Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
cherry-pick
Advanced tools
Readme
Build tool to generate proxy directories with package.json
files such as this:
{
"name": "redux-saga/effects",
"private": true,
"main": "../lib/effects.js",
"module": "../es/effects.js"
}
When it comes to "main" entry points of our libraries we have an easy way for
supporting both CJS & ESM files with respectively "main"
and "module"
fields
in package.json
. This allows resolution algorithms to chose a file with the
best format automatically. However if we have multiple files in a package and
we want all of them to be importable we often suggest to users doing it like
this:
import module from "package/lib/module";
There are problems with this approach:
babel
has i.e.
interop helper functions deoptimizing imported file size when comparing to the
same file authored in ESM format. Also webpack
just bails out on CJS files
when trying to optimize your application size with techniques such as
tree-shaking & scope hoisting (a.k.a module concatenation).lib
is in
the requested path? If you ship both CJS & ESM directories to npm
and if
users would like to import appropriate file depending on the tool they are
"forced" to remember this and switch between importing the same thing with
paths like package/lib/module
and package/es/module
. This is a mental
overhead that can be avoided.This technique was also described by me in more details in this article.
cherry-pick [input-dir]
Create proxy directories
Commands:
cherry-pick [input-dir] Create proxy directories [default]
cherry-pick clean [input-dir] Cleanup generated directories
Options:
--help, -h Show help [boolean]
--version, -v Show version number [boolean]
--cjs-dir [default: "lib"]
--esm-dir [default: "es"]
--types-dir
--cwd [default: "."]
--input-dir [default: "src"]
cherry-pick clean [input-dir]
Cleanup generated directories
Options:
--help, -h Show help [boolean]
--version, -v Show version number [boolean]
--cwd [default: "."]
--input-dir [default: "src"]
cherry-pick
exports a default
method which creates proxy directories and
clean
which removes them. Both accepts the same options as corresponding CLI
commands, only they are camelCased.
const { default: cherryPick, clean } = require("cherry-pick");
cherryPick({ inputDir: "source" })
.then(cherryPicked =>
console.log(`Created proxy directories: ${cherryPicked.join(", ")}`)
)
.then(() => clean({ inputDir: "source" }))
.then(removed =>
console.log(`Removed proxy directories: ${Removed.join(", ")}`)
);
FAQs
🍒⛏📦 Build tool to generate proxy directories.
The npm package cherry-pick receives a total of 642 weekly downloads. As such, cherry-pick popularity was classified as not popular.
We found that cherry-pick demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.