Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
anypm
Advanced tools
Changelog
0.8.4
Readme
This project aims to use a package manager of your preference locally without the need to change the CI configuration of your project to use this same manager.
At first, the compatibility is made between pnpm and npm, where npm will be the cloud package and pnpm used local. This itself already offer much less space and internet consumed for you, my fellow developer! And if your fellow developer doesn't want to use pnpm, that's okay! He can stick with npm and everyone will be happy!
npm -g anypm pnpm
As you see, you need to install pnpm along with it, otherwise anypm will just use npm locally too!
To execute "npm install" equivalent, with no packages:
anypm install
anypm i
To install one or more packages (if the package have a valid @types, it is installed too)
anypm install express moment
anypm i express moment
To install dev dependencies
anypm install --save-dev jest
anypm i -D jest
To uninstall (correspondent @types are uninstalled too):
anypm uninstall express
anypm un express
To install modules resolving from package-lock (npm ci equivalent):
anypm ci
This is a experimental feature, but, in linux systems, you can replace the npm command by anypm in any call and it'll work seamlessly. First, you need to have nvm installed, then, set the default node version for nvm to your preferred version:
nvm alias default 10
Finally, add it to your initializing script (.zshrc, .bashrc etc...):
anypm nvmrc
This command will add a hook to the cd command and, at every folder change, it'll change the node version if there is any .nvmrc in the current folder, or to default version, if there is none. At each change, it'll also replace the npm command to anypm. Any command anypm does not support will be passed to npm.
Some packages with errors in the package.json does not work well with pnpm. Also, pnpm no longer supports node 10 since version 6. If you used anypm nvmrc as described above and you have some project with node 10:
If you have some project using a node version greater than 10 and you're getting erros during the installation:
{
"command": "npm"
}
This way, just in this project, you'll use npm, not pnpm, as your package manager under anypm
Licensed under MIT.
FAQs
Use your favorite package manager locally and let npm be used by your CI!
The npm package anypm receives a total of 38 weekly downloads. As such, anypm popularity was classified as not popular.
We found that anypm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.