Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@npmcli/map-workspaces
Advanced tools
@npmcli/map-workspaces
Retrieves a name:pathname Map for a given workspaces config.
Long version: Reads the workspaces property from a valid workspaces configuration object and traverses the paths and globs defined there in order to find valid nested packages and return a Map of all found packages where keys are package names and values are folder locations.
Install
npm install @npmcli/map-workspaces
Usage:
const mapWorkspaces = require('@npmcli/map-workspaces')
await mapWorkspaces({
cwd,
pkg: {
workspaces: {
packages: [
"a",
"b"
]
}
}
})
// ->
// Map {
// 'a': '<cwd>/a'
// 'b': '<cwd>/b'
// }
Examples:
Glob usage:
Given a folder structure such as:
├── package.json
└── apps
├── a
│ └── package.json
├── b
│ └── package.json
└── c
└── package.json
const mapWorkspaces = require('@npmcli/map-workspaces')
await mapWorkspaces({
cwd,
pkg: {
workspaces: [
"apps/*"
]
}
})
// ->
// Map {
// 'a': '<cwd>/apps/a'
// 'b': '<cwd>/apps/b'
// 'c': '<cwd>/apps/c'
// }
API:
mapWorkspaces(opts) -> Promise<Map>
opts:pkg: A validpackage.jsonObjectcwd: A String defining the base directory to use when reading globs and paths.ignore: An Array of paths to be ignored when using globs to look for nested package.- ...Also support all other glob options
Returns
A Map in which keys are package names and values are the pathnames for each found workspace.
LICENSE
Other packages similar to @npmcli/map-workspaces
lerna
Lerna is a tool for managing JavaScript projects with multiple packages, known as a monorepo. It provides similar functionalities to @npmcli/map-workspaces by allowing you to run scripts, publish packages, and more across multiple workspaces. However, Lerna is more feature-rich and can handle complex workflows, including versioning and publishing.
yarn-workspaces
Yarn Workspaces is a feature built into Yarn that automatically manages the installation of dependencies and linking of packages in a monorepo. It offers similar workspace mapping functionalities but is tightly integrated with Yarn's package management capabilities. Unlike @npmcli/map-workspaces, Yarn Workspaces is not a separate package but a feature of Yarn itself.
FAQs
Retrieves a name:pathname Map for a given workspaces config
The npm package @npmcli/map-workspaces receives a total of 3,584,038 weekly downloads. As such, @npmcli/map-workspaces popularity was classified as popular.
We found that @npmcli/map-workspaces demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 23 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025