rfcs
node-ipc
Our great sponsors
rfcs | node-ipc | |
---|---|---|
35 | 2 | |
716 | 26 | |
0.6% | - | |
5.6 | 3.8 | |
3 days ago | 21 days ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rfcs
-
Yarn 4.0
npm workspaces plus Wireit works far better than Lerna, in my experience.
https://github.com/google/wireit
Wireit's ability to specify actual script dependencies, do caching (and on Github actions), and it's long-running service script support make it much more useful and comprehensive than Lerna.
I agree that this should be built into npm. There's an RRFC for it here: https://github.com/npm/rfcs/issues/706
-
NPM vs Yarn?
It's coming https://github.com/npm/rfcs/blob/main/accepted/0042-isolated-mode.md
-
How do you know that the .exe or .apk file for an open source software on github is actually compiled from the viewable source code?
This just got accepted as a proposal in NPM: https://github.com/npm/rfcs/pull/626
-
Why aren't Node.js package managers interoperable?
npm also plans to support pnpm-style node_modules
-
Axios shipped a buggy version and it broke many productions apps. Let this be a lesson to pin your dependencies!
(I usually end up removing npm ci from CI/CD since I think it is way too slow and want to cache node_modules from previous builds; I'm waiting for https://github.com/npm/rfcs/issues/415 to land to make this fail-safe npm install --from-lockfile. Yarn does support this already)
- How to run multiple NPM commands simultaneously using concurrently
- [RRFC] Parallel script execution when value is set to an array of text. · Issue #610 · npm/rfcs
- Lerna has gone. Which Monorepo is right for a Node.js BACKEND now?
- NPM introduces a new Dependency Selector Syntax
-
How to respond to growing supply chain security risks?
I started following this problem from the discussion at npm about making install scripts opt-in. But install scripts are not the only threat, there are more ways for malicious actors:
node-ipc
-
PSA: RIAEvangelist appears to be attempting to pretend he was hacked
For those of you not aware, Brandon Nozaki Miller (aka RIAEvangelist) decided to protest the war in Ukrainian by launching a supply chain attack. After waiting for a while it appears he has adopted a new strategy of pretending that his account was actually hacked and someone else committed this crime. He has recently started getting active again so beware.
- Drop-in fork of `node-ipc`
What are some alternatives?
vm2 - Advanced vm/sandbox for Node.js
vue-cli - 🛠️ webpack-based tooling for Vue.js Development
pnpm - Fast, disk space efficient package manager
peacenotwar - Attempts to determine if the computer its running on has an IP originating from Russia or Belarus. If it is then depending on the version of the malware either attempts to delete all files on the computer, or creates a text file on the computers desktop protesting the war in ukraine.
corepack - Zero-runtime-dependency package acting as bridge between Node projects and their package managers
create-vue - 🛠️ The recommended way to start a Vite-powered Vue project
Cargo - The Rust package manager
es5-ext - ECMAScript extensions (with respect to upcoming ECMAScript features)
GHSA-g2q5-5433-rhrf
gitian-builder - Build packages in a secure deterministic fashion inside a VM
feedback - Public feedback discussions for npm
Windows-Sandbox-Utilities - A public repository for useful developments surrounding Windows Sandbox