Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@fnpm-io/cli
Advanced tools
FNPM is an "alternative" for NPM, it is faster and saves more space.
DISCLAIMER 🚧
This project was made to learn more about Package Managers, for now you should only use it to play with it.
The FNPM CLI is used to install packages from the package.json of a project.
Its advantages are that it is faster than NPM and saves more space.
npm i @fnpm-io/cli -g
fnpm install [pkg (optional), flags]
Installs packagesfnpm run <script> <params>
Run script from package.jsonfnpm create <template> <arguments>
Create a project from a template (Similar to npm init)fnpm benchmark
Tests SNPM against NPM and PNPMfnpm clear
Remove .snpm-cache folderfnpm ls <pkg>
Show versions installed by FNPMSNPM uses the same installation system as PNPM, fetch dependency, download dependency. Without waiting for the rest of the dependencies.
Now you are probably wondering how that makes the space more efficient than in NPM.
Each dependency is a hard link to a common store inside .fnpm-cache
, so all your projects use shared dependencies.
Short answer, probably no, but in some cases it works. (For now)
I've selected some quickstart templates to test FNPM, and I'm working on make it work in all of them.
If you want to test a template, you can use Next or Vite, I've already tested them and it should work.
(If you want to test a template and it doesn't work, please open an issue)
FAQs
FNPM CLI Tool.
We found that @fnpm-io/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.