Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@rushstack/package-deps-hash
Advanced tools
The `package-deps-hash` library generates a JSON object containing the git hashes of all files used to produce a given package. This is useful for scenarios where you want to define a "change receipt" file to be published with a package. The [Rush](ht
@rushstack/package-deps-hash is a utility for computing a hash based on the contents of a package and its dependencies. This is particularly useful for build systems and caching mechanisms where you need to determine if a package or its dependencies have changed.
Compute Package Hash
This feature allows you to compute a hash for a given package directory. The hash is based on the contents of the package and its dependencies, which can be used to determine if any changes have occurred.
const { getPackageDeps } = require('@rushstack/package-deps-hash');
const path = require('path');
async function computeHash() {
const packagePath = path.resolve(__dirname, 'path/to/your/package');
const packageDeps = await getPackageDeps(packagePath);
console.log(packageDeps);
}
computeHash();
Custom File Globs
This feature allows you to specify custom file globs to include in the hash computation. This can be useful if you want to include or exclude specific files or types of files in the hash calculation.
const { getPackageDeps } = require('@rushstack/package-deps-hash');
const path = require('path');
async function computeHashWithGlobs() {
const packagePath = path.resolve(__dirname, 'path/to/your/package');
const customGlobs = ['**/*.js', '**/*.json'];
const packageDeps = await getPackageDeps(packagePath, { globs: customGlobs });
console.log(packageDeps);
}
computeHashWithGlobs();
hasha is a package for hashing files and strings using various algorithms. It is more general-purpose compared to @rushstack/package-deps-hash, which is specifically designed for hashing package dependencies.
crypto is a built-in Node.js module that provides cryptographic functionality, including hashing. While it can be used to hash files and strings, it does not provide the same level of convenience for hashing package dependencies as @rushstack/package-deps-hash.
webpack is a module bundler that includes functionality for hashing the contents of bundles. While it can be used to achieve similar goals, it is a much larger and more complex tool compared to @rushstack/package-deps-hash.
The package-deps-hash
library generates a JSON object containing the git hashes of all files used to produce
a given package. This is useful for scenarios where you want to define a "change receipt" file to be published
with a package. The Rush tool uses this library to implement incremental build detection.
Only files in a git repo that are not in .gitignore will be considered in building the hash. The file content and the current state of the package can be compared then to determine whether the package needs to be rebuilt.
Internally it uses the GIT hashes to derive the hashes for package content. This allows the process to leverage Git's hash optimizations, as opposed to creating a more elaborate diffing scheme.
NOTE: Git is required to be accessible in the command line path.
let _ = require('lodash');
let { getPackageDeps } = require('@rushstack/package-deps-hash');
// Gets the current deps object for the current working directory
let deps = getPackageDeps();
let existingDeps = JSON.parse(fs.readFileSync('package-deps.json'));
if (_.isEqual(deps, existingDeps)) {
// Skip re-building package.
} else {
// Rebuild package.
}
API documentation for this package: https://rushstack.io/pages/api/package-deps-hash/
FAQs
The `package-deps-hash` library generates a JSON object containing the git hashes of all files used to produce a given package. This is useful for scenarios where you want to define a "change receipt" file to be published with a package. The [Rush](http
The npm package @rushstack/package-deps-hash receives a total of 0 weekly downloads. As such, @rushstack/package-deps-hash popularity was classified as not popular.
We found that @rushstack/package-deps-hash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.