
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
@ariestools/sdk
Advanced tools
All-in-one umbrella for the Aries Tools TypeScript/JavaScript utility libraries
All-in-one umbrella for the Aries Tools TypeScript/JavaScript utility libraries.
Import the whole SDK:
import { fetchJson } from '@ariestools/sdk'
…or a single slice via a subpath export (tree-shaking-friendly — you only pay for what you import):
import { fetchJson } from '@ariestools/sdk/fetch'
import { assertEx } from '@ariestools/sdk/assert'
import type { ApiConfig } from '@ariestools/sdk/api/model'
@xylabs/sdk remains published as a backward-compatibility re-export shim of this package.
@ariestools/sdk is self-contained: its published dist/ vendors the compiled output of
each barreled package (under dist/_pkg/), with cross-package @xylabs/* imports rewritten
to relative paths. At runtime it depends only on the real externals
(async-mutex, zod, @opentelemetry/*), declared as peerDependencies. The individual
@xylabs/* packages are build-time inputs only (devDependencies).
The vendoring is performed by scripts/populate-dist.mjs,
wired into the toolchain via a local package-compile script in package.json. The
xy CLI defers to a package's own package-compile script during the compile emit
phase (the built-in still runs the --validate-only tsc pre-pass over src/). Because the
emit phase runs topologically over dependencies, every barreled package's dist/ is built
before this package vendors it. So the normal commands just work — no manual step:
pnpm xy build # compiles all packages, then vendors @ariestools/sdk
pnpm xy build @ariestools/sdk # vendors using the already-compiled sub-package dist
To run the toolchain's built-in compile instead of this override (e.g. for debugging), pass
--no-defer. This mechanism is a local prototype; it is intended to move into
@xylabs/toolchain as a first-class compile mode (so the package-compile shim is no longer
needed).
FAQs
All-in-one umbrella for the Aries Tools TypeScript/JavaScript utility libraries
We found that @ariestools/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.