Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
[![trunk](https://github.com/jasonkuhrt/alge/actions/workflows/trunk.yml/badge.svg)](https://github.com/jasonkuhrt/alge/actions/workflows/trunk.yml)
Project template for TypeScript libraries
Setup a clone of this repo, enable Corepack, and install dependencies:
gh repo clone jasonkuhrt/alge <your package name> && \
cd <your package name> && \
corepack enable && \
yarn
Run the bootstrap script. You will be prompted to answer some questions:
yarn ts-node scripts/bootstrap
Setup a repo secret called NPM_TOKEN
containing an npm token for CI package publishing.
Example:
gh repo clone jasonkuhrt/alge foobar \
&& cd foobar \
&& yarn \
&& yarn bootstrap \
--orgAndRepo 'jasonkuhrt/foobar' \
--developerName 'Jason Kuhrt' \
--packageName 'foobar' \
--createGithubRepo
Optimal settings for the safety of your implementation
strict
mode enabled..tsbuildinfo
cache setup, output discretely into node_modules/.cache
Inherit settings from @tsconfig/recommended
(Node 14 flavour)
Base tsconfig.json
shared across tests
, src
, and ts-node
.
ts-patch
setup for enhanced language features:
typescript-transform-paths
for a working tsconfig paths
config!ttypescript
Optimal output setup for your users
declaration
so your users can power their intellisense with your packages typings.declarationMap
enabled to make your published source code be navigated to when your users use "go to definition".package.json
typeVersions
used to emit only one set of declaration files shared by both CJS and ESM builds.sourceMap
enabled to allow your users' tools to base off the source for e.g. stack traces instead of the less informative derived built JS.importHelpers
enabled to minimize build size.src
with dist files so that jump-to-definition tools work optimally for users.ts-node
for running TypeScript scripts/modules.
eslint-config-prettier
. eslint-plugin-prettier
is not used to avoid lint noise and slower run time. Prettier is expected to be run by your IDE and your CI and if really needed you manually via yarn format
.@swc/jest
jest.config.ts
(TypeScript file) for type safe & intellisense configuration.typescript-snapshots-plugin
for viewing snapshots on hover of .toMatchSnapshot
method.konn
for type safe test context creation.@jest/types
clean
to remove cache and dist filesbuild
that runs clean
beforehandprepublishOnly
that runs build
beforehandformat
to quickly run prettier
over whole codebaselint
to quickly run eslint
over whole codebasenode_modules
for nodeLinker
package.json
will be used. And note this is a Yarn binary shipped with Node now. In a future version of Node you will not need to even opt-in into Corepack. Make sure you've done corepack enable
at least once.plugin-outdated
Bring back outdated
command from Yarn 1.plugin-typescript
for painless @types
consumptions (e.g. You probably forget how to pull down @types
packages for already-scoped npm packages, doesn't matter now).plugin-interactive-tools
for some slick in-terminal project maintenance.See Dr. Axel's article about this)
exports
field to give support to both modern import
and legacy require
consumers using Node 12.x and up. For details about the exports
field refer to the Official Node.js Docs about it.main
field for legacy versions of Node (before 12.x
) requiring the CJS build.module
field for legacy bundlers importing the ESM build.dist-*/
, .yarn/
, snapshots, lock files, and more.typescript.enablePromptUseWorkspaceTsdk
so that oneself and collaborators will get prompted to use the workspace version of TypeScript instead of the one in the editor.markdown-toc
Here are some TypeScript libraries you might want to use for your new project:
FAQs
[![trunk](https://github.com/jasonkuhrt/alge/actions/workflows/trunk.yml/badge.svg)](https://github.com/jasonkuhrt/alge/actions/workflows/trunk.yml) [![npm version](https://img.shields.io/npm/v/alge.svg)](https://www.npmjs.com/package/alge)
We found that alge demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.