packageanalyzer
shrinkpack
Our great sponsors
packageanalyzer | shrinkpack | |
---|---|---|
4 | 7 | |
8 | 793 | |
- | - | |
8.4 | 0.0 | |
6 days ago | about 1 year ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
packageanalyzer
- Introducing the packageanalyzer [Feedback Welcome]
-
Introducing the Node.js package analyzer
For updates you can follow me on Twitter or follow the project on GitHub: https://github.com/tmkn/packageanalyzer
shrinkpack
-
Local package mirror for fast, safe, reproducible builds using NPM.
It's https://github.com/JamieMason/shrinkpack
- Check-in NPM tarballs to freeze changes and install offline
- Check-in npm tarballs to freeze changes and install offline
- Open source developer corrupts widely-used libraries, affecting tons of projects
- Why you should pin your npm/yarn dependencies
-
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Using a lockfile and checking in your dependency tarballs [1] can help insulate you from these problems until you're ready to face them.
I created shrinkpack before left-pad and thankfully it meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
[1] https://github.com/JamieMason/shrinkpack
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Checking in your dependencies with https://github.com/JamieMason/shrinkpack can help insulate you from these problems until you're ready to face them. I created this before left-pad and thankfully meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
What are some alternatives?
statoscope - Statoscope is a toolkit to analyze and validate webpack bundle
presetter - 🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!
stack-analyser - Extract 500+ technologies from any repository. Detect Languages, SaaS, Cloud, Infrastructure, Dependencies and Services
slnpm - A simple and fast node.js package manager using symbolic link
windicss-analysis - 🔍 A visual analyzer for Windi CSS
npm-deprecated-check - 🐦 Check for deprecated packages
isolate-package - Isolate a monorepo package with its internal dependencies to form a self-contained directory with a pruned lockfile
yalc - Work with yarn/npm packages locally like a boss.
hugo-installer - Installs hugo into your repository.
rushstack - Monorepo for tools developed by the Rush Stack community
nix-installer-action - The Github Action for the Determinate Nix Installer
colors.js - get colors in your node.js console