verdaccio
cli
verdaccio | cli | |
---|---|---|
8 | 12 | |
15,892 | 360 | |
0.7% | 0.3% | |
9.7 | 8.8 | |
1 day ago | 5 days ago | |
TypeScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
verdaccio
- verdaccio v5.20.1 has been rolled out
-
3rd party package repositories?
do you know the project https://github.com/verdaccio/verdaccio
-
π¦ Everything you need to know: package managers
Verdaccio allows to setup a private proxy registry for Node.js
-
Npm link doesn't work with React Native, what do you use for testing local modules?
Verdaccio does okay for this
-
Hosting my own node_modules
Thereβs also this: https://www.npmjs.com/package/verdaccio
-
Self-Hosted Private Registry
Cool! What makes Package Depot better than existing solutions such as verdaccio?
-
Monorepo or not?
I highly recommend using a package proxy like https://github.com/verdaccio/verdaccio instead of git submodules if you have more then one developer using your code/repo. Biggest factor is the cost of the developers time. Why teach them a different way to install dependancies when there is a standard way of doing things your CI/CD is simplified, the knowledge of git submodules is good to know, but this is now tribal knowledge on how to setup this up, update dependancies, etc...
-
Researcher hacks over 35 tech firms in novel supply chain attack
The goal of verdaccio is to make this less complicated. https://github.com/verdaccio/verdaccio
cli
-
Securizing your GitHub org
π’ By the way NodeSecure CLI has a first-class support of the scorecard.
-
JS-X-Ray 6.0
Those information are visible in the NodeSecure CLI interface:
-
π¦ Everything you need to know: package managers
@nodesecure/cli, a CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project
-
Announcing NodeSecure Vulnera
Fun fact: its first contribution π€ on NodeSecure was also on the old version of the code Scanner that managed vulnerabilities.
- GitHub - NodeSecure/cli: JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
-
A technical tale of NodeSecure - Chapter 2
When NodeSecure was a single project the AST analysis was at most a few hundred lines in two or three JavaScript files. All the logic was coded with if and else conditions directly in the walker π.
-
NodeSecure - What's new in 2022 ?
View on GitHub
-
Detect Marak Squires packages with NodeSecure
NodeSecure can now detect packages created by Marak and it will generate a global warning β οΈ.
-
Node-Secure v0.9.0
After more than ten long months of work we are finally there π΅! Version 0.9.0 has been released on npm π.
-
Announcing new Node-Secure back-end
Nsecure
What are some alternatives?
yalc - Work with yarn/npm packages locally like a boss.
catalyst - Catalyst is a set of patterns and techniques for developing components within a complex application.
registry-sync - synchronize selected packages from a remote npm registry
rc - NodeSecure runtime configuration
AWS Lambda Router for NodeJS - AWS Lambda router for NodeJS
ci - NodeSecure tool enabling secured continuous integration
artifactory-pypi-scanner - Saves you from package injection!
undici - An HTTP/1.1 client, written from scratch for Node.js
Express - Fast, unopinionated, minimalist web framework for node.
estree - The ESTree Spec
Moleculer - :rocket: Progressive microservices framework for Node.js
js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns π¬.