Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
find-yarn-workspace-root
Advanced tools
Package description
The find-yarn-workspace-root npm package is a utility that helps to find the root of a Yarn workspace. It traverses the directory tree up from a given directory until it finds a package.json file with a 'workspaces' field, indicating the root of a Yarn workspace. This is particularly useful in monorepo setups where multiple packages are managed under a single version control system.
Find Yarn Workspace Root
This feature allows you to find the root directory of a Yarn workspace by providing the current directory. It will return the path to the workspace root or null if it's not inside a Yarn workspace.
const findYarnWorkspaceRoot = require('find-yarn-workspace-root');
const workspaceRoot = findYarnWorkspaceRoot(__dirname);
The pkg-dir package is similar in that it finds the root directory of a Node.js project or npm package by locating the package.json file. However, it does not specifically look for Yarn workspace roots and is more general-purpose.
find-root is another package that finds the root of a project by searching for a specific file (by default package.json) in the current directory or any parent directory. It's similar to find-yarn-workspace-root but does not specifically target Yarn workspaces.
find-package-json is a package that iterates over the filesystem to find all the package.json files. It can be used to find the nearest package.json file, but unlike find-yarn-workspace-root, it does not provide specific functionality for identifying Yarn workspace roots.
Changelog
Readme
Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com
yarn add find-yarn-workspace-root
const findWorkspaceRoot = require('find-yarn-workspace-root');
const workspaceRoot = findWorkspaceRoot(__dirname); // Absolute path or null
Contributions are welcome! Just clone this repository and install the dependencies:
git clone https://github.com/square/find-yarn-workspace-root.git
cd find-yarn-workspace-root
yarn
Note that you'll need node
and yarn
installed. Next, verify the tests all pass:
yarn test
Then create a branch for your bugfix/feature, make changes and update the tests, and submit a pull request. Please do not change the version in package.json
when submitting a pull request. We determine the next version automatically based on the commits since the last release.
NOTE: Commit messages follow the Angular commit message guidelines.
To trigger a release, bump the version using standard-version
:
To update the CHANGELOG, bump the version in package.json
, and create a git tag, run:
$(yarn bin)/standard-version
git push && git push --tags
npm publish
Copyright 2017 Square, Inc.
FAQs
Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com
The npm package find-yarn-workspace-root receives a total of 2,471,364 weekly downloads. As such, find-yarn-workspace-root popularity was classified as popular.
We found that find-yarn-workspace-root demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.