Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@ory/npm-bin
Advanced tools
Applications written in Golang are portable - you can easily cross-compile binaries that work on Windows, Mac, and Linux. But how do you distribute the binaries to customers? When you publish new releases, how do they update the binary?
Use NPM to distribute cross-platform Go binaries
npm publish
npm install/update -g your-awesome-app
Setup your Go application to compile and publish binaries to a file server. This could be Github Releases or Amazon S3 or even Dropbox. All you need is a link.
I like to use GoReleaser to setup by release process. You create a simple YAML configuration file like this and run goreleaser
CLI to publish binaries for various platform/architecture combination to Github:
# .goreleaser.yml
# Build customization
builds:
- binary: drum-roll
goos:
- windows
- darwin
- linux
goarch:
- amd64
go-npm
will pull the appropriate binary for the platform & architecture where the package is being installed.
To publish to NPM, you need to create a package.json
file. You give your application a name, link to Readme, Github repository etc, and more importantly add go-npm
as a dependency. You can create this file in an empty directory in your project or in a separate Git repository altogether. It is your choice.
Create package.json
$ npm init
Answer the questions to create an initial package.json file
Add go-npm dependency
From the directory containing package.json file, do
$ npm install go-npm --save
This will install go-npm under to your package.json file. It will also create a node_modules
directory where the go-npm
package is downloaded. You don't need this directory since you are only going to publish the module and not consume it yourself. Let's go ahead and delete it.
$ rm -r node_modules
Add postinstall and preuninstall scripts
Here is the magic: You ask to run go-npm install
after it completes installing your package. This will pull down binaries from Github or Amazon S3 and install in NPM's bin
directory. Binaries under bin directory are immediately available for use in your Terminal.
Edit package.json
file and add the following:
{
"postinstall": "go-npm install",
"preuninstall": "go-npm uninstall",
}
go-npm uninstall
simply deletes the binary from bin
directory before NPM uninstalls your package.
Configure your binary path
You need to tell go-npm
where to download the binaries from, and where to install them. Edit package.json
file and add the following configuration.
"goBinary": {
"name": "command-name",
"path": "./bin",
"url": "https://github.com/user/my-go-package/releases/download/v{{version}}/myGoPackage_{{version}}_{{platform}}_{{arch}}.tar.gz"
Following variables are available to customize the URL:
{{version}}
: Version number read from package.json
file. When you publish your package to NPM, it will use this version number. Ex: 0.0.1{{platform}}
: $GOOS
value for the platform{{arch}}
: $GOARCH
value for the architectureIf you use goreleaser
to publish your modules, it will automatically set the right architecture & platform in your URL.
Publish to NPM
All that's left now is publish to NPM. As I promised before, just one command
$ npm publish
To install:
npm install -g your-app-name
To Update:
npm update -g your-app-name
With ❤️ to the community by Sanath Kumar Ramesh
FAQs
Distribute and install Go binaries via NPM
The npm package @ory/npm-bin receives a total of 12 weekly downloads. As such, @ory/npm-bin popularity was classified as not popular.
We found that @ory/npm-bin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.