Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Convention-based build tool for node.js projects.
Bob provides a set of build-related tasks that work cross-platform and simple to use by following a few convention.
It works with zero configuration and allows minimal customisation when you don't want to use the default type of a particular task.
It only installs the default tools, while alternative tools will be lazy-installed as required.
It doesn't have plugins. It uses various CLI tools and configure their usage in task configuration files.
npm install -g bob
A project must have:
Run Bob: (from your project directory, where package.json is located)
bob clean lint test coverage
Run Bob in robot mode: (generate machine-parsable output when possible)
BOB_MODE=robot bob clean lint test coverage
Run Bob quietly: (only lists tasks, without each task's output)
bob --quiet clean lint test coverage
In alphabetical order.
Task | Description | Default Type | Alternative Type(s) |
---|---|---|---|
clean | Delete .bob directory | rimraf | - |
complexity | Run code complexity checker against *.js files in lib/ directory | plato | jscheckstyle |
coverage | Check code coverage | mocha-istanbul | buster-istanbul |
dep | Install dependencies specified in package.json | npm | - |
depgraph | Generate module dependencies graph | madge | - |
doc | Generate code documentation | dox-foundation | - |
lint | Lint *.js files in lib/ and test/ directories | jshint | nodelint |
nuke TODO | Kill all processes with command containing the string 'node' | - | - |
package | Create an artifact file in .bob/artifact/ directory | tar.gz | - |
publish | Publish artifact file to a repository | npm | - |
restart | Restart application | npm | - |
rmdep | Remove node_modules directory. | rimraf | - |
send TODO | Send artifact file to a remote server. | scp | sendman |
site | Generate web site. | ae86 | buildbranch |
start | Start application | npm | - |
status | Status application | npm | - |
stop | Stop application | npm | - |
test | Execute unit test files in test/ directory | mocha | buster, nodeunit, vows |
test-acceptance | Execute acceptance test files in test-acceptance/ directory | mocha | cucumber |
test-integration | Execute integration test files in test-integration/ directory | mocha | buster, cmdt |
test-performance | Execute performance test files in test-performance/ directory | mocha | - |
updep | Upgrade all dependencies to latest version | pkjutil | - |
versionup | Upgrade patch version number in package.json file | pkjutil | - |
To customise Bob for your project, create a .bob.json file in your project directory, where package.json is located.
To use nodelint instead of default jshint when running bob lint
:
{
"lint": {
"type": "nodelint"
}
}
To add an alias task (called build) which executes clean lint test coverage tasks:
{
"build": "clean lint test coverage"
}
###Travis CI
Configure Bob in .travis.yml file:
before_install: "npm install -g bob"
script: "bob clean lint test coverage"
###Jenkins CI
Configure Bob in a Jenkins job with shell script build step:
npm install -g bob
bob clean lint test coverage
Build reports:
0.7.5 - 2016-02-12
FAQs
Convention-based build tool for node.js projects.
The npm package bob receives a total of 37 weekly downloads. As such, bob popularity was classified as not popular.
We found that bob demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.