Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
create-k4
is a CLI tool to bootstrap and manage pnpm/turborepo monorepos with a focus on Next.js and Node.js applications. It provides a streamlined way to set up a modern, scalable monorepo structure with best practices baked in, while maintaining minimal configuration. Despite being batteries-included with features like ESLint, TypeScript, and build tools, the project emphasizes simplicity, keeping all configurations lean and easily customizable.
To create a new monorepo project, run:
npx create-k4@latest <name>
Follow the interactive prompts to customize your project setup.
The generated monorepo will have the following structure:
my-monorepo/
├── apps/
│ ├── web/ # Next.js web application
│ └── worker/ # Node.js worker application
├── packages/
│ ├── db/ # Shared database package (Prisma)
│ ├── docker-dev/ # Docker Compose configuration for development
│ ├── queue/ # Shared queue package (BullMQ)
│ ├── eslint-config/ # Shared ESLint configuration
│ └── typescript-config/ # Shared TypeScript configuration
├── package.json
├── pnpm-workspace.yaml
└── turbo.json
Once your project is set up, you can use the following commands:
pnpm dev
: Start the development environmentpnpm db:init
: Initialize the databaseOther commands available:
pnpm build
: Build all packages and appspnpm lint
: Run ESLint for all packages and appspnpm format
: Format all files using Prettierpnpm test
: Run tests for all packages and appsContributions are welcome! Please feel free to submit a Pull Request.
This project was created by Kevin Wade (YouTube, X/Twitter, GitHub).
This project is licensed under the MIT License.
FAQs
CLI to bootstrap and manage pnpm/turborepo monorepos
The npm package create-k4 receives a total of 3 weekly downloads. As such, create-k4 popularity was classified as not popular.
We found that create-k4 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.