Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@nrwl/cli
Advanced tools
@nrwl/cli is a command-line interface tool for Nx, a set of extensible dev tools for monorepos. It helps developers manage and scale their monorepos, providing features for code generation, project management, and more.
Generate Applications
This command generates a new React application within the monorepo. The @nrwl/cli tool provides schematics for various frameworks, making it easy to scaffold new projects.
nx generate @nrwl/react:app my-app
Run Tasks
This command runs a build task for the specified project. Nx provides a powerful task runner that can execute tasks in parallel, cache results, and more.
nx run my-app:build
Lint Projects
This command lints the specified project using the configured linter. Nx helps maintain code quality across the monorepo by providing consistent linting rules.
nx lint my-app
Test Projects
This command runs tests for the specified project. Nx integrates with popular testing frameworks to provide a seamless testing experience.
nx test my-app
Affected Commands
This command builds only the projects that are affected by the latest changes. Nx's affected commands help optimize CI/CD pipelines by reducing the scope of tasks to only what is necessary.
nx affected:build
Lerna is a tool for managing JavaScript projects with multiple packages. It optimizes the workflow around managing multi-package repositories with git and npm. Compared to @nrwl/cli, Lerna is more focused on package management and publishing, while Nx provides a more comprehensive set of tools for monorepo development, including code generation, task running, and more.
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. It focuses on speeding up builds and tests in monorepos by leveraging caching and parallel execution. While @nrwl/cli offers a broader range of features for managing monorepos, Turborepo is specifically optimized for build performance.
Rush is a scalable monorepo manager for the web, developed by Microsoft. It provides robust support for managing large monorepos, including features for incremental builds, change tracking, and more. Compared to @nrwl/cli, Rush is more focused on enterprise-scale monorepo management and build orchestration.
Nx is a next generation build system with first class monorepo support and powerful integrations.
Using npx
npx create-nx-workspace
Using npm init
npm init nx-workspace
Using yarn create
yarn create nx-workspace
The create-nx-workspace
command will ask you to select a preset, which will configure some plugins and create your applications to help you get started.
? What to create in the new workspace (Use arrow keys)
❯ apps [an empty workspace with no plugins with a layout that works best for building apps]
core [an empty workspace with no plugins set up to publish npm packages (similar to yarn workspaces)]
ts [an empty workspace with the JS/TS plugin preinstalled]
react [a workspace with a single React application]
angular [a workspace with a single Angular application]
next.js [a workspace with a single Next.js application]
nest [a workspace with a single Nest application]
express [a workspace with a single Express application]
web components [a workspace with a single app built using web components]
react-native [a workspace with a single React Native application]
Select the preset that works best for you
Run:
npx add-nx-to-monorepo@latest
A few links to help you get started:
FAQs
Smart, Fast and Extensible Build System
The npm package @nrwl/cli receives a total of 0 weekly downloads. As such, @nrwl/cli popularity was classified as not popular.
We found that @nrwl/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.