Company News
Meet the Socket Team at RSAC and BSidesSF 2026
Join Socket for live demos, rooftop happy hours, and one-on-one meetings during BSidesSF and RSA 2026 in San Francisco.
By Sarah Gooding - Mar 03, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
@lerna/create
Advanced tools
lerna create
Create a new lerna-managed package
Install lerna for access to the lerna CLI.
Usage
lerna create <name> [loc]
Create a new lerna-managed package
Positionals:
name The package name (including scope), which must be locally unique _and_
publicly available [string] [required]
loc A custom package location, defaulting to the first configured package
location. The location must match a configured packages directory.
[string]
Note: For more info on how Lerna package directories are configured, see https://lerna.js.org/docs/faq#how-does-lerna-detect-packages.
Command Options:
--access When using a scope, set publishConfig.access value
[choices: "public", "restricted"] [default: public]
--bin Package has an executable. Customize with --bin
<executableName> [default: <name>]
--description Package description [string]
--dependencies A list of package dependencies [array]
--es-module Initialize a transpiled ES Module
--homepage The package homepage, defaulting to a subpath of the root
pkg.homepage [string]
--keywords A list of package keywords [array]
--license The desired package license (SPDX identifier) [default: ISC]
--private Make the new package private, indicating that it
should not be published.
--registry Configure the package's publishConfig.registry [string]
--tag Configure the package's publishConfig.tag [string]
--yes Skip all prompts, accepting default values
FAQs
Create a new lerna-managed package
The npm package @lerna/create receives a total of 1,414,990 weekly downloads. As such, @lerna/create popularity was classified as popular.
We found that @lerna/create demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 10 Feb 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT
Malicious Packagist packages disguised as Laravel utilities install an encrypted PHP RAT via Composer dependencies, enabling remote access and C2 callbacks.
By Kush Pandya - Mar 03, 2026
Research
/Security News
Unauthorized AI Agent Execution Code Published to OpenVSX in Aqua Trivy VS Code Extension
OpenVSX releases of Aqua Trivy 1.8.12 and 1.8.13 contained injected natural-language prompts that abuse local AI coding agents for system inspection and potential data exfiltration.
By Peter van der Zee, Philipp Burckhardt - Mar 02, 2026