Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
A package parser that can resolve self and dependencies, supporting spm, component.
A package parser that can resolve self and dependencies, supporting spm / component.
$ npm install father -g
// using SpmPackage
var Package = require('father').SpmPackage;
var pkg = new Package('path/to/package')
console.log(pkg.name);
console.log(pkg.version);
console.log(pkg.main);
console.log(pkg.dependencies); // return a object contains dependencies
console.log(pkg.get('each')); // return a package named each
// using ComponentPackage
var Package = require('father').ComponentPackage;
The properties of Package instance
Unique id for each package
= {pkg.name}@{pkg.version}
require
Package's name
require
Package's version
Entry point of the package, default is index.js
Package's dependencies, each one will return a Package instance
All used files will exist in pkg.files, it will be parsed from pkg.main. Each file contains dependent files (no deep dependencies).
Example below
{
files: {
'index.js': {
dependencies: ['each', './feature']
}
}
}
The base directory of the package
The origin package info
Export files when build
Get a package of id
Set a package
Get all dependent packages
The options when instantiation
new Package('path/to/package', options);
Config an extension as key, when that extension is found, value will be added to deps
new Package('path/to/package', {
extraDeps: {
'handlebars': 'handlebars'
}
});
If one file require('./xx.handlebars')
, handlebars will be added to the dependencies ['./xx.handlebars', 'handlebars']
Generally, files will be parsed from pkg.main, no dependent file will not be included. entry
will be another entry point.
Files
// a.js <- pkg.main
console.log('no require');
// b.js
require('./c');
// c.js
console.log('no require');
Code
new Package('path/to/package', {
entry: ['b.js']
});
Return
// without entry
{
...
files: {
'a.js': []
}
}
// with entry
{
...
files: {
'a.js': [],
'b.js': ['./c'],
'c.js': []
}
}
// a.js
require('b')
If you don't want to parse package b, you can specify ignore. And it won't parse the dependencies of b.
new Package('path/to/package', {
ignore: ['b']
});
If you want to use it for your package, you can extend Package and override readPackage.
var Package = require('father').Package;
var Custom = Package.extend({
readPackage: function() {
// 1. read config file, E.g. component.json
// 2. return a package contains id, name, version, dependencies, main, dest, files, origin
// 3. dependencies should contain id, name, version, dest
};
})
Example for returned object by readPackage
{
id: 'a',
name: 'a'
version: '1.0.0',
main: 'index.js',
dest: '/home/user/a',
dependencies: {
b: {
id: 'b@1.1.0',
name: 'b',
version: '1.1.0',
dest: '/home/user/a/components/b'
}
}
}
Copyright (c) 2014 popomore. Licensed under the MIT license.
FAQs
A bundless/bundle build tool
The npm package father receives a total of 2,061 weekly downloads. As such, father popularity was classified as popular.
We found that father demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.