isolate-package
shrinkpack
isolate-package | shrinkpack | |
---|---|---|
1 | 7 | |
94 | 792 | |
- | - | |
8.9 | 0.0 | |
20 days ago | about 1 year ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
isolate-package
-
Deploying to Firebase without the hacks
I created a solution for deploying to Firebase from a monorepo called isolate-package, and wrote an article about it. I hope you find it useful.
shrinkpack
-
Local package mirror for fast, safe, reproducible builds using NPM.
It's https://github.com/JamieMason/shrinkpack
- Check-in NPM tarballs to freeze changes and install offline
- Check-in npm tarballs to freeze changes and install offline
- Open source developer corrupts widely-used libraries, affecting tons of projects
- Why you should pin your npm/yarn dependencies
-
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Using a lockfile and checking in your dependency tarballs [1] can help insulate you from these problems until you're ready to face them.
I created shrinkpack before left-pad and thankfully it meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
[1] https://github.com/JamieMason/shrinkpack
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Checking in your dependencies with https://github.com/JamieMason/shrinkpack can help insulate you from these problems until you're ready to face them. I created this before left-pad and thankfully meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
What are some alternatives?
audit-ci - Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories
presetter - 🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!