npm-package-repro
frontend
npm-package-repro | frontend | |
---|---|---|
2 | 5 | |
1 | - | |
- | - | |
5.1 | - | |
over 2 years ago | - | |
JavaScript | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
npm-package-repro
-
Mischievous NPM Publications
I went a different route with my "malicious" NPM package. See if you can figure it out [1].
Years ago I played around with the idea of verifying that a npm package is the same code found from the source repo [2]. Because there is often a build step, that requires trying to reproduce the building of any arbitrary package, and flagging when there is any delta between the build output and the code distributed via NPM. In more reasonable package managers, this is true by default given that you provide the source code and the package manager builds it for you ... as opposed to NPM, which just asks for the executable code directly.
[1] https://github.com/connorjclark/totally-fair-rng
[2] https://github.com/connorjclark/npm-package-repro
-
NPM package ‘ua-parser-JS’ with more than 7M weekly download is compromised
I couldn't find the code, so I just started over. Haven't hosted it anywhere yet.
https://github.com/connorjclark/npm-package-repro
frontend
-
Why I recommend Renovate over any other dependency update tools
Started using renovate to update a few internal dependencies.
A few years later more than 30 projects using it and almost all of that growth happened naturally: https://gitlab.com/gitlab-org/frontend/renovate-gitlab-bot
We operate on a fork (5 commits or so) which contains some hacks to support a forked workflow on GitLab and some minor adjustments for that workflow. Really need to upstream some of it: https://gitlab.com/gitlab-org/frontend/renovate-fork/-/merge...
The author was always super kind, responsive and accommodating.
-
Mischievous NPM Publications
We‘ve been writing a tool to check lock files against the registry: https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile
For now it only supports yarn, but npm support shouldn’t be too hard.
- gitlab is written in vue.js using nuxt. But in some places the pages on their site are updated? How is it implemented? If using nuxt and vue router doesn't refresh anything though
-
Bundle Size Analysis
Have you dealt with analyzing the bundle size between builds? I couldn't find anything except this and just wanted to see what's out there.
-
Development managers - what stressed you the most?
Keep an eye out for other ways to help others that stay more within your comfort zone. Maybe you create helpful documentation or a wiki page, maybe you improve an internal tool. If your team plans features and architecture in big group meetings, suggest that some topics might be better tackled with an asynchronous, written process that gives people more time to think about ideas. Some companies use an RFC (request for comment) process, which can be a really good way to collect the voices of quieter team members on big technical topics. (GitLab has a good example of this shared here. And there are examples in open source too, like this one from Rust.)
What are some alternatives?
node-ffi-napi - A foreign function interface (FFI) for Node.js, N-API style
totally-fair-rng - A 100% fair random number generator, every day of the year!
esprima - ECMAScript parsing infrastructure for multipurpose analysis
rfcs - RFCs for changes to Rust
deno - A modern runtime for JavaScript and TypeScript.
evil.js