yarn-audit-fix
shrinkpack
yarn-audit-fix | shrinkpack | |
---|---|---|
1 | 7 | |
174 | 792 | |
- | - | |
7.4 | 0.0 | |
8 days ago | about 1 year ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yarn-audit-fix
-
The missing `yarn audit --fix` for Yarn 2+ Berry
yarn-audit-fix
shrinkpack
-
Local package mirror for fast, safe, reproducible builds using NPM.
It's https://github.com/JamieMason/shrinkpack
- Check-in NPM tarballs to freeze changes and install offline
- Check-in npm tarballs to freeze changes and install offline
- Open source developer corrupts widely-used libraries, affecting tons of projects
- Why you should pin your npm/yarn dependencies
-
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Using a lockfile and checking in your dependency tarballs [1] can help insulate you from these problems until you're ready to face them.
I created shrinkpack before left-pad and thankfully it meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
[1] https://github.com/JamieMason/shrinkpack
-
What NPM Should Do Today to Stop a New Colors Attack Tomorrow
Checking in your dependencies with https://github.com/JamieMason/shrinkpack can help insulate you from these problems until you're ready to face them. I created this before left-pad and thankfully meant that we were unaffected.
A lot of developers, understandably, baulk at checking in dependencies, but there is a concrete benefit in being able to continue uninterrupted during outages.
What are some alternatives?
ansi-regex - Regular expression for matching ANSI escape codes
presetter - 🛹 Reuse and manage build scripts, devDependencies and config files from your favourite presets, instead of copy and paste!
berry - 📦🐈 Active development trunk for Yarn ⚒
slnpm - A simple and fast node.js package manager using symbolic link
yarn - The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
npm-deprecated-check - 🐦 Check for deprecated packages
GHSA-93q8-gq69-wqmw
isolate-package - Isolate a monorepo package with its internal dependencies to form a self-contained directory with a pruned lockfile
yalc - Work with yarn/npm packages locally like a boss.
hugo-installer - Installs hugo into your repository.
rushstack - Monorepo for tools developed by the Rush Stack community
nix-installer-action - The Github Action for the Determinate Nix Installer