shrinkpack
Our great sponsors
shrinkpack | proposal-built-in-modules | |
---|---|---|
7 | 4 | |
793 | 891 | |
- | 0.8% | |
0.0 | 0.0 | |
about 1 year ago | 11 months ago | |
TypeScript | HTML | |
MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shrinkpack
-
Local package mirror for fast, safe, reproducible builds using NPM.
It's https://github.com/JamieMason/shrinkpack
- Check-in NPM tarballs to freeze changes and install offline
- Check-in npm tarballs to freeze changes and install offline
- Open source developer corrupts widely-used libraries, affecting tons of projects
- Why you should pin your npm/yarn dependencies
-
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Using a lockfile and checking in your dependency tarballs [1] can help insulate you from these problems until you're ready to face them.
I created shrinkpack before left-pad and thankfully it meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
[1] https://github.com/JamieMason/shrinkpack
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Checking in your dependencies with https://github.com/JamieMason/shrinkpack can help insulate you from these problems until you're ready to face them. I created this before left-pad and thankfully meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
proposal-built-in-modules
-
Turboprop: JS Arrays as Property Accessors!?!
There is proposal for stdlib, but it will take some time until (if ever) it will reach stage 4.
-
Don't make me think, or why I switched to Rails from JavaScript SPAs
The working group most in charge of JS is ECMA's TC-39 (TC => Technical Committee) [0]. They've been taking a very deliberate, slow path to expanding the "standard" library because they take a very serious view of backwards compatibility on the web. Some proposals were shifted because of conflicts with ancient versions of things like MooTools still out in the wild, for instance. (This was the so-called "Smooshgate" incident [1].)
This may speed up a bit if the Built-In Modules proposal [2] passes, which would add a deliberate `import` URL for standard modules which would give a cleaner expansion point for new standard libraries over adding more global variables or further expanding the base prototypes (Object.prototype, Array.prototype, etc) in ways that increasingly likely have backwards compatibility issues.
TC-39 works all of their proposals in the open on Github [3] and it can be a fascinating process to watch if you are interested in the language's future direction.
[0] https://tc39.es/
[1] https://developers.google.com/web/updates/2018/03/smooshgate
[2] https://github.com/tc39/proposal-built-in-modules
[3] https://github.com/tc39/proposals
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
There is a TC39 proposal for a "Javascript Standard Library." It's at stage 1, which is better than stage 0.
https://github.com/tc39/proposal-built-in-modules
-
[AskJS] What is the thing you hate the most about JS?
The standard library is a tough one. There is a proposal for built-in modules but it is very early days and miles away from what is needed. Clojure ships with functions that make the likes of Lodash and Ramda redundant. I think for a dynamic language an extensive library of functions for manipulating collections is essential. It is a real thing that once dynamic language codebases grow too big, they become a challenge to maintain. Therefore having functions that do a lot of common tasks for you mitigates that issue. Paired with immutability, lots of code just becomes data passing through pipelines, giving less surface area for bugs and making everything more concise and declarative.
What are some alternatives?
presetter - 🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!
openapi-typescript-codegen - NodeJS library that generates Typescript or Javascript clients based on the OpenAPI specification
slnpm - A simple and fast node.js package manager using symbolic link
proposal-pattern-matching - Pattern matching syntax for ECMAScript
npm-deprecated-check - 🐦 Check for deprecated packages
proposal-observable - Observables for ECMAScript
isolate-package - Isolate a monorepo package with its internal dependencies to form a self-contained directory with a pruned lockfile
redwood - The App Framework for Startups
yalc - Work with yarn/npm packages locally like a boss.
proposal-record-tuple - ECMAScript proposal for the Record and Tuple value types. | Stage 2: it will change!
hugo-installer - Installs hugo into your repository.
Nest - A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications with TypeScript/JavaScript 🚀