Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
firebase-tools-with-isolate
Advanced tools
Command-Line Interface for Firebase with monorepo support
This is a fork of the firebase-tools which integrates isolate-package as part of the functions deploy
command in order to support monorepo setups.
Alternatively, you can manually configure isolate
as part of the predeploy
step of your configuration, but having the process integrated and only running as part of the deploy command is essential if you want to have live code updates when running the Firebase emulators locally during development with a watch task.
I suspect it will take some time before the Firebase team would agree to make isolate an integral part of the toolchain and that is why I have published this fork to be available on NPM.
The fork is pretty much identical, and the integration with isolate-package does not affect any existing functionality, so I do not think there is a reason to worry about things breaking. I will sync the fork with the upstream firebase-tools on a regular basis. The fork versions will match the firebase-tools versions for clarity.
It is probably best to install this as a local dependency on whatever package you want to deploy to Firebase, as opposed to using a global install. This way the forked binary does not interfere with the original one on your system, and you can easily use the fork on one project will still using the original one on others.
npm install firebase-tools-with-isolate --save-dev
Personally I would advise you to try PNPM for monorepo setups.
pnpm add firebase-tools-with-isolate -D
At the moment, isolate-package
only supports generating isolated lockfiles for PNPM and NPM, but if you depend on Yarn you can always choose to deploy to Firebase without a lockfile, similar to other workarounds people have been using.
!! Do not forget to remove/uninstall the original
firebase-tools
package from your repository if you have it installed as a local dependency on your project, because otherwise that binary might get precedence over the forked one, andnpx firebase deploy
will execute the wrong one.
Installing the fork locally provides you with the same firebase
command but in order to execute a command on the command line you prefix it with npx
like npx firebase deploy
.
If you are using the commands as part of a package.json script, npx
is not required, because scripts already prefer locally installed binaries when available.
You have to opt-in to the functions isolate process by setting functions.isolate: true
in your firebase.json
. For example:
{
"functions": {
"source": ".",
"runtime": "nodejs20",
"predeploy": ["turbo build"],
"isolate": true
}
}
If you like to see a complete example of a monorepo setup with Typescript and multiple Firebase service deployments check out mono-ts
For all other documentation see the original firebase tools
FAQs
Command-Line Interface for Firebase with monorepo support
The npm package firebase-tools-with-isolate receives a total of 569 weekly downloads. As such, firebase-tools-with-isolate popularity was classified as not popular.
We found that firebase-tools-with-isolate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.