
Security News
Package Maintainers Call for Improvements to GitHub’s New npm Security Plan
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
@20i/mrm-preset
Advanced tools
mrm preset to set up eslint, prettier, lint-staged, husky, and typescript
mrm preset to set up nvm, eslint, prettier, lint-staged, husky, and typescript.
Also includes a separate task for publishing npm libraries.
Setup all the things!
npx mrm all --preset @20i/mrm-preset
# or for yarn berry
yarn dlx mrm all --preset @20i/mrm-preset
Each of these can be set up individually. To see all available tasks, run
npx mrm --preset @20i/mrm-preset
npx mrm nvm --preset @20i/mrm-preset
Every project should have a .nvmrc
file. Currently this defaults to 16, but you can change it to whatever you need.
nvm can be installed by following their installation instructions
npx mrm eslint --preset @20i/mrm-preset
The @20i/eslint-config will be installed with prettier and typescript support by default. See the package for more details.
If React or React Native are found as dependencies, additional eslint packages will be installed. This command can be run again after adding react if needed.
npx mrm lint-staged --preset @20i/mrm-preset
This also sets up husky to run as a pre-commit hook. The default command is to use a precommit
npm script, but that can be adjusted in .husky/pre-commit
and in your package.json
.
npx mrm gitignore --preset @20i/mrm-preset
Configured with default values for a node project and yarn berry.
Any default preset can be run with
npx mrm <PRESET>
Currently, this just runs the mrm preset for typescript. PRs are welcome to update this :D
Will only run if a readme is not already present.
Will only run if a license is not already present.
This is a nifty config to help your editor have better default values. For more options, check out editorconfig docs.
all
npx mrm ci-publish --preset @20i/mrm-preset
ci-publish
will add a .github/workflows/ci-publish.yml
file to your project for auto publishing to npm on releases. It also adds a release.yml
template to help with Github's auto release notes.
This package is published to npm using the Publish CI workflow.
The workflow is configured to publish the package to npm after a successful release and package.json version bump.
To use,
NPM_TOKEN
to your github repo secretsFor effective changelogs, be sure to add the labels found in release.yml to PRs.
FAQs
mrm preset to set up eslint, prettier, lint-staged, husky, and typescript
We found that @20i/mrm-preset demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.