Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@nrwl/tao
Advanced tools
The @nrwl/tao package is part of the Nx monorepo toolset provided by Nrwl. It provides a set of utilities for workspace management, task orchestration, and abstracts away the configuration for building and testing applications. It is designed to help developers create and maintain monorepo setups more efficiently.
Workspace Management
This feature allows you to read the workspace configuration file, which is useful for understanding the structure and configuration of projects within the workspace.
const { readWorkspaceJson } = require('@nrwl/tao/src/core/file-utils');
const workspaceJson = readWorkspaceJson();
Task Orchestration
This feature enables you to programmatically execute tasks such as building or testing a project within the workspace. It is useful for automating workflows and integrating with other tools.
const { runCommand } = require('@nrwl/tao/src/commands/run-command');
runCommand('build', { project: 'my-app' }, { interactive: false });
Configuration Abstraction
This feature provides utility functions to work with the workspace's root path and other configuration details, simplifying the process of setting up and maintaining a monorepo.
const { getWorkspacePath } = require('@nrwl/tao/src/utils/app-root');
const workspacePath = getWorkspacePath();
Lerna is a tool for managing JavaScript projects with multiple packages, similar to @nrwl/tao. It optimizes the workflow around managing multi-package repositories with git and npm. Lerna can also automate the versioning and publishing of packages.
Yarn Workspaces is a feature of Yarn that allows users to set up multiple package directories within a single repository. It is similar to @nrwl/tao in that it helps manage dependencies and linking between packages in a monorepo.
Nx is a next generation build system with first class monorepo support and powerful integrations.
Using npx
npx create-nx-workspace
Using npm init
npm init nx-workspace
Using yarn create
yarn create nx-workspace
The create-nx-workspace
command will ask you to select a preset, which will configure some plugins and create your applications to help you get started.
? What to create in the new workspace (Use arrow keys)
❯ apps [an empty workspace with no plugins with a layout that works best for building apps]
core [an empty workspace with no plugins set up to publish npm packages (similar to yarn workspaces)]
ts [an empty workspace with the JS/TS plugin preinstalled]
react [a workspace with a single React application]
angular [a workspace with a single Angular application]
next.js [a workspace with a single Next.js application]
nest [a workspace with a single Nest application]
express [a workspace with a single Express application]
web components [a workspace with a single app built using web components]
react-native [a workspace with a single React Native application]
Select the preset that works best for you
Run:
npx add-nx-to-monorepo@latest
A few links to help you get started:
FAQs
CLI for generating code and running commands
The npm package @nrwl/tao receives a total of 2,928,449 weekly downloads. As such, @nrwl/tao popularity was classified as popular.
We found that @nrwl/tao demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.