Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@lerna/cli
Advanced tools
@lerna/cli is a tool for managing JavaScript projects with multiple packages. It optimizes the workflow around managing multi-package repositories with features like versioning, publishing, and dependency management.
Bootstrap
Installs all dependencies and links any cross-dependencies between packages in the repo. This is useful for setting up a monorepo with multiple interdependent packages.
lerna bootstrap
Publish
Publishes packages in the monorepo to the npm registry. It handles versioning and tagging of the packages, making it easier to release new versions.
lerna publish
Run
Runs an npm script in each package that contains that script. This is useful for running tests, builds, or other scripts across all packages in the monorepo.
lerna run <script>
Version
Bumps the version of packages in the monorepo. It updates the version in package.json files and creates a git commit and tag for the new version.
lerna version
Add
Adds a dependency to matched packages. This is useful for adding new dependencies to specific packages within the monorepo.
lerna add <package> [--scope]
Nx is a smart, fast, and extensible build system with first-class monorepo support and powerful integrations. It offers more advanced features like distributed caching and task orchestration compared to Lerna.
Rush is a scalable monorepo manager for the web, developed by Microsoft. It focuses on large-scale monorepos and offers features like incremental builds and a strong emphasis on consistent dependency management.
Yarn is a package manager that also supports monorepos through its workspaces feature. It is known for its speed and reliability, and it integrates well with other tools in the JavaScript ecosystem.
pnpm is a fast, disk space-efficient package manager. It supports monorepos through its workspaces feature and is known for its efficient handling of node_modules, which can save disk space and improve performance.
@lerna/cli
Lerna's CLI
You probably shouldn't, at least directly.
Install lerna for access to the lerna
CLI.
FAQs
Lerna's CLI
The npm package @lerna/cli receives a total of 377,422 weekly downloads. As such, @lerna/cli popularity was classified as popular.
We found that @lerna/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.