rfcs
pnpm
Our great sponsors
rfcs | pnpm | |
---|---|---|
35 | 94 | |
716 | 27,562 | |
0.6% | 1.8% | |
5.6 | 9.8 | |
24 days ago | 5 days ago | |
JavaScript | TypeScript | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rfcs
-
Yarn 4.0
npm workspaces plus Wireit works far better than Lerna, in my experience.
https://github.com/google/wireit
Wireit's ability to specify actual script dependencies, do caching (and on Github actions), and it's long-running service script support make it much more useful and comprehensive than Lerna.
I agree that this should be built into npm. There's an RRFC for it here: https://github.com/npm/rfcs/issues/706
-
NPM vs Yarn?
It's coming https://github.com/npm/rfcs/blob/main/accepted/0042-isolated-mode.md
-
How do you know that the .exe or .apk file for an open source software on github is actually compiled from the viewable source code?
This just got accepted as a proposal in NPM: https://github.com/npm/rfcs/pull/626
-
Why aren't Node.js package managers interoperable?
npm also plans to support pnpm-style node_modules
-
Axios shipped a buggy version and it broke many productions apps. Let this be a lesson to pin your dependencies!
(I usually end up removing npm ci from CI/CD since I think it is way too slow and want to cache node_modules from previous builds; I'm waiting for https://github.com/npm/rfcs/issues/415 to land to make this fail-safe npm install --from-lockfile. Yarn does support this already)
- How to run multiple NPM commands simultaneously using concurrently
- [RRFC] Parallel script execution when value is set to an array of text. · Issue #610 · npm/rfcs
- Lerna has gone. Which Monorepo is right for a Node.js BACKEND now?
- NPM introduces a new Dependency Selector Syntax
-
How to respond to growing supply chain security risks?
I started following this problem from the discussion at npm about making install scripts opt-in. But install scripts are not the only threat, there are more ways for malicious actors:
pnpm
- Pnpm 9
-
Understanding Dependencies in Programming
Node.js manages dependencies using package managers like npm (Node Package Manager), yarn, and pnpm. npm comes pre-installed with Node.js and allows you to install and uninstall Node.js packages. It uses a package.json file to keep track of which packages your project depends on. Yarn and Pnpm are alternative package managers that aim to improve on npm in various ways, such as improved performance and better lock file format.
-
Manage project dependencies correctly
Use pnpm - This is just one recommendation, but it's too big of a topic to discuss here.
- Bun 1.1
-
Using pnpm with the GitLab package registry in GitLab CI
In this blog post, I explain how to use pnpm in GitLab CI and how to authenticate with a private GitLab package registry.
-
Unit Testing in Node.js and TypeScript: A Comprehensive Guide with Jest Integration
A package manager such as npm, Yarn, or pnpm. A package manager is a tool that helps you manage the dependencies of your project. You can use any of these package managers to install Jest and other packages.
-
Understanding Redux: A Practical Guide to State Management
Installation: Install Redux and React-Redux using npm or yarn.(you can try pnpm too!)
-
Effective nodejs version management for the busy developer
I also recommend using pnpm as a package manager, it's faster and more efficient than npm or yarn with great capabilities concerning monorepo setup. On recent nodejs versions (v16.13+), you can install it easily with:
- [email protected] is out!
-
.dockerignore being ignored by docker-compose? no space left on device
FROM node:21-alpine AS base FROM base AS builder Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed. RUN apk add --no-cache libc6-compat RUN apk update Set working directory WORKDIR /app Install pnpm with corepack RUN corepack enable && corepack prepare pnpm@latest --activate Enable pnpm add --global on Alpine Linux by setting home location environment variable to a location already in $PATH https://github.com/pnpm/pnpm/issues/784#issuecomment-1518582235 ENV PNPM_HOME=/usr/local/bin RUN pnpm install turbo --global COPY . . RUN turbo prune web --docker Add lockfile and package.json's of isolated subworkspace FROM base AS installer RUN apk add --no-cache libc6-compat RUN apk update WORKDIR /app First install the dependencies (as they change less often) COPY .gitignore .gitignore COPY --from=builder /app/out/json/ . COPY --from=builder /app/out/pnpm-workspace.yaml ./pnpm-workspace.yaml COPY --from=builder /app/out/pnpm-lock.yaml ./pnpm-lock.yaml RUN pnpm install Build the project COPY --from=builder /app/out/full/ . RUN pnpm turbo run build --filter=web FROM base AS runner WORKDIR /app Don't run production as root RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 nextjs USER nextjs COPY --from=installer /app/apps/web/next.config.js . COPY --from=installer /app/apps/web/package.json . Automatically leverage output traces to reduce image size https://nextjs.org/docs/advanced-features/output-file-tracing COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/standalone ./ COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static COPY --from=installer --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public CMD node apps/web/server.js
What are some alternatives?
vm2 - Advanced vm/sandbox for Node.js
nx - Smart Monorepos · Fast CI
corepack - Zero-runtime-dependency package acting as bridge between Node projects and their package managers
lerna - :dragon: Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.
Cargo - The Rust package manager
berry - 📦🐈 Active development trunk for Yarn ⚒
feedback - Public feedback discussions for npm
yarn - The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
GHSA-g2q5-5433-rhrf
deno - A modern runtime for JavaScript and TypeScript.
npm-workspaces-demo
npm