepack
asdf
Our great sponsors
corepack | asdf | |
---|---|---|
5 | 340 | |
2,136 | 20,448 | |
5.5% | 2.8% | |
8.7 | 7.9 | |
4 days ago | 3 days ago | |
TypeScript | Shell | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
corepack
-
Yarn 4.0
I'd love to use Bun for my projects, but it's not integrated into Corepack yet (and therefore you cannot pin the bun version w/ checksum in package.json)
https://github.com/nodejs/corepack/issues/295
- corepack global package?
-
Every NPM package potentially compromised
Recently Node 16 LTS cycle started. One month and a few days before the carry-over, a super controversial package titled `coredeps` [0] was officially declared a core module and has been bundled with all official distributions since.
The NodeJS team refuses to discuss NPM because it's a separate 3rd party. And yet.... this NodeJS Core module comes pre-installed as a global NPM package.
We're just getting started.
This module installs or even reinstalls any supported package manager when you execute a script with a name that would match any that they'd recognise. Opt-in for only a short period, and intending to expand beyond package manager installations.
Amidst all that's been going on, NPM (Nonstop Published Moments) is working on a feature that silently hijacks user commands and installs foreign software. The code found in those compromised packages operated in a similar manner and was labeled a critical severity vulnerability.
The following might actually make you cry.
Of these third party remote distributions it's downloading, the number of checksum, keys, or even build configurations that are being verified is 0.
The game that Microsoft is playing with their recent acquisitions here is quite clear, but there's too much collateral damage.
[0] https://github.com/nodejs/corepack#readme
-
Corepack: the Node.js' manager of package managers
The new Node.js LTS v16 will be released at the end of October (without a fancy name assigned yet), it'll have Corepack preinstalled in the default configuration since v16.9.0. ๐
-
Yarn 3.0 ๐๐ค Performances, ESBuild, Better Patches, ...
Corepack integration
asdf
- Show HN: I made a multiple runtime version manager that can be used on Windows
-
Volta โ Fastest Node version manager in Rust
Or if you need to manage more than just node, asdf has been around for over a decade and works great. You can use a .tool-versions to change runtimes for each project you have, in addition to managing your global runtime versions
https://asdf-vm.com/
-
Pyenv โ lets you easily switch between multiple versions of Python
Why not just use a tool like asdf (https://asdf-vm.com/) or mise (https://mise.jdx.dev/)?
These tools have the advantage of not being multi-taskers and can manage version for all your tools. You wouldnโt need pyenv and npm and rvm andโฆ
Weโve even started committing the .mise.toml files for projects to our repos. That way, since we work on multiple projects that may need multiple versions of the same tool, itโs handled and documented.
-
A Journey to Find an Ultimate Development Environment
The purpose of a version manager is to help you navigate or install any tools for development easily. Version Manager can be one tool for each dependency (e.g. NVM, g) or One tool for all dependencies (e.g. asdf, mise).
-
How to Install Your Python Version on Ubuntu
(asdf)[https://asdf-vm.com/] fully supports Python and almost any other language. I've been using it for Ruby, Python, Elixir, and other languages for years and never looked back.
-
Beginners Intro to Trunk Based Development
Secondly, our development environments must not drift, because then code may behave differently and a change could pass on our machine but fail in production. There are many tools for locking down environments, e.g nix, pkgx, asdf, containers, etc., and they all share the common goal of being able to lock down dependencies for an environment accurately and deterministically. And that needs to be enforced in our local workflow so we don't have to rely on CI environments for correctness. All developers must have environments that are effectively identical to what runs in CI (which itself should be representative of the production environment).
-
Practical Guide to Trunk Based Development
There are many ways this can be done (e.g nix, pkgx, asdf, containers, etc.), and we wonโt get into which specific tools to use, because we'll instead cover the essential essence of preventing environment drift:
- Criando seu ambiente com ASDF
-
Kotlin version manager
I've really been enjoying asdf, which is a program that allows you to install specified versions of dev utilities as well as dynamically manage them via shims and .tool-versions files.
-
How do i keep my "devops tool" always up to date in a smart way ?
I use the asdf version manager.
What are some alternatives?
nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
SDKMan - The SDKMAN! Command Line Interface
npm
pyenv - Simple Python version management
vscode-deploy-reloaded - Recoded version of Visual Studio Code extension 'vs-deploy', which provides commands to deploy files to one or more destinations.
rbenv - Manage your app's Ruby environment
berry - ๐ฆ๐ Active development trunk for Yarn โ
node - Node.js JavaScript runtime โจ๐ข๐โจ
volta - Volta: JS Toolchains as Code. โก
verdaccio - ๐ฆ๐ A lightweight Node.js private proxy registry
HomeBrew - ๐บ The missing package manager for macOS (or Linux)