Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
@rizzlesauce/install-local
Advanced tools
A small module for installing local packages. Works for both npm >= 5 and older versions.
Installs npm/yarn packages locally without symlink, also in npm 5. Exactly the same as your production installation, no compromises.
Install with
npm install -g install-local
or for occasional use, without installation
$ npx install-local
You can use install-local from command line or programmatically.
Usage:
$ install-local # 1
$ install-local [options] <directory>[ <directory>] # 2
$ install-local --target-siblings # 3
Installs a package from the filesystem into the current directory.
Options:
-h, --help
: Output this help-S, --save
: Saved packages will appear in your package.json under "localDependencies"-T, --target-siblings
: Instead of installing into this package, this package gets installed into sibling packages
which depend on this package by putting it in the "localDependencies".
Useful in a lerna style monorepo.Examples:
install-local
Install the "localDependencies" of your current packageinstall-local ..
Install the package located in the parent folder into the current directory.install-local --save ../sibling ../sibling2
Install the packages in 2 sibling directories into the current directory.install-local --help
Print this helpSee Programmatically to see how use install-local
from node.
Why installing packages locally? There are a number of use cases.
Well... nothing is wrong with npm link. It's just not covering all use cases.
For example, if your using typescript and you npm link
a dependency from a parent directory, you might end up with infinite ts source files, resulting in an out-of-memory error:
FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory
An other reason is with npm link
your not testing if your package actually installs correctly. You might have files in there that will not be there after installation.
npm i file:
?You could use npm install file:..
versions of npm prior to version 5. It installed the package locally. Since version 5, the functionality changed to npm link
instead. More info here: https://github.com/npm/npm/pull/15900
To guarantee the production-like installation of your dependency, install-local
uses npm pack
and npm install <tarball file>
under the hood. This is as close as production-like as it gets.
Typings are included for all your TypeScript programmers out there
const { cli, execute, Options, progress, LocalInstaller} = require('install-local');
Execute the cli functions with the cli
function. It returns a promise:
cli(['node', 'install-local', '--save', '../sibling-dependency', '../sibling-dependency2'])
.then(() => console.log('done'))
.catch(err => console.error('err'));
Or a slightly cleaner api:
execute({
validate: () => true,
dependencies: ['../sibling-dependency', '../sibling-dependency2'],
save: true,
targetSiblings: false
})
Use the LocalInstaller
to install local dependencies into multiple directories.
For example:
const localInstaller = new LocalInstaller({
/*1*/ '.': ['../sibling1', '../sibling2'],
/*2*/ '../dependant': ['.']
});
progress(localInstaller);
localInstaller.install()
.then(() => console.log('done'))
.catch(err => console.error(err));
'.'
)'.'
) into the package located in
the "dependant" directory located next to the current working directory.Construct the LocalInstall
by using an object. The properties of this object are the relative package locations to install into. The array values are the packages to be installed. Use the install()
method to install, returns a promise.
If you want the progress reporting like the CLI has: use progress(localInstaller)
;
In some cases it might be useful to control the env variables for npm. For example when you want npm to rebuild native node modules against Electron headers. You can do it by passing options
to LocalInstaller
's constructor.
const localInstaller = new LocalInstaller(
{ '.': ['../sibling'] },
{ npmEnv: { envVar: 'envValue' } }
);
Because the value provided for npmEnv
will override the environment of the npm execution, you may want to extend the existing environment so that required values such as PATH
are preserved:
const localInstaller = new LocalInstaller(
{ '.': ['../sibling'] },
{ npmEnv: Object.assign({}, process.env, { envVar: 'envValue' }) }
);
FAQs
A small module for installing local packages. Works for both npm >= 5 and older versions.
We found that @rizzlesauce/install-local demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.