Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@antfu/ni is a command-line tool that provides a unified interface for package managers like npm, yarn, and pnpm. It simplifies the process of managing dependencies by automatically detecting the package manager used in a project and running the appropriate commands.
Install Dependencies
The `ni` command installs dependencies in the current project. It automatically detects the package manager used (npm, yarn, or pnpm) and runs the corresponding install command.
ni
Add a Dependency
The `ni <package>` command adds a new dependency to the project. It detects the package manager and runs the appropriate command to add the specified package.
ni axios
Remove a Dependency
The `nr <package>` command removes a dependency from the project. It detects the package manager and runs the appropriate command to remove the specified package.
nr axios
Upgrade Dependencies
The `nu` command upgrades all dependencies in the project. It detects the package manager and runs the appropriate command to upgrade the dependencies.
nu
Run Scripts
The `ni run <script>` command runs a script defined in the project's package.json file. It detects the package manager and runs the appropriate command to execute the script.
ni run build
npm is the default package manager for Node.js. It provides a wide range of commands for managing dependencies, running scripts, and more. Unlike @antfu/ni, npm does not automatically detect other package managers.
Yarn is a fast, reliable, and secure dependency management tool. It offers similar functionalities to npm but with a focus on speed and reliability. Yarn does not provide a unified interface for other package managers like @antfu/ni.
pnpm is a fast, disk space-efficient package manager. It uses a unique symlink-based approach to manage dependencies. Like npm and yarn, pnpm does not offer a unified interface for other package managers.
npm i
in a yarn project, again? F**k!
ni - use the right package manager
npm i -g @antfu/ni ni
ni
- installni
# npm install
# yarn install
# pnpm install
ni axios
# npm i axios
# yarn add axios
# pnpm i axios
ni @types/node -D
# npm i @types/node -D
# yarn add @types/node -D
# pnpm i @types/node -D
ni --frozen
# npm ci
# yarn install --frozen-lockfile
# pnpm install --frozen-lockfile
ni -g iroiro
# npm i -g iroiro
# yarn global add iroiro
# pnpm i -g iroiro
# this uses default agent, regardless your current working directory
nr
- runnr dev --port=3000
# npm run dev -- --port=3000
# yarn run dev --port=3000
# pnpm run dev -- --port=3000
nr
# interactively select the script to run
nx
- executenu jest
# npx jest
# yarn dls jest
# pnpx jest
nu
- upgradenu
# npm upgrade
# yarn upgrade
# pnpm upgrade
nu -i
# (not available for npm)
# yarn upgrade-interactive
# pnpm upgrade -i
nci
- clean installnci
# npm ci
# yarn install --frozen-lockfile
# pnpm install --frozen-lockfile
if the corresponding node manager is not present, this command will install it globally along the way.
; ~/.nirc
; fallback when no lock found
defaultAgent=npm # default "prompt"
; for global installs
globalAgent=npm
ni assumes that you work with lockfiles (and you should)
Before it runs, it will detect your yarn.lock
/ pnpm-lock.yaml
/ package-lock.json
to know current package manager, and runs the corresponding commands.
FAQs
Use the right package manager
The npm package @antfu/ni receives a total of 302,813 weekly downloads. As such, @antfu/ni popularity was classified as popular.
We found that @antfu/ni demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.