Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@lerna/run
Advanced tools
@lerna/run is a part of the Lerna monorepo management toolset. It allows you to run scripts or commands across multiple packages in a monorepo, making it easier to manage and automate tasks in a multi-package repository.
Run npm scripts in all packages
This command runs the 'test' script in all packages that contain it. It's useful for ensuring that all packages pass their tests before a release.
lerna run test
Run npm scripts in specific packages
This command runs the 'build' script only in the package named 'my-package'. This is useful for targeting specific packages for certain tasks.
lerna run build --scope my-package
Run npm scripts with parallel execution
This command runs the 'lint' script in all packages in parallel, which can speed up the process significantly compared to running them sequentially.
lerna run lint --parallel
Run npm scripts with a specific concurrency
This command runs the 'test' script in all packages but limits the number of concurrent executions to 4. This can help manage resource usage on your machine.
lerna run test --concurrency 4
Nx is a set of extensible dev tools for monorepos, which helps you develop like Google, Facebook, and Microsoft. It offers similar functionalities to Lerna, including running scripts across multiple packages, but also provides advanced features like dependency graph visualization and affected command execution.
Rush is a scalable monorepo manager for the web, which helps you manage large repositories with many projects. It offers similar script running capabilities as Lerna but focuses more on build orchestration and dependency management.
@lerna/run
Run an npm script in each package that contains that script
Install lerna for access to the lerna
CLI.
$ lerna run <script> -- [..args] # runs npm run my-script in all packages that have it
$ lerna run test
$ lerna run build
# watch all packages and transpile on change, streaming prefixed output
$ lerna run --parallel watch
Run an npm script in each package that contains that script. A double-dash (--
) is necessary to pass dashed arguments to the script execution.
lerna run
respects the --concurrency
, --scope
, and --ignore
flags (see Filter Flags).
$ lerna run --scope my-component test
--npm-client <client>
Must be an executable that knows how to run npm lifecycle scripts.
The default --npm-client
is npm
.
$ lerna run build --npm-client=yarn
May also be configured in lerna.json
:
{
"command": {
"run": {
"npmClient": "yarn"
}
}
}
--stream
Stream output from child processes immediately, prefixed with the originating package name. This allows output from different packages to be interleaved.
$ lerna run watch --stream
--parallel
Similar to --stream
, but completely disregards concurrency and topological sorting, running a given command or script immediately in all matching packages with prefixed streaming output. This is the preferred flag for long-running processes such as npm run watch
run over many packages.
$ lerna run watch --parallel
Note: It is advised to constrain the scope of this command when using the
--parallel
flag, as spawning dozens of subprocesses may be harmful to your shell's equanimity (or maximum file descriptor limit, for example). YMMV
--no-bail
# Run an npm script in all packages that contain it, ignoring non-zero (error) exit codes
$ lerna run --no-bail test
By default, lerna run
will exit with an error if any script run returns a non-zero exit code.
Pass --no-bail
to disable this behavior, running the script in all packages that contain it regardless of exit code.
--no-prefix
Disable package name prefixing when output is streaming (--stream
or --parallel
).
This option can be useful when piping results to other processes, such as editor plugins.
FAQs
Run an npm script in each package that contains that script
We found that @lerna/run demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.