Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@lerna/npm-run-script
Advanced tools
@lerna/npm-run-script
An internal Lerna tool
You probably shouldn't, at least directly.
Install lerna for access to the lerna
CLI.
6.0.0 (2022-10-12)
lerna run
As of version 6.0.0, Lerna will now delegate the implementation details of the lerna run
command to the super fast, modern task-runner (powered by Nx) by default.
If for some reason you wish to opt in to the legacy task-runner implementation details (powered by p-map
and p-queue
), you can do so by setting "useNx": false
in your lerna.json. (Please let us know via a Github issue if you feel the need to do that, however, as in general the new task-runner should just work how you expect it to as a lerna user).
lerna run
caching and task pipelines via the new lerna add-caching
commandWhen using the modern task-runner implementation described above, the way to get the most out of it is to tell it about the outputs of your various scripts, and also any relationships that exist between them (such as needing to run the build
script before the test
, for example).
Simply run lerna add-caching
and follow the instructions in order to generate all the relevant configuration for your workspace.
You can learn more about the configuration it generates here: https://lerna.js.org/docs/concepts/task-pipeline-configuration
lerna run
with the new task-runner implementationBy default the modern task runner powered by Nx will automatically load .env
files for you. You can set --load-env-files
to false if you want to disable this behavior for any reason.
For more details about what .env
files will be loaded by default please see: https://nx.dev/recipes/environment-variables/define-environment-variables
lerna run
with the new task-runner implementationThere are certain legacy options for lerna run
which are no longer applicable to the modern task-runner. Please see full details about those flags, and the reason behind their obselence, here:
https://lerna.js.org/docs/lerna6-obsolete-options
lerna repair
commandWhen configuration changes over time as new versions of a tool are published it can be tricky to keep up with the changes and sometimes it's possible to miss out on optimizations as a result.
When you run the new command lerna repair
, lerna will execute a series of code migrations/codemods which update your workspace to the latest and greatest best practices for workspace configuration.
The actual codemods which run will be added to over time, but for now one you might see run on your workspace is that it will remove any explicit "useNx": true
references from lerna.json files, because that is no longer necessary and it's cleaner not to have it.
We are really excited about this feature and how we can use it to help users keep their workspaces up to date.
FAQs
An internal Lerna tool
The npm package @lerna/npm-run-script receives a total of 333,177 weekly downloads. As such, @lerna/npm-run-script popularity was classified as popular.
We found that @lerna/npm-run-script demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.