Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
@alcalzone/pak
Advanced tools
Programmatic wrapper around popular Node.js package managers
Roadmap:
npm
yarn 1
import { detectPackageManager } from "pak";
async function main() {
// Use the current working directory
const pak = await detectPackageManager();
// Or use a different directory. The package manager will default to that dir
const pak = await detectPackageManager("/path/to/dir");
}
import { packageManagers } from "pak";
const pak = new packageManagers.npm();
All package managers share the following properties:
Property | Type | Description |
---|---|---|
cwd | string | The directory to run the package manager commands in. Defaults to process.cwd() |
loglevel | "info" | "verbose" | "warn" | "error" | "silent" | Which loglevel to pass to the package manager. Note: Not every package manager supports every loglevel. |
stdout | WritableStream | A stream to pipe the command's stdout into. |
stderr | WritableStream | A stream to pipe the command's stderr into. |
stdall | WritableStream | A stream to pipe the command's stdout and stderr into in the order the output comes. |
const result = await pak.install(packages, options);
packages
is an array of package specifiers, like ["pak", "fs-extra"]
or ["semver@1.2.3"]
options
: See common options for details.const result = await pak.uninstall(packages, options);
packages
is an array of package specifiers, like ["pak", "fs-extra"]
or ["semver@1.2.3"]
options
: See common options for details.const result = await pak.update(packages, options);
packages
is an array of package names, like ["pak", "fs-extra"]
. If no packages are given, all packages in the current workspace are updated.options
: See common options for details.const result = await pak.rebuild(packages, options);
packages
is an array of package names, like ["pak", "fs-extra"]
. If no packages are given, all packages in the current workspace are rebuilt.options
: See common options for details.const result = await pak.overrideDependencies(overrides);
overrides
is an object of packages and exact versions, like {"pak": "1.2.3"}
Sometimes it is necessary to update transitive dependencies, meaning dependencies of dependencies. This command changes all occurences of the given overridden dependencies in the current node_modules
tree so that the packages have the specified versions. How it works depends on the package manager:
yarn
uses the built-in "resolutions"
property for package.json
npm
patches the root package-lock.json
and package.json
for all dependents of the overridden packagesNote: This command does not support version ranges and it does not check whether the overrides are compatible with the version specified in package.json
.
The returned value is an object with the following properties:
interface CommandResult {
/** Whether the command execution was successful */
success: boolean;
/** The exit code of the command execution */
exitCode: number;
/** The captured stdout */
stdout: string;
/** The captured stderr */
stderr: string;
}
These options are used to influence the commands' behavior. All options are optional:
Option | Type | Description | Default | Commands |
---|---|---|---|---|
dependencyType | "prod" | "dev" | Whether to install a production or dev dependency. | "prod" | all |
global | boolean | Whether to install the package globally. | false | all |
exact | boolean | Whether exact versions should be used instead of "^ver.si.on" . | false | install |
package.json
await pak.findRoot();
await pak.findRoot("lockfile.json");
Returns a string with a path to the nearest parent directory (including cwd
) that contains a package.json
(and a lockfile if one was specified). Throws if none was found.
You can stream the command output (stdout
, stderr
or both) during the command execution, as opposed to getting the entire output at the end. To do so,
set the stdout
, stderr
and/or stdall
properties of the package manager instance to a writable stream. Example:
import { PassThrough } from "stream";
import { packageManagers } from "../../src/index";
const pak = new packageManagers.npm(); // or the automatically detected one
pak.stdall = new PassThrough().on("data", (data) => {
// For example, log to console - or do something else with the data
console.log(data.toString("utf8"));
});
// execute commands
const version = await pak.version();
Returns a string with the package manager's version.
FAQs
Programmatic wrapper around popular Node.js package managers
We found that @alcalzone/pak demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.