package-json-analyzer
shrinkpack
package-json-analyzer | shrinkpack | |
---|---|---|
1 | 7 | |
0 | 792 | |
- | - | |
4.9 | 0.0 | |
11 months ago | about 1 year ago | |
TypeScript | TypeScript | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
package-json-analyzer
-
Package-json-analyzer: New Go-To Tool for NPM Dependency Analysis
https://github.com/u4aew/package-json-analyzer We're excited to introduce package-json-analyzer, a unique and efficient tool for analyzing your package.json file dependencies. This powerful tool generates an insightful HTML report, detailing information about each dependency's repository. The report includes data such as star count, open issue count, last updated date, and links to their npm and GitHub homepages. Additionally, we provide the license type for each dependency.
shrinkpack
-
Local package mirror for fast, safe, reproducible builds using NPM.
It's https://github.com/JamieMason/shrinkpack
- Check-in NPM tarballs to freeze changes and install offline
- Check-in npm tarballs to freeze changes and install offline
- Open source developer corrupts widely-used libraries, affecting tons of projects
- Why you should pin your npm/yarn dependencies
-
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Using a lockfile and checking in your dependency tarballs [1] can help insulate you from these problems until you're ready to face them.
I created shrinkpack before left-pad and thankfully it meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
[1] https://github.com/JamieMason/shrinkpack
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Checking in your dependencies with https://github.com/JamieMason/shrinkpack can help insulate you from these problems until you're ready to face them. I created this before left-pad and thankfully meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
What are some alternatives?
Trex - Package Manager for deno 🦕
presetter - 🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!
dependency-time-machine - 🕰️ Tool to automatically update dependencies one-by-one in chronorogical order
slnpm - A simple and fast node.js package manager using symbolic link
npm-deprecated-check - 🐦 Check for deprecated packages
isolate-package - Isolate a monorepo package with its internal dependencies to form a self-contained directory with a pruned lockfile
yalc - Work with yarn/npm packages locally like a boss.
hugo-installer - Installs hugo into your repository.
rushstack - Monorepo for tools developed by the Rush Stack community
nix-installer-action - The Github Action for the Determinate Nix Installer
colors.js - get colors in your node.js console
web - Grow Open Source