shrinkpack
isolate-package
shrinkpack | isolate-package | |
---|---|---|
7 | 1 | |
793 | 89 | |
- | - | |
0.0 | 8.9 | |
about 1 year ago | 7 days ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shrinkpack
-
Local package mirror for fast, safe, reproducible builds using NPM.
It's https://github.com/JamieMason/shrinkpack
- Check-in NPM tarballs to freeze changes and install offline
- Check-in npm tarballs to freeze changes and install offline
- Open source developer corrupts widely-used libraries, affecting tons of projects
- Why you should pin your npm/yarn dependencies
-
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Using a lockfile and checking in your dependency tarballs [1] can help insulate you from these problems until you're ready to face them.
I created shrinkpack before left-pad and thankfully it meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
[1] https://github.com/JamieMason/shrinkpack
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Checking in your dependencies with https://github.com/JamieMason/shrinkpack can help insulate you from these problems until you're ready to face them. I created this before left-pad and thankfully meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
isolate-package
-
Deploying to Firebase without the hacks
I created a solution for deploying to Firebase from a monorepo called isolate-package, and wrote an article about it. I hope you find it useful.
What are some alternatives?
presetter - 🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!
audit-ci - Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories
slnpm - A simple and fast node.js package manager using symbolic link
dependency-time-machine - 🕰️ Tool to automatically update dependencies one-by-one in chronorogical order
npm-deprecated-check - 🐦 Check for deprecated packages
syncpack - Consistent dependency versions in large JavaScript Monorepos.
yalc - Work with yarn/npm packages locally like a boss.
nextjs-monorepo-example - Collection of monorepo tips & tricks
hugo-installer - Installs hugo into your repository.
ci - Run npm ci using the appropriate Node package manager (npm, yarn, pnpm)
rushstack - Monorepo for tools developed by the Rush Stack community
verdaccio - 📦🔐 A lightweight Node.js private proxy registry