Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@crexi-dev/ng-packagr
Advanced tools
Compile and package a TypeScript library to Angular Package Format
Transpile your libraries to Angular Package Format
This project exists thanks to all the people who contribute. [Contribute].
Thank you to all our backers! 🙏 [Become a backer]
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
npm install -D ng-packagr
Let's walk through a getting started that'll build an Angular library from TypeScript sources and create a distribution-ready npm package:
create a package.json
file, add the custom ngPackage
property, and eventually run ng-packagr -p package.json
– Here we go:
{
"$schema": "./node_modules/ng-packagr/package.schema.json",
"name": "@my/foo",
"version": "1.0.0",
"ngPackage": {
"lib": {
"entryFile": "public_api.ts"
}
}
}
Note 1: Paths in the ngPackage
section are resolved relative to the location of the package.json
file.
In the above example, public_api.ts
is the entry file to the library's sources and must be placed next to package.json
(a sibling in the same folder).
Note 2: referencing the $schema
enables JSON editing support (auto-completion for configuration) in IDEs like VSCode.
You can easily run ng-packagr through a npm/yarn script:
{
"scripts": {
"build": "ng-packagr -p package.json"
}
}
Now, execute the build with the following command:
$ yarn build
The build output is written to the dist
folder, containing all those binaries to meet the Angular Package Format specification.
You'll now be able to go ahead and npm publish dist
your Angular library to the npm registry.
Do you like to publish more libraries?
Is your code living in a monorepo?
Create one package.json
per npm package, run ng-packagr for each!
.d.ts
).metadata.json
)@my/foo
, @my/foo/testing
, @my/foo/bar
~
import syntax and custom include paths~
import syntax.browserslistrc
A great step-by-step example of making an Angular CLI project with a library distributed separate from the app, by Jason Aden
Nikolas LeBlanc wrote a tutorial on building an Angular 4 Component Library with the Angular CLI and ng-packagr
Here is a demo repository showing ng-packagr and Angular CLI in action.
What about ng-packagr alongside Nx Workspace? Well, they work well together!
We keep track of user questions in GitHub's issue tracker and try to build a documentation from it. Explore issues w/ label documentation.
General contribution guidelines
If you like to submit a pull request, you'll find it helpful to take a look at the initial design document where it all started.
To orchestrate the different tools, ng-packagr features a custom transformation pipeline. The transformation pipeline is built on top of RxJS and Angular Dependency Injection concepts.
Angular Package Format v6.0, design document at Google Docs
Packaging Angular Libraries - Jason Aden at Angular Mountain View Meetup (Jan 2018, 45min talk)
Create and publish Angular libs like a Pro - Juri Strumpflohner at NG-BE (Dec 2017, 30min talk)
Packaging Angular - Jason Aden at ng-conf 2017 (28min talk)
Create and publish Angular libs like a Pro - Juri Strumpflohner at ngVikings, this time demoing building Angular libraries with ng-packagr, with NX as well as Bazel (March 2018, 30min talk)
FAQs
Compile and package a TypeScript library to Angular Package Format
We found that @crexi-dev/ng-packagr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.