npm-lint VS pnpm

Compare npm-lint vs pnpm and see what are their differences.

npm-lint

A linter for npm & node package.json files with a focus on dependency security (by tanepiper)
Linter linting-rules Npm npm-scripts NodeJS Security security-tools dependency-analysis
Source Code
Suggest alternative
Edit details

pnpm

Fast, disk space efficient package manager (by pnpm)
package-manager Npm dependency-manager Node NodeJS Install Modules JavaScript
Source Code
pnpm.io
Suggest alternative
Edit details
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
npm-lint pnpm
4 96
26 27,802
- 1.6%
0.0 9.8
about 4 years ago 4 days ago
TypeScript TypeScript
MIT License MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

npm-lint

Posts with mentions or reviews of npm-lint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-06-27.
  • JavaScript registry NPM vulnerable to 'manifest confusion' abuse
    3 projects | news.ycombinator.com | 27 Jun 2023
    That postinstall and other scripts have been a problem for a long time - the PoC for example could be installed via npx, which would then run postinstall which executes another script to steal /etc/password data.

    This is not a new problem, you just have another vector.

    I came up with a free linter package to try solve it - but no one seemed interested, and here we are 7 later talking about where people are now offering paid services to mitigate it.

    https://github.com/tanepiper/npm-lint

  • Dissecting Npm Malware: Five Packages And Their Evil Install Scripts
    4 projects | /r/javascript | 18 Apr 2023
    Also ended up writing a similar tool but didn't take it much further.
  • npm package to upload your private ssh keys to a pastebin
    3 projects | /r/javascript | 18 Mar 2022
    I did try come up with a npm linter but never really completed it.
  • Getting rid of NPM scripts
    4 projects | news.ycombinator.com | 26 Dec 2020
    A while back I wrote a opt-in tool called npl-lint[1] that would allow some CI-level enforcement of rules in package.json although I didn't go too far with it - one thing was to check the scripts section and allow whitelisted apps, or whitelisted sources for dependencies.

    It came about because I ended up having a spat with one of the NPM engineers at the time because they launched npx with the ability to run arbitrary gists[2] and this was before 2FA (FWIW you can still absolutely do this with npx).

    I wrote a proof of concept[3] that showed you could, inside a package.json add a command to install another package from a gist location, and then use that to steal credentials, bash history, etc.

    [1] https://github.com/tanepiper/npm-lint

pnpm

Posts with mentions or reviews of pnpm. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-05-02.

What are some alternatives?

When comparing npm-lint and pnpm you can also consider the following projects:

ultra-runner - πŸƒβ›° Ultra fast monorepo script runner and build tool

nx - Smart Monorepos Β· Fast CI

steal-ur-stuff - Steal Ur Stuff

lerna - :dragon: Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.

actual-malware - Useful library dependency

berry - πŸ“¦πŸˆ Active development trunk for Yarn βš’

yarn - The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry

deno - A modern runtime for JavaScript and TypeScript.

npm

Bower - A package manager for the web

npm-check-updates - Find newer versions of package dependencies than what your package.json allows

DeepCreamPy

npm-lint vs ultra-runner pnpm vs nx npm-lint vs steal-ur-stuff pnpm vs lerna npm-lint vs actual-malware pnpm vs berry pnpm vs yarn pnpm vs deno pnpm vs npm pnpm vs Bower pnpm vs npm-check-updates pnpm vs DeepCreamPy