Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@pika/pack
Advanced tools
@pika/pack • npm package building, reimagined.
Getting started is easy:
// 1. Install it!
$ npm install -g @pika/pack
// 2. Add this to your package.json manifest:
"@pika/pack": {
"pipeline": []
}
// 3. Run it!
$ pack build
So now what? If you run pack build
with an empty pipeline, you'll get an empty package build. @pika/pack lets you connect pre-configured plugins to build and optimize your package for you. Plugins wrap already-popular tools like Babel and Rollup with npm-optimized config options, removing the need to fiddle with much (if any) configuration yourself. You even get a generated package.json manifest configured for you automatically.
// Before: Your top-level package.json manifest:
{
"name": "simple-package",
"version": "1.0.0",
"@pika/pack": {
"pipeline": [
["@pika/plugin-standard-pkg", {"exclude": ["__tests__/**/*"]}],
["@pika/plugin-build-node"],
["@pika/plugin-build-web"],
["@pika/plugin-build-types"]
]
}
}
Builders are simple, single-purpose build plugins defined in your package.json
. For example, @pika/plugin-build-node
& @pika/plugin-build-web
build your package for those different environments. Other, more interesting builders can bundle your web build for unpkg, generate TypeScript definitions from your JavaScript, addon a standard CLI wrapper for Node.js builds, and even compile non-JS languages to WASM (with JS bindings added).
// After: your built "pkg/" package.json manifest:
{
"name": "simple-package",
"version": "1.0.0",
// Multiple distributions, built & configured automatically:
"esnext": "dist-src/index.js",
"main": "dist-node/index.js",
"module": "dist-web/index.js",
"types": "dist-types/index.d.ts",
// With sensible package defaults:
"sideEffects": false,
"files": ["dist-*/", "assets/", "bin/"]
}
This is all possible because @pika/pack builds your entire package: code, assets, and even package.json manifest. By building the entire package, you end up with a fully-built pkg/
directory, ready to publish. Entry points like "main", "module", "umd:main", "types", "unpkg", "files", and even advanced options like "sideEffects" are all handled by your build pipeline.
Check out the full list of official & community-written @pika/pack plugins!
Curious about integrating @pika/pack with Lerna? Our official collection of plugins is a Lerna repo that uses @pika/pack to build each package! Check it out to see how easy it is to use the two tools together.
publish
We've brought our favorite parts of np (a self-described "better npm publish") into @pika/pack. With the publish
command there's no need to worry about how to publish your package once you've built it.
Run pack publish
in your project and @pika/pack will walk you through version bumping, tagging your release, generating a fresh build, and finally publishing your package.
FAQs
package building, reimagined.
The npm package @pika/pack receives a total of 1,402 weekly downloads. As such, @pika/pack popularity was classified as popular.
We found that @pika/pack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.