Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
@lerna/legacy-package-management
Advanced tools
Legacy package management concerns provided by lerna. Please migrate to use npm/yarn/pnpm workspaces instead.
This package contains the legacy lerna add
, lerna bootstrap
and lerna link
commands which deal with things better handled by your package manager npm
/yarn
/pnpm
.
This package can be thought of as being in maintenance mode only - no new features will be considered for legacy package management concerns, and we will only look to merge critical patches and security updates.
See below for full context as to why this exists.
Lerna is the original monorepo/workspace tool in the JavaScript ecosystem. When it was created in 2015/2016 the ecosystem looked totally different, and there were no built in capabilities to handle working with multiple packages in a single repository (a "workspace"). Commands like lerna bootstrap
, lerna add
and lerna link
were all a critical part of the lerna project, because there were no other options.
However, now that we find ourselves in 2023, the fact is that - for many years now - the package managers we know and love (npm
, yarn
and pnpm
) all fully support that concept of workspaces as a first-class use-case.
They have battle tested implementations covering adding, removing and linking local packages, and combining them with third party dependencies in a natural way.
This is the reason why, for the past several years of his tenure as lead maintainer of Lerna @evocateur has been encouraging folks to strongly reconsider their use of the legacy package management commands in lerna, and instead leverage their package manager of choice to do what it does best.
We on the Nx Team knew about this context from afar, but as new stewards of the project we did not want to jump straight in and start removing capabilities without first taking the time to get familiar with the reality up close. Now that we have been actively maintaining the project for half a year, we are in full agreement with Daniel and others that the legacy package management commands in lerna need to be retired.
By removing these legacy pieces which have better alternatives natively in package managers, we and the rest of the lerna community will be freed up to concentrate our efforts on things which are uniquely valuable about lerna (such as, but not limited to, versioning and publishing), and making them the best they can be!
We of course want to make sure that folks who are perhaps less aware of the modern capabilities of their package manager are not left confused by this change, so we will be building out comprehensive migration guides on https://lerna.js.org to help them transition their thinking from a legacy lerna command to its equivalent for npm
, yarn
or pnpm
.
FAQs
Legacy package management concerns provided by lerna. Please migrate to use npm/yarn/pnpm workspaces instead.
The npm package @lerna/legacy-package-management receives a total of 124,497 weekly downloads. As such, @lerna/legacy-package-management popularity was classified as popular.
We found that @lerna/legacy-package-management demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.