Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
cache-shrinkwrap
Advanced tools
Readme
#Purpose
This module is a utility for system administrators which is intended to be installed globally and used at command line.
It adds all dependencies, including child dependencies, contained in an npm-shrinkwrap.json file to the npm cache.
Read the documentation for npm-shrinkwrap for specifics about generating this file.
Install the module with:
npm install -g cache-shrinkwrap
The cache-shrinkwrap
command can be executed with either one or no arguments:
# With no argument, it looks in the current or parent directory for npm-shrinkwrap.json
cache-shrinkwrap
# You can also specify the path to a file created by npm shrinkwrap command
cache-shrinkwrap wraps/npm-shrinkwrap-2014-01-12.json
The result of inputting this npm-shrinkwrap.json file:
{
"name": "cache-shrinkwrap",
"version": "0.1.0",
"dependencies": {
"nopt": {
"version": "2.2.0",
"from": "nopt@2.2.0",
"resolved": "https://registry.npmjs.org/nopt/-/nopt-2.2.0.tgz",
"dependencies": {
"abbrev": {
"version": "1.0.4",
"from": "abbrev@1",
"resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.0.4.tgz"
}
}
},
...
Is equivalent to executing these commands:
npm cache add abbrev@1.0.4
npm cache add nopt@0.1.0
...
Although, it is not exactly equivalent. Node is only fired up once and all dependencies are added to the cache
through npm's api in a single session as follows: npm.commands.cache(['add', 'abbrev@1.0.4'])
. In other words,
it is much faster than trying to execute multiple npm cache add name@version
statements.
##API
Although only intended for command line usage, there is a public api.
var cache_shrinkwrap = require('cache-shrinkwrap');
cache_shrinkwrap.addFilePath('project/nsw.json');
##References:
Copyright (c) 2014 SLCHackers Licensed under the MIT license.
FAQs
Add all dependencies contained in an npm-shrinkwrap.json file to the npm cache.
The npm package cache-shrinkwrap receives a total of 9 weekly downloads. As such, cache-shrinkwrap popularity was classified as not popular.
We found that cache-shrinkwrap demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.